Sat.Nov 25, 2017 - Fri.Dec 01, 2017

article thumbnail

Here's What I'm Telling US Congress about Data Breaches

Troy Hunt

Last week I wrote about my upcoming congressional testimony and wow - you guys are awesome! Seriously, the feedback there was absolutely sensational and it's helped shape what I'll be saying to the US Congress, including lifting specific wording and phrases provided by some of you. Thank you! As I explained in that first blog post, I'm required to submit a written testimony 48 hours in advance of the event.

article thumbnail

Needless Panic Over a Wi-FI Network Name

Schneier on Security

A Turkish Airlines flight made an emergency landing because someone named his wireless network (presumably from his smartphone) "bomb on board.". In 2006, I wrote an essay titled " Refuse to be Terrorized." (I am also reminded of my 2007 essay, " The War on the Unexpected." A decade later, it seems that the frequency of incidents like the one above is less, although not zero.

Wireless 201
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Here's the NSA Agent Who Inexplicably Exposed Critical Secrets

WIRED Threat Level

The Justice Department has struck a plea deal with Nghia Hoang Pho, a programmer in the NSA's elite operations unit, for taking his highly classified work home with him.

111
111
article thumbnail

New Report: Discovering Consumer Attitudes Toward Connected Car Security

Thales Cloud Protection & Licensing

At Thales eSecurity we are always eager to obtain data on how the world perceives threats to personal data, because it has the potential to inform us on how to make our everyday lives more safe and secure. Together with an independent firm, we recently conducted a survey of 1,000 consumers across the U.S. and UK and found that ownership of internet-connected cars is on the rise.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Weekly Update 63 (US Congress Edition)

Troy Hunt

Last week, I was sitting next to a croc-infested river in the middle of nowhere (relatively speaking). This week, I'm in front of the United States Capital having just spoken to the very people who create the laws that govern not just the US but let's face it, have a significant impact on the rest of the world. Today was just one of those moments that make you go. whoa.

article thumbnail

Man-in-the-Middle Attack against Electronic Car-Door Openers

Schneier on Security

This is an interesting tactic, and there's a video of it being used: The theft took just one minute and the Mercedes car, stolen from the Elmdon area of Solihull on 24 September, has not been recovered. In the footage, one of the men can be seen waving a box in front of the victim's house. The device receives a signal from the key inside and transmits it to the second box next to the car.

185
185

More Trending

article thumbnail

Putting VMware’s Cloud Certification Platform to the Test with Thales’s Vormetric Data Security Manager

Thales Cloud Protection & Licensing

Certifying the full compatibility of the Thales Vormetric Data Security Manager (DSM) with the VMware platform was a critical element in ensuring our mutual customers’ satisfaction. Traditionally, this certification has been a cumbersome, and sometimes expensive task, requiring equipment, time and resources. Now, with the rollout of VMware’s Cloud Certification Platform, those times are over.

article thumbnail

Cloud Insecurity: Tens of Thousands of Full Credit Histories Exposed in Amazon S3 Bucket

eSecurity Planet

The data is unusually sensitive, including full credit card and bank account numbers as well as images of Social Security cards and driver's licenses.

Banking 78
article thumbnail

Warrant Protections against Police Searches of Our Data

Schneier on Security

The cell phones we carry with us constantly are the most perfect surveillance device ever invented, and our laws haven't caught up to that reality. That might change soon. This week, the Supreme Court will hear a case with profound implications on your security and privacy in the coming years. The Fourth Amendment's prohibition of unlawful search and seizure is a vital right that protects us all from police overreach, and the way the courts interpret it is increasingly nonsensical in our compute

Internet 176
article thumbnail

North Korea's Latest Missile Test Was Even Scarier Than It Seemed

WIRED Threat Level

Further analysis of North Korea's latest ICBM launch shows that the country can likely land a nuclear weapon anywhere in the continental United States.

111
111
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

PCI DSS compliance: a range of encryption approaches available to secure your data

Thales Cloud Protection & Licensing

In the month of October, I wrote about reducing scope for PCI DSS. In this blog, I take it a step further with a discussion about the options available for securing data. Not all types of encryption give you the coverage and flexibility you need. There’s no one-size-fits-all solution for protecting account data; every organization is different, faces different threats and has different security objectives that (ideally) go beyond PCI DSS compliance.

article thumbnail

Critical Apple Login Bug Puts macOS High Sierra Systems at Risk

Threatpost

A major bug in Apple’s macOS High Sierra gives anyone with physical access to a system running the latest version of the OS root access simply by putting "root" in the user name field.

