Sat.Jan 27, 2018 - Fri.Feb 02, 2018

article thumbnail

Estimating the Cost of Internet Insecurity

Schneier on Security

It's really hard to estimate the cost of an insecure Internet. Studies are all over the map. A methodical study by RAND is the best work I've seen at trying to put a number on this. The results are, well, all over the map: " Estimating the Global Cost of Cyber Risk: Methodology and Examples ": Abstract : There is marked variability from study to study in the estimated direct and systemic costs of cyber incidents, which is further complicated by the considerable variation in cyber risk in differe

Internet 188
article thumbnail

I'm Teaming Up with Scott Helme to Run "Hack Yourself First" Workshops in Europe

Troy Hunt

This is probably the most self-explanatory blog post title I've ever written! But be that as it may, it deserves some explanation as to how I've arrived at this point and like many great ideas, it began over some beers. I've just arrived home to the Gold Coast in Australia which I frequently describe to people as "the sunny part of the sunny country" I'm literally sitting on a beach writing this blog post and frankly, I'd like to spend more time here.

Hacking 169
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Securing Data in the Digital Transformation Era

Thales Cloud Protection & Licensing

Data breaches are the new normal. According to our 2018 Global Data Threat Report , 67% of enterprises have been breached, with that percentage rate growing every year. Regardless of the security measures and efforts put in place, organizations need to act as if a successful cyberattack is not a question of “if” but “when.”. As organizations continue to embrace digital transformation, greater amounts of sensitive data is created, stored and transferred in digital form putting more data at risk.

article thumbnail

If Robert Mueller Is Fired, the Russia Probe Could Continue

WIRED Threat Level

The special counsel is under attack, but if Robert Mueller gets fired, the investigation into Trump’s Russia ties and obstruction of justice could keep going.

112
112
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Israeli Scientists Accidentally Reveal Classified Information

Schneier on Security

According to this story (non-paywall English version here ), Israeli scientists released some information to the public they shouldn't have. Defense establishment officials are now trying to erase any trace of the secret information from the web, but they have run into difficulties because the information was copied and is found on a number of platforms.

Internet 180
article thumbnail

Weekly Update 71 (Denmark Edition)

Troy Hunt

I'm in Denmark! Well I'm just in Denmark, I'm about to head out the hotel door and into 30 hours of travel which isn't exactly fun, but that's the nature of living on the other side of the world to pretty much everything. This week's update is a little late as my Friday was absolutely non-stop in Denmark. I talk about that below including the preceding days involving some pretty full on sledding in Norway, workshops, talks, ice, slush and snow.

InfoSec 118

More Trending

article thumbnail

'Jackpotting' ATM Hack Comes to the United States

WIRED Threat Level

The "jackpotting" ATM attack drained tens of millions of dollars worldwide before landing in the United States.

Hacking 111
article thumbnail

Locating Secret Military Bases via Fitness Data

Schneier on Security

In November, the company Strava released an anonymous data-visualization map showing all the fitness activity by everyone using the app. Over this weekend, someone realized that it could be used to locate secret military bases: just look for repeated fitness activity in the middle of nowhere. News article.

177
177
article thumbnail

My Blog Now Has a Content Security Policy - Here's How I've Done It

Troy Hunt

I've long been a proponent of Content Security Policies (CSPs). I've used them to fix mixed content warnings on this blog after Disqus made a little mistake , you'll see one adorning Have I Been Pwned (HIBP) and I even wrote a dedicated Pluralsight course on browser security headers. I'm a fan (which is why I also recently joined Report URI ), and if you're running a website, you should be too.

116
116
article thumbnail

IoT Botnets by the Numbers

Dark Reading

IoT devices are a botherder's dream attack-vector.

IoT 72
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Strava Data Heat Maps Expose Military Base Locations Around the World

WIRED Threat Level

The US military is reexamining security policies after fitness tracker data shared on social media revealed bases and patrol routes.

Media 111
article thumbnail

Signed Malware

Schneier on Security

Stuxnet famously used legitimate digital certificates to sign its malware. A research paper from last year found that the practice is much more common than previously thought. Now, researchers have presented proof that digitally signed malware is much more common than previously believed. What's more, it predated Stuxnet, with the first known instance occurring in 2003.

Malware 166
article thumbnail

Weekly Update 72

Troy Hunt

I'm home! It's nice being home ??. This week I start by getting a couple of things off my chest, namely some pretty wacky reactions to my suggesting that we're never going to see a coders' hippocratic oath and how I feel when media outlets say "the dark web" Plus, I've got news around running workshops in Europe with Scott Helme and me finally getting a content security policy on this blog.

