Schneier on Security

JANUARY 29, 2018

It's really hard to estimate the cost of an insecure Internet. Studies are all over the map. A methodical study by RAND is the best work I've seen at trying to put a number on this. The results are, well, all over the map: " Estimating the Global Cost of Cyber Risk: Methodology and Examples ": Abstract : There is marked variability from study to study in the estimated direct and systemic costs of cyber incidents, which is further complicated by the considerable variation in cyber risk in differe

Internet 174

Internet Internet Cyber Risk Risk 174

Troy Hunt

JANUARY 31, 2018

This is probably the most self-explanatory blog post title I've ever written! But be that as it may, it deserves some explanation as to how I've arrived at this point and like many great ideas, it began over some beers. I've just arrived home to the Gold Coast in Australia which I frequently describe to people as "the sunny part of the sunny country" I'm literally sitting on a beach writing this blog post and frankly, I'd like to spend more time here.

Hacking 168

Hacking Media 168

Thales Cloud Protection & Licensing

JANUARY 31, 2018

Data breaches are the new normal. According to our 2018 Global Data Threat Report , 67% of enterprises have been breached, with that percentage rate growing every year. Regardless of the security measures and efforts put in place, organizations need to act as if a successful cyberattack is not a question of “if” but “when.”. As organizations continue to embrace digital transformation, greater amounts of sensitive data is created, stored and transferred in digital form putting more data at risk.

Digital transformation 130

Digital transformation Data breaches Encryption Cloud Migration 130

WIRED Threat Level

JANUARY 31, 2018

The special counsel is under attack, but if Robert Mueller gets fired, the investigation into Trump’s Russia ties and obstruction of justice could keep going.

111

111

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Schneier on Security

JANUARY 29, 2018

In November, the company Strava released an anonymous data-visualization map showing all the fitness activity by everyone using the app. Over this weekend, someone realized that it could be used to locate secret military bases: just look for repeated fitness activity in the middle of nowhere. News article.

171

171

Troy Hunt

FEBRUARY 1, 2018

I've long been a proponent of Content Security Policies (CSPs). I've used them to fix mixed content warnings on this blog after Disqus made a little mistake , you'll see one adorning Have I Been Pwned (HIBP) and I even wrote a dedicated Pluralsight course on browser security headers. I'm a fan (which is why I also recently joined Report URI ), and if you're running a website, you should be too.

115

115

WIRED Threat Level

JANUARY 29, 2018

The US military is reexamining security policies after fitness tracker data shared on social media revealed bases and patrol routes.

Media 109

Media 109

Schneier on Security

JANUARY 31, 2018

According to this story (non-paywall English version here ), Israeli scientists released some information to the public they shouldn't have. Defense establishment officials are now trying to erase any trace of the secret information from the web, but they have run into difficulties because the information was copied and is found on a number of platforms.

Internet 167

Internet Internet 167

Troy Hunt

JANUARY 27, 2018

I'm in Denmark! Well I'm just in Denmark, I'm about to head out the hotel door and into 30 hours of travel which isn't exactly fun, but that's the nature of living on the other side of the world to pretty much everything. This week's update is a little late as my Friday was absolutely non-stop in Denmark. I talk about that below including the preceding days involving some pretty full on sledding in Norway, workshops, talks, ice, slush and snow.

InfoSec 114

InfoSec Password Management Passwords 114

eSecurity Planet

FEBRUARY 2, 2018

Fine-tuning firewall rules is a critical and often overlooked IT security practice that can minimize network breaches while maximizing performance.

Firewall 75

Firewall 75

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

WIRED Threat Level

FEBRUARY 2, 2018

The Devin Nunes memo that purports to show improper surveillance practices is out—and national security experts say it falls far short of the hype.

Surveillance 98

Surveillance 98

Schneier on Security

FEBRUARY 2, 2018

Stuxnet famously used legitimate digital certificates to sign its malware. A research paper from last year found that the practice is much more common than previously thought. Now, researchers have presented proof that digitally signed malware is much more common than previously believed. What's more, it predated Stuxnet, with the first known instance occurring in 2003.

Malware 157

Malware Antivirus Software Accountability 157

Troy Hunt

FEBRUARY 2, 2018

I'm home! It's nice being home ??. This week I start by getting a couple of things off my chest, namely some pretty wacky reactions to my suggesting that we're never going to see a coders' hippocratic oath and how I feel when media outlets say "the dark web" Plus, I've got news around running workshops in Europe with Scott Helme and me finally getting a content security policy on this blog.