Risk 55
article thumbnail

Uber Data Hack

Schneier on Security

Uber was hacked, losing data on 57 million driver and rider accounts. The company kept it quiet for over a year. The details are particularly damning : The two hackers stole data about the company's riders and drivers ­-- including phone numbers, email addresses and names -- from a third-party server and then approached Uber and demanded $100,000 to delete their copy of the data, the employees said.

Hacking 173
article thumbnail

Supreme Court Must Understand That Cell Phones Aren’t Voluntary

WIRED Threat Level

Opinion: The US argues that police can access cell phone records freely because customers volunteer that data. But cell phones are no longer optional.

111
111
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Lawsuits Pile Up on Uber

Dark Reading

Washington AG files multimillion-dollar consumer protection lawsuit; multiple states also confirm they are investigating the Uber breach, which means more lawsuits may follow.

article thumbnail

Cisco Patches Critical Playback Bugs in WebEx Players

Threatpost

A Cisco Systems security advisory is urges users of its WebEx platform to patch six vulnerabilities that could allow attackers to execute remote code.

58
article thumbnail

NSA "Red Disk" Data Leak

Schneier on Security

ZDNet is reporting about another data leak, this one from US Army's Intelligence and Security Command (INSCOM), which is also within to the NSA. The disk image, when unpacked and loaded, is a snapshot of a hard drive dating back to May 2013 from a Linux-based server that forms part of a cloud-based intelligence sharing system, known as Red Disk. The project, developed by INSCOM's Futures Directorate, was slated to complement the Army's so-called distributed common ground system (DCGS), a legacy

article thumbnail

How Bots Broke the FCC's Public Comment System During the Net Neutrality Debate

WIRED Threat Level

The FCC's net neutrality public comment period was overrun with bots, making it all but impossible for any one voice to be heard. That's not how this is supposed to work.

102
102
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

First US Federal CISO Shares Security Lessons Learned

Dark Reading

Greg Touhill's advice for security leaders includes knowing the value of information, hardening their workforce, and prioritizing security by design.

CISO 55
article thumbnail

Average Organization Faced 8 DDoS Attacks a Day in Q3 2017

eSecurity Planet

That's a 35 percent increase over the previous quarter.

DDOS 96
article thumbnail

Blog Post: Saudi Vision 2030

Schneier on Security

By David Gurteen I've just spent a few days in Riyadh where I gave a talk and run a Knowledge Café as part of a KM Forum entitled "Knowledge Management Utilization in Realizing Saudi Vision 2030" organized by the Naseej Academy. Saudi Vision 2030 is a plan to reduce Saudi Arabia's dependence on oil, diversify its economy, and develop public service sectors such as health, education, infrastructure, recreation, and tourism.

Education 101
article thumbnail

Apple MacOS High Sierra Security Flaw Lets Anyone Get Root Access, No Password Required

WIRED Threat Level

A Turkish company found a glaring flaw in Apple's desktop operating system that gives anyone deep access, no password required.

Passwords 112
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

The Looming War of Good AI vs. Bad AI

Dark Reading

The rise of artificial intelligence, machine learning, hivenets, and next-generation morphic malware is leading to an arms race that enterprises must prepare for now.

article thumbnail

Leaky AWS Storage Bucket Spills Military Secrets, Again

Threatpost

For the second time in ten days, researchers at UpGuard released sensitive data belonging to the United States Defense Department that was stored insecurely online.

article thumbnail

Amazon Wants to Secure Things from the Cloud with IoT Device Defender

eSecurity Planet

Amazon doesn't want a repeat of the Mirai botnet, so it has launched a new service to help monitor and protect against IoT device risks.

IoT 55
article thumbnail

The US Should Modernize Election Systems to Prevent Hacking

WIRED Threat Level

Opinion: Two senators from opposing parties argue that voting machines should be considered critical infrastructure, and funded accordingly.

Hacking 107
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Suspect in Yahoo Breach Case Pleads Guilty

Dark Reading

Karim Baratov admits he worked on behalf of Russia's FSB.

83
article thumbnail

RAT Distributed Via Google Drive Targets East Asia

Threatpost

Researchers say a new remote access Trojan dubbed UBoatRAT is targeting individuals or organizations linked to South Korea or video games industry.

article thumbnail

Spin.AI Releases Google Workspace Security Policies

Spinone

Organizations moving to the public cloud are faced with serious challenges to security and security related processes. Generally speaking, organizations maintaining on-premise infrastructure have total control over security and policies related to securing access to data, data loss prevention, and data security. When moving to the public cloud however, how can organizations provide this same, […] The post Spin.AI Releases Google Workspace Security Policies first appeared on SpinOne.

40
article thumbnail

The FCC's Net Neutrality Comments Included Millions of Fake Emails and More

WIRED Threat Level

A new analysis of the FCC's net neutrality comment period shows millions of fake or duplicate email addresses and other alarming absurdities.

97
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!