This site uses cookies to improve your experience. To help us insure we adhere to various privacy regulations, please select your country/region of residence. If you do not select a country, we will assume you are from the United States. Select your Cookie Settings or view our Privacy Policy and Terms of Use.
Cookie Settings
Cookies and similar technologies are used on this website for proper function of the website, for tracking performance analytics and for marketing purposes. We and some of our third-party providers may use cookie data for various purposes. Please review the cookie settings below and choose your preference.
Used for the proper function of the website
Used for monitoring website traffic and interactions
Cookie Settings
Cookies and similar technologies are used on this website for proper function of the website, for tracking performance analytics and for marketing purposes. We and some of our third-party providers may use cookie data for various purposes. Please review the cookie settings below and choose your preference.
Strictly Necessary: Used for the proper function of the website
Performance/Analytics: Used for monitoring website traffic and interactions
Would your average Internet user be any more vigilant against phishing scams if he or she faced the real possibility of losing their job after falling for one too many of these emails? Recently, I met someone at a conference who said his employer had in fact terminated employees for such repeated infractions. As this was the first time I’d ever heard of an organization actually doing this, I asked some phishing experts what they thought (spoiler alert: they’re not fans of this partic
The term "fake news" has lost much of its meaning, but it describes a real and dangerous Internet trend. Because it's hard for many people to differentiate a real news site from a fraudulent one, they can be hoodwinked by fictitious news stories pretending to be real. The result is that otherwise reasonable people believe lies. The trends fostering fake news are more general, though, and we need to start thinking about how it could affect different areas of our lives.
I'm a day and a half behind with this week's update again - sorry! Thursday and Friday were solid with training in Melbourne so I recorded Saturday and am pushing this out in the early hours of Sunday before going wakeboarding - is that work / life balance? But there's been a hell of a lot going on, particularly around HIBP and I'll be talking a lot more about that in the weeks to come.
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
New York regulators are investigating a weakness that exposed 885 million mortgage records at First American Financial Corp. [NYSE:FAF] as the first test of the state’s strict new cybersecurity regulation. That measure, which went into effect in March 2019 and is considered among the toughest in the nation, requires financial companies to regularly audit and report on how they protect sensitive data, and provides for fines in cases where violations were reckless or willful.
The International Committee of the Red Cross has just published a report: " The Potential Human Cost of Cyber-Operations." It's the result of an "ICRC Expert Meeting" from last year, but was published this week. Here's a shorter blog post if you don't want to read the whole thing. And [link] by one of the authors.
Another week, another conference. This time, Scott and I have just wrapped up the AusCERT event which is my local home town conference (I can literally see my house from Scott's balcony). We're talking about the event, upcoming ones, Scott's Hack Yourself First UK tour, some funky default values in EV certs and then we head off down a rabbit hole of 2FA and people getting fired for failing simulated phishing tests.
Another week, another conference. This time, Scott and I have just wrapped up the AusCERT event which is my local home town conference (I can literally see my house from Scott's balcony). We're talking about the event, upcoming ones, Scott's Hack Yourself First UK tour, some funky default values in EV certs and then we head off down a rabbit hole of 2FA and people getting fired for failing simulated phishing tests.
First American Financial Corp. left hundreds of millions of sensitive financial documents unprotected on its website dating back as far as 2003. The security hole, discovered by Washington real estate developer Ben Shoval and reported by security expert Brian Krebs, allowed anyone with a web browser full access to digitized records related to mortgage deals.
Canadian government regulators are using the country’s powerful new anti-spam law to pursue hefty fines of up to a million dollars against Canadian citizens suspected of helping to spread malicious software. In March 2019, the Canadian Radio-television and Telecommunications Commission (CRTC) — Canada’s equivalent of the U.S. Federal Communications Commission (FCC), executed a search warrant in tandem with the Royal Canadian Mounted Police (RCMP) at the home of a Toronto softwa
Krebs on Security is reporting a massive data leak by the real estate title insurance company First American Financial Corp. "The title insurance agency collects all kinds of documents from both the buyer and seller, including Social Security numbers, drivers licenses, account statements, and even internal corporate documents if you're a small business.
There’s a fascinating paper, “ Tuning Out Security Warnings: A Longitudinal Examination Of Habituation Through Fmri, Eye Tracking, And Field Experiments.” (It came out about a year ago.). The researchers examined what happens in people’s brains when they look at warnings, and they found that: Research in the fields of information systems and human-computer interaction has shown that habituation—decreased response to repeated stimulation—is a serious threat to the effectiv
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Really interesting talk by former Facebook CISO Alex Stamos about the problems inherent in content moderation by social media platforms. Well worth watching.
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
As I noted in my last blog post , containers, which are now pervasive in enterprises, are ephemeral, and microservices frameworks like Kubernetes treat them as such. Data security is a complex subject, and, unfortunately, microservices only add to the complexity. I frequently try to untangle the threads of knotty issues by asking questions. So, in this and my next few blogs, I will share some questions you might want to ask as you go about securing your data in a microservices environment.
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
As cyber attacks on municipalities mount, is it time to start treating them like the manmade disasters they are? The post Do Cities deserve Federal Disaster Aid after Cyber Attacks? appeared first on The Security Ledger. Related Stories Chinese APT Group, Used Stolen NSA Hacking Tools Before Shadow Brokers DHS Warns That Drones Made in China Could Steal U.S.
Data from the last half year shows devices worldwide infected with the self-propagating ransomware, putting organizations with poor patching initiatives at risk.
A lack of security training for interns, and their obsession with sharing content on social media, could lead to a perfect storm for hackers looking to collect social engineering data.
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Still CVE-2019-0708 – BlueKeep – Wormable RDP Vulnerability The BlueKeep vulnerability, tracked as CVE-2019-0708, has been a nightmare for IT & cyber-security teams for the past 2 weeks. Last week , we extensively covered CVE-2019-0708 and there is no surprises that it is still the trending CVE for this week. Over 7.5 million devices were in danger before Microsoft released patches, although the danger remains present, as 1 million devices are vulnerable to BlueKeep, a vulnerabil
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
We organize all of the trending information in your field so you don't have to. Join 28,000+ users and stay up to date on the latest articles your peers are reading.
You know about us, now we want to get to know you!
Let's personalize your content
Let's get even more personalized
We recognize your account from another site in our network, please click 'Send Email' below to continue with verifying your account and setting a password.
270 
Let's personalize your content