This site uses cookies to improve your experience. To help us insure we adhere to various privacy regulations, please select your country/region of residence. If you do not select a country, we will assume you are from the United States. Select your Cookie Settings or view our Privacy Policy and Terms of Use.
Cookie Settings
Cookies and similar technologies are used on this website for proper function of the website, for tracking performance analytics and for marketing purposes. We and some of our third-party providers may use cookie data for various purposes. Please review the cookie settings below and choose your preference.
Used for the proper function of the website
Used for monitoring website traffic and interactions
Cookie Settings
Cookies and similar technologies are used on this website for proper function of the website, for tracking performance analytics and for marketing purposes. We and some of our third-party providers may use cookie data for various purposes. Please review the cookie settings below and choose your preference.
Strictly Necessary: Used for the proper function of the website
Performance/Analytics: Used for monitoring website traffic and interactions
Many people will land on this page after learning that their email address has appeared in a data breach I've called "Collection #1". Most of them won't have a tech background or be familiar with the concept of credential stuffing so I'm going to write this post for the masses and link out to more detailed material for those who want to go deeper. Let's start with the raw numbers because that's the headline, then I'll drill down into where it's from and what it's composed of.
My inbox and Twitter messages positively lit up today with people forwarding stories from Wired and other publications about a supposedly new trove of nearly 773 million unique email addresses and 21 million unique passwords that were posted to a hacking forum. A story in The Guardian breathlessly dubbed it “the largest collection ever of breached data found.” But in an interview with the apparent seller, KrebsOnSecurity learned that it is not even close to the largest gathering of s
Companies are willing to pay ever-increasing amounts for good zero-day exploits against hard-to-break computers and applications: On Monday, market-leading exploit broker Zerodium said it would pay up to $2 million for zero-click jailbreaks of Apple's iOS, $1.5 million for one-click iOS jailbreaks, and $1 million for exploits that take over secure messaging apps WhatsApp and iMessage.
U.S. citizens are more vulnerable to the effects of identity theft and scams as a result of the ongoing government shutdown. The two primary websites created by the government as resources for victims of identity theft, IdentityTheft.gov and FTC.gov/complaint , are currently offline as part of the partial shutdown of the Federal Trade Commission. This effectively leaves victims unable to file reports or get documentation of their stolen identities, which is typically a first step for mitigating
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
And then there was the biggest data breach to go into HIBP ever! I wrote that sentence from home just after publishing all the data, then I got on a plane. Holy cow that's a lot of emails! Hundreds upon hundreds of emails came in whilst on the way to Dubai, more than I'll ever be able to respond to. Plus, I'm actually trying to have some downtime with my son on this trip particularly over the next few days so a bunch of stuff is going to have to go unanswered or at best, delayed.
Seldom do people responsible for launching crippling cyberattacks face justice, but increasingly courts around the world are making examples of the few who do get busted for such crimes. On Friday, a 34-year-old Connecticut man received a whopping 10-year prison sentence for carrying out distributed denial-of-service (DDoS) attacks against a number of hospitals in 2014.
I recently read two different essays that make the point that while Internet security is terrible, it really doesn't affect people enough to make it an issue. This is true, and is something I worry will change in a world of physically capable computers. Automation, autonomy, and physical agency will make computer security a matter of life and death, and not just a matter of data.
I recently read two different essays that make the point that while Internet security is terrible, it really doesn't affect people enough to make it an issue. This is true, and is something I worry will change in a world of physically capable computers. Automation, autonomy, and physical agency will make computer security a matter of life and death, and not just a matter of data.
A gigantic trove of email addresses and passwords containing over 2 billion records has been discovered online. The breached data, dubbed “Collection #1” by cybersecurity expert Troy Hunt , is more than 87 gigabytes and contains roughly 773 million email address and 21 million unique passwords. Hunt found an archive of the data on MEGA, a file-sharing site and has been featured on at least one hacking forum.
The disclosure that malicious intruders hacked the computer systems of the South Korean government agency that oversees weapons and munitions acquisitions for the country’s military forces is not much of a surprise. The breach of some 30 computers of South Korea’s Defense Acquisition Program Administration (DAPA), which is part of the Ministry of National Defense, reportedly occurred last October.
Opinion: The 2009 vs. 2019 profile picture trend may or may not have been a data collection ruse to train its facial recognition algorithm. But we can't afford to blithely play along.
