Sat.Dec 09, 2017 - Fri.Dec 15, 2017

article thumbnail

I'm Sorry You Feel This Way NatWest, but HTTPS on Your Landing Page Is Important

Troy Hunt

Occasionally, I feel like I'm just handing an organisation more shovels - "here, keep digging, I'm sure this'll work out just fine." The latest such event was with NatWest (a bank in the UK), and it culminated with this tweet from them: I'm sorry you feel this way. I can certainly pass on your concerns and feed this back to the tech team for you Troy?

Banking 275
article thumbnail

Tracking People Without GPS

Schneier on Security

Interesting research : The trick in accurately tracking a person with this method is finding out what kind of activity they're performing. Whether they're walking, driving a car, or riding in a train or airplane, it's pretty easy to figure out when you know what you're looking for. The sensors can determine how fast a person is traveling and what kind of movements they make.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

The Mirai Botnet Was Part of a College Student Minecraft Scheme

WIRED Threat Level

The DDoS attack that crippled the internet last fall wasn't the work of a nation-state. It was three college kids working a *Minecraft* hustle.

DDOS 112
article thumbnail

How Good Privacy Practices Help Protect Your Company Brand

Dark Reading

Follow these five guidelines to keep your organization's data protected.

77
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Face ID Stinks

Troy Hunt

I've been gradually coming to this conclusion of my own free will, but Phil Schiller's comments last week finally cemented it for me: Face ID stinks. I wrote about the security implementations of Face ID just after it was announced and that piece is still entirely relevant today. To date, we haven't seen practical attacks against it that should worry the masses and the one piece that suggests it's vulnerable has been pretty thoroughly debunked by Dan Goodin at Ars Technica.

167
167
article thumbnail

Security Planner

Schneier on Security

Security Planner is a custom security advice tool from Citizen Lab. Answer a few questions, and it gives you a few simple things you can do to improve your security. It's not meant to be comprehensive, but instead to give people things they can actually do to immediately improve their security. I don't see it replacing any of the good security guides out there, but instead augmenting them.

207
207

More Trending

article thumbnail

Malware Decompiler Tool Goes Open Source

Dark Reading

Avast's RetDec machine-code decompiler now available for free on Github.

Malware 77
article thumbnail

Weekly Update 65

Troy Hunt

I actually got a lot of writing done this week! Plus travelled to Sydney and then Melbourne to speak at a couple of events so that's a pretty good week IMHO. What's especially good is that there's no more flights or hotel rooms in 2017 for me! As for this week, there's a bunch of stuff around a new Pluralsight course, my dismay with Face ID and a bit of taking a UK bank to task.

Banking 116
article thumbnail

Remote Hack of a Boeing 757

Schneier on Security

Last month, the DHS announced that it was able to remotely hack a Boeing 757: "We got the airplane on Sept. 19, 2016. Two days later, I was successful in accomplishing a remote, non-cooperative, penetration," said Robert Hickey, aviation program manager within the Cyber Security Division of the DHS Science and Technology (S&T) Directorate. "[Which] means I didn't have anybody touching the airplane, I didn't have an insider threat.

Hacking 195
article thumbnail

MobileCoin: A New Cryptocurrency From Signal Creator Moxie Marlinspike

WIRED Threat Level

MobileCoin aims to make cryptocurrency transactions quick and easy for everyone, while still preserving privacy and decentralization.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Is a Good Offense the Best Defense Against Hackers?

Dark Reading

A proposed new law could make it legal for companies to hack back against attacker. But will it work?

Hacking 74
article thumbnail

New Pluralsight Play by Play: What You Need to Know About HTTPS Today

Troy Hunt

As many followers know, I run a workshop titled Hack Yourself First where I spend a couple of days with folks running through all sorts of common security issues and, of course, how to fix them. I must have run it 50 times by now so it's a pretty well-known quantity, but there's one module more than any other that changes at a fierce rate - HTTPS. I was thinking about it just now when considering how to approach this post launching the new course because let's face it, I've got a lot of material

article thumbnail

E-Mail Tracking

Schneier on Security

Good article on the history and practice of e-mail tracking: The tech is pretty simple. Tracking clients embed a line of code in the body of an email­ -- usually in a 1x1 pixel image, so tiny it's invisible, but also in elements like hyperlinks and custom fonts. When a recipient opens the email, the tracking client recognizes that pixel has been downloaded, as well as where and on what device.

article thumbnail

The Wired Guide to Digital Security, From Passwords to Faraday Cages

WIRED Threat Level

In an age of nonstop breaches and hacks, here are ways to improve your online security based on your level of risk, from average user to NSA contractor.

Passwords 111
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

5 Reasons the Cybersecurity Labor Shortfall Won't End Soon

Dark Reading

The number of unfilled jobs in our industry continues to grow. Here's why.

article thumbnail

Protecting data for compliance and transformation

Thales Cloud Protection & Licensing

Until recently, it was nothing more than a buzzword bandied around across various industries. Now though, businesses everywhere are undergoing various forms of digital transformation as they look for ways to better interact with their end customers, whether consumer or corporate. Organisations are finding themselves under increasing pressure from their boards, all keen on moving their businesses forward technologically, to deliver the solutions and services they need to remain competitive in an

article thumbnail

Surveillance inside the Body

Schneier on Security

The FDA has approved a pill with an embedded sensor that can report when it is swallowed. The pill transmits information to a wearable patch, which in turn transmits information to a smartphone.

article thumbnail

The Grand Tor: How to Go Anonymous Online

WIRED Threat Level

You may already be familiar with TorBrowser. But the anonymous internet has a lot more to offer.

Internet 111
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

19 M California Voter Records Held for Ransom in MongoDB Attack

Dark Reading

The records were first exposed in an unsecured MongoDB database, continuing a cyber-extortion trend.

71
article thumbnail

2017 AWS Re:Invent Recap: The evolution of innovation in the cloud

Thales Cloud Protection & Licensing

A couple weeks ago I attended yet another successful AWS Re:Invent conference. For those of you that don’t already know, AWS Re:Invent is Amazon Web Services premier cloud conference for customers, partners, and industry professionals. There was a noticeable increase in attendance at this year’s show, and keynote presentations from AWS’ CEO Andy Jassy and Amazon.com’s VP & CTO Werner Vogels did not disappoint.

article thumbnail

How Google Encrypts Data in the Cloud

eSecurity Planet

Google details its Application Layer Transport Security approach for securing data inside the cloud.

article thumbnail

How to Encrypt All of the Things, From Chats to Calls and More

WIRED Threat Level

Want to keep outsiders from listening in on your chats, phone calls, and more? Encrypt them. All of them.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Mobile Device Makers Increasingly Embrace Bug Bounty Programs

Dark Reading

Samsung is the latest to join a small group of smartphone makers to cast their net wide on catching vulnerabilities in their devices.

Mobile 70
article thumbnail

Triton Malware Targets Industrial Control Systems in Middle East

Threatpost

Malware intended for a “high-impact” attack against safety systems likely would of caused physical damage to a targeted company located in the Middle East.

Malware 56
article thumbnail

Just 28 Percent of Business Leaders Have Heard of the Equifax Breach

eSecurity Planet

We're a little worried about the other 72 percent.

55
article thumbnail

How to Rip the Mics Out of Your MacBook and iPhone

WIRED Threat Level

One way to make sure no one's listening in on your private conversations? Drop the mics. Literally.

109
109
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Is Your Security Workflow Backwards?

Dark Reading

The pace at which information security evolves means organizations must work smarter, not harder. Here's how to stay ahead of the threats.

article thumbnail

Permissions Flaw Found Azure AD Connect

Threatpost

A permissions flaw in Microsoft’s Azure AD Connect software could allow a rogue admin to escalate account privileges and gain unauthorized universal access within a company’s internal network. .

article thumbnail

Nation State Attackers Shut Down Industrial Plant with New ICS Malware

eSecurity Planet

The malware was designed specifically to target Triconex SIS controllers.

Malware 53
article thumbnail

How to Sweep For Bugs and Hidden Cameras

WIRED Threat Level

To keep them from listening in, take a very good look around you. And then bust out the tools.

108
108
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!