Media 109
article thumbnail

Ploutus.D Malware Variant Used in U.S.-based ATM Jackpotting Attacks

Threatpost

ATM maker NCR Corp. is warning that cyber criminals are hacking U.S. cash machines with malware that can drain machines dry of cash.

Malware 68
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

The Devin Nunes Memo: Reading Between the Lines

WIRED Threat Level

The Devin Nunes memo that purports to show improper surveillance practices is out—and national security experts say it falls far short of the hype.

article thumbnail

Subway Elevators and Movie-Plot Threats

Schneier on Security

Local residents are opposing adding an elevator to a subway station because terrorists might use it to detonate a bomb. No, really. There's no actual threat analysis, only fear: "The idea that people can then ride in on the subway with a bomb or whatever and come straight up in an elevator is awful to me," said Claudia Ward, who lives in 15 Broad Street and was among a group of neighbors who denounced the plan at a recent meeting of the local community board.

153
153
article thumbnail

Phishing Campaign Underscores Threat from Low Budget, Low Skilled Attackers

Dark Reading

For just over $1,000, a phishing operation successfully spied on members of the Tibetan community for 19 months, Toronto University's Citizen Lab found.

article thumbnail

DEFCON 658 – what you need to know

Thales Cloud Protection & Licensing

The UK Ministry of Defence’s (MoD) DEFCON 658 aims to protect the defence supply chain from cyber threats. Impacting directly the MoD’s suppliers – or indeed would-be suppliers – it applies to any contract containing sensitive departmental information. As of April 2017, its introduction has ratcheted up pressure on those suppliers wishing to partake in lucrative government contracts, thus ensuring that any cyber risks are handled and mitigated appropriately.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Cryptocurrency Scams Like Prodeum Are Just Straight-Up Trolling at This Point

WIRED Threat Level

US regulators and Facebook are finally coming for bogus ICOs.

article thumbnail

Jackpotting Attacks Against US ATMs

Schneier on Security

Brian Krebs is reporting sophisticated jackpotting attacks against US ATMs. The attacker gains physical access to the ATM, plants malware using specialized electronics, and then later returns and forces the machine to dispense all the cash it has inside. The Secret Service alert explains that the attackers typically use an endoscope -- a slender, flexible instrument traditionally used in medicine to give physicians a look inside the human body -- to locate the internal portion of the cash machin

article thumbnail

APIs Pose 'Mushrooming' Security Risk

Dark Reading

As APIs grow in prominence, top security concerns include bots and authentication.

Risk 61
article thumbnail

Fine-tuning Firewall Rules: 10 Best Practices

eSecurity Planet

Fine-tuning firewall rules is a critical and often overlooked IT security practice that can minimize network breaches while maximizing performance.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Winter Olympic Cyberattacks Have Already Started—and May Not Be Over

WIRED Threat Level

Two state-sponsored hacking operations are plaguing Pyeongchang, with murky motivations and no clear endgame.

Hacking 110
article thumbnail

Your Journey Starts Here

Kali Linux

“Whether you’re new to the fight, or a seasoned pro, don’t stop training…” This statement, like the video that introduced it, has real punch. We did this on purpose to get you fired up, excited about your training, and to kickstart your journey. If it worked, and you’re in the fight, welcome aboard! If you haven’t jumped in for whatever reason, we want to introduce you to the plethora of resources we’ve made available to help you master Kali Linux

article thumbnail

'Ransomware' Added to Oxford English Dictionary

Dark Reading

The term is one of 1,100 new entries added to the Oxford English Dictionary this week.

article thumbnail

Adobe Flash Player Zero-Day Spotted in the Wild

Threatpost

A zero-day exploit targeting Adobe Flash Players has been reported by the South Korean Computer Emergency Response Team and confirmed by Adobe.

Malware 51
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Chrome Extension Malware Has Evolved

WIRED Threat Level

While helpful and creative, Chrome extensions have also become a new playground for hackers intent on stealing your data.

Malware 109
article thumbnail

Secure Your Device From Ransomware and Malware

Spinone

Today, mobile devices, mostly tablets and smartphones, are widely expanding and becoming an integral part of our daily life. Users are increasingly storing their personal data on the devices, which they practically do not let out of their hands. It’s practical and useful, but at the same time, it gives rise to new problems. Easily accessible valuable information increases the risk of online threats.

article thumbnail

Crypto-Mining Attacks Emerge as the New Big Threat to Enterprises

Dark Reading

Attackers looking to hijack systems for illegally mining digital currencies have begun eyeing business systems, security vendors say.

59
article thumbnail

Google Booted 700,000 Bad Apps From Its Marketplace in 2017

Threatpost

In 2017 Google removed apps that violated the Google Play policies because they were malicious, purposely copied a more popular app or served up inappropriate content.

Mobile 49
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!