This is a current list of where and when I am scheduled to speak: I'm speaking at A New Initiative for Poland in Warsaw, January 16-17, 2019. I'm speaking at the Munich Cyber Security Conference (MCSC) on February 14, 2019. The list is maintained on this page.
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
AT&T and T-Mobile announced that in March 2019 they would stop selling user location data to third parties. The announcements came on the heels of a Motherboard article that reported on the ability to track individual cellular phones via “location aggregator” companies with access to mobile customer information. Cellular location data was sold as a customer-friendly feature that could streamline things like roadside assistance and fraud prevention.
Malicious intruders have long recognized that getting their hands on privileged credentials equates to possessing the keys to the kingdom. This is because privileged accounts are widely deployed all across modern business networks — on-premises, in the cloud, across DevOps environments and on endpoints. Related: California enacts pioneering privacy law.
Experts at Malwarebytes have reported that the code for the recently discovered Flash zero-day flaw was added to the Fallout Exploit kit. Experts at Malwarebytes observed a new version of the Fallout Exploit kit that include the code to exploit a recently discovered Flash zero-day vulnerability. The Fallout Exploit kit was discovered at the end of August by the threat analyst nao_sec , at the time it was used to distribute the GandCrab ransomware and other malicious codes, including droppers and
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
A massive leak of unprotected data on a server belonging to the Oklahoma Securities Commission was discovered in December 2018. Three terabytes of data were leaked, including evidence from hundreds of FBI investigations. Details in the material gone walkabout included financial transactions, emails relating to cases as well as letters from witnesses.
Kubernetes is one of many key enabling technologies of digital transformation that has tended to remain obscure to non-technical company decision makers. Related podcast: Securing software containers. Kubernetes is an administration console — an open source project from Google that makes containerized software applications easy to deploy, scale, and manage.
Rapid7 announced the release of Metasploit 5.0, the latest version of the popular penetration testing framework that promises to be very easy to use. Rapid7 announced the release of Metasploit 5.0 , the new version includes several new important features and, the company believes it will easier to use and more powerful. Most important changes introduced in the Metasploit 5.0 include new database and automation APIs, evasion modules and libraries, language support, improved performance.
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Modern encryption can trace its root back to before WWII when Alan Turing built a modern computer in order to break the Enigma. Much has changed since then but the core goals remain the same: limit who has access to certain information and prove the authenticity of who sent a message. 25 years of evolution and coming into the mainstream. The last 25 years has primarily been evolutionary with advances in symmetric and asymmetric cryptography focused on increasing key sizes and developing newer an
Z-WASP attack: Phishers are using a recently fixed flaw in Office 365 that allows them to bypass protections using zero-width spaces and deliver malicious messages to recipients. Microsoft recently fixed a vulnerability in Office 365 that was exploited by attackers to bypass existing phishing protections and deliver malicious messages to victims’ inboxes.
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
It was recently announced that GCHQ has created a new competition for girls aged 12 – 13 in codebreaking, in a bid to create the next generation of female cybersecurity professionals. This initiative, CyberFirst Girls Competition, kicks off on January 21 and offers female students an opportunity to learn about cybersecurity and practice skills in a simulated real-world environment.
Proofpoint analyzed two strains of malware tracked as ServHelper and FlawedGrace distributed through phishing campaigns by the TA505 crime gang. Security researchers at Proofpoint researchers discovered two strains of malware tracked as ServHelper and FlawedGrace distributed through phishing campaigns by the TA505 crime gang. The ServHelper is a backdoor, experts analyzed two variants of it, while FlawedGrace is a remote access trojan (RAT). “In November 2018, TA505 , a prolific actor tha
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
G Suite administrators with organizations today are looking at how they can most efficiently carry out IT operations, including delivering of services to end users. Most are looking at cloud-based solutions to deliver on current IT infrastructure and service demands. This is not limited to corporate environments but also includes today’s educational institutions.
The American hacktivist Martin Gottesfeld (34) has been sentenced to 10 years in prison for carrying out DDoS attacks against two healthcare organizations in the US in 2014. The alleged Anonymous member, Martin Gottesfeld, was accused of launching DDoS attacks against the two US healthcare organizations in 2014, the Boston Children’s Hospital and the Wayside Youth and Family Support Network.
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
We organize all of the trending information in your field so you don't have to. Join 28,000+ users and stay up to date on the latest articles your peers are reading.
You know about us, now we want to get to know you!
Let's personalize your content
Let's get even more personalized
We recognize your account from another site in our network, please click 'Send Email' below to continue with verifying your account and setting a password.
280 
Let's personalize your content