Media 109

Media Hacking 109

Dark Reading

JANUARY 30, 2018

For just over $1,000, a phishing operation successfully spied on members of the Tibetan community for 19 months, Toronto University's Citizen Lab found.

Phishing 68

Phishing 68

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

WIRED Threat Level

JANUARY 31, 2018

The "jackpotting" ATM attack drained tens of millions of dollars worldwide before landing in the United States.

Hacking 107

Hacking 107

Schneier on Security

JANUARY 30, 2018

Local residents are opposing adding an elevator to a subway station because terrorists might use it to detonate a bomb. No, really. There's no actual threat analysis, only fear: "The idea that people can then ride in on the subway with a bomb or whatever and come straight up in an elevator is awful to me," said Claudia Ward, who lives in 15 Broad Street and was among a group of neighbors who denounced the plan at a recent meeting of the local community board.

145

145

Kali Linux

JANUARY 29, 2018

“Whether you’re new to the fight, or a seasoned pro, don’t stop training…” This statement, like the video that introduced it, has real punch. We did this on purpose to get you fired up, excited about your training, and to kickstart your journey. If it worked, and you’re in the fight, welcome aboard! If you haven’t jumped in for whatever reason, we want to introduce you to the plethora of resources we’ve made available to help you master Kali Linux

Penetration Testing 52

Penetration Testing Encryption Firewall Social Engineering 52

Threatpost

JANUARY 29, 2018

ATM maker NCR Corp. is warning that cyber criminals are hacking U.S. cash machines with malware that can drain machines dry of cash.

Malware 68

Malware Hacking 68

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

WIRED Threat Level

JANUARY 30, 2018

While helpful and creative, Chrome extensions have also become a new playground for hackers intent on stealing your data.

Malware 95

Malware 95

Schneier on Security

FEBRUARY 1, 2018

Brian Krebs is reporting sophisticated jackpotting attacks against US ATMs. The attacker gains physical access to the ATM, plants malware using specialized electronics, and then later returns and forces the machine to dispense all the cash it has inside. The Secret Service alert explains that the attackers typically use an endoscope -- a slender, flexible instrument traditionally used in medicine to give physicians a look inside the human body -- to locate the internal portion of the cash machin

Computers and Electronics 140

Computers and Electronics Malware 140

Dark Reading

JANUARY 31, 2018

Lazarus, believed to operate out of North Korea, and Fancy Bear, believed to operate out of Russia, were most referenced threat actor groups in last year's cyberattacks.

51

51

Threatpost

JANUARY 31, 2018

In 2017 Google removed apps that violated the Google Play policies because they were malicious, purposely copied a more popular app or served up inappropriate content.

Mobile 49

Mobile Malware 49

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

WIRED Threat Level

FEBRUARY 1, 2018

Two state-sponsored hacking operations are plaguing Pyeongchang, with murky motivations and no clear endgame.

Hacking 94

Hacking 94

Spinone

FEBRUARY 2, 2018

Today, mobile devices, mostly tablets and smartphones, are widely expanding and becoming an integral part of our daily life. Users are increasingly storing their personal data on the devices, which they practically do not let out of their hands. It’s practical and useful, but at the same time, it gives rise to new problems. Easily accessible valuable information increases the risk of online threats.

Ransomware 40

Ransomware Malware Mobile Encryption 40

Dark Reading

FEBRUARY 1, 2018

Attackers looking to hijack systems for illegally mining digital currencies have begun eyeing business systems, security vendors say.

59

59

Threatpost

FEBRUARY 1, 2018

A zero-day exploit targeting Adobe Flash Players has been reported by the South Korean Computer Emergency Response Team and confirmed by Adobe.

Malware 51

Malware Hacking 51

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

WIRED Threat Level

JANUARY 30, 2018

US regulators and Facebook are finally coming for bogus ICOs.

Cryptocurrency 99

Cryptocurrency Scams 99

Schneier on Security

FEBRUARY 2, 2018

Pretty , but contains no actual squid ingredients. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.

115

115

Dark Reading

FEBRUARY 2, 2018

The most effective data exfiltration prevention strategies are those that are as rigorous in vetting traffic entering the network as they are traffic leaving it.

Mobile 52

Mobile 52

Threatpost

JANUARY 30, 2018

Cisco Systems released a patch Monday to fix a critical security vulnerability, with a CVSS rating of 10, in its Secure Sockets Layer VPN solution called Adaptive Security Appliance.

VPN 43

VPN Firewall 43

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity