Troy Hunt
DECEMBER 20, 2017
This week, I've been writing up my 5-part guide on "Fixing Data Breaches" On Monday I talked about the value of education ; let's try and stop the breach from happening in the first place. Then yesterday it was all about reducing the impact of a breach , namely by collecting a lot less data in the first place then recognising that it belongs to the person who provided it and treating with the appropriate respect.
Schneier on Security
DECEMBER 19, 2017
Now this is good news. The UK's National Cyber Security Centre (NCSC) -- part of GCHQ -- found a serious vulnerability in Windows Defender (their anti-virus component). Instead of keeping it secret and all of us vulnerable, it alerted Microsoft. I'd like believe the US does this, too.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
WIRED Threat Level
DECEMBER 22, 2017
The NSA leaker's latest project aims to secure your computer—and you—from not just digital but physical attacks.
Dark Reading
DECEMBER 18, 2017
Cloud security architecture skills to customer-service savvy are among the key IT security skills needed next year as CIOs ramp up hiring.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Troy Hunt
DECEMBER 17, 2017
We have a data breach problem. They're constant news headlines, they're impacting all of us and frankly, things aren't getting any better. Quite the opposite, in fact - things are going downhill in a hurry. Last month, I went to Washington DC, sat in front of Congress and told them about the problem. My full written testimony is in that link and it talks about many of the issue we face today and the impact data breaches have on identity verification.
Schneier on Security
DECEMBER 18, 2017
Estonia recently suffered a major flaw in the security of their national ID card. This article discusses the fix and the lessons learned from the incident: In the future, the infrastructure dependency on one digital identity platform must be decreased, the use of several alternatives must be encouraged and promoted. In addition, the update and replacement capacity, both remote and physical, should be increased.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
eSecurity Planet
DECEMBER 20, 2017
The information, from data analytics firm Alteryx, was in an Amazon S3 bucket configured to provide any AWS user with access.
Troy Hunt
DECEMBER 19, 2017
Yesterday, I wrote the first part of this 5-part series on fixing data breaches and I focused on education. It's the absolute best bang for your buck by a massive margin and it pays off over and over again across many years and many projects. Best of all, it's about prevention rather than cure. The next few parts of this series all focus on cures - how do we fix data breaches once bad code has already been written or bad server configurations deployed?
Schneier on Security
DECEMBER 20, 2017
Brian Krebs has a long article on the Mirai botnet authors, who pled guilty.
WIRED Threat Level
DECEMBER 20, 2017
To safeguard AI, we’re going to need to solve the problem of ‘adversarial examples.’.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Thales Cloud Protection & Licensing
DECEMBER 20, 2017
Thanks to heightened consumer confidence, a rise in proximity payments adoption and ongoing developments in biometrics, the payments industry continued to undergo digital transformation throughout 2017. We’re now seeing big data play an increasing role in how retail sales and payments are being tailored to individual consumer’s preferences, and providers are adopting and integrating smarter, more efficient ways of completing the path-to-purchase.
Troy Hunt
DECEMBER 21, 2017
In the first 4 parts of "Fixing Data Breaches", I highlighted education , data ownership and minimisation , the ease of disclosure and bug bounties as ways of addressing the problem. It was inevitable that we'd eventually end up talking about penalties though because the fact remains that although all the aforementioned recommendations make perfect sense, we're still faced with data breaches day in and day out from companies just not getting the message.
eSecurity Planet
DECEMBER 21, 2017
The cyber security skills shortage remains unfilled, so security pros can expect good pay and opportunities for the foreseeable future.
WIRED Threat Level
DECEMBER 20, 2017
They can be hacked. They're a privacy nightmare. This year, it's not too late to keep the IoT toys away from the tree.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Dark Reading
DECEMBER 19, 2017
Loki malware, built to steal credentials, is distributed via Microsoft Excel and other Office applications rigged with malicious 'scriptlets' to evade detection.
Troy Hunt
DECEMBER 20, 2017
Over the course of this week, I've been writing about "Fixing Data Breaches" which focuses on actionable steps that can be taken to reduce the prevalence and the impact of these incidents. I started out by talking about the value of education ; let's do a better job of stopping these incidents from occurring in the first place by avoiding well-known coding and configuration flaws.
eSecurity Planet
DECEMBER 22, 2017
Just 25 percent of U.S. consumers use two-factor authentication, and just 45 percent use a PIN to protect their mobile device.
WIRED Threat Level
DECEMBER 16, 2017
A Facebook bug, the Kaspersky ban becomes law, and more of the week's top security news.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Thales Cloud Protection & Licensing
DECEMBER 19, 2017
As 2017 draws to a close, the trends and innovations that will shape the technology industry over the coming weeks, months and years were brought into sharper focus over the course of the last twelve months. Cloud computing has gone mainstream for many enterprises, and the Internet of Things (IoT) is changing how both industrial and consumer-oriented companies do business.
Dark Reading
DECEMBER 19, 2017
A misconfigured Amazon Web Services S3 storage bucket exposed sensitive data on consumers' financial histories, contact information, and mortgage ownership.
eSecurity Planet
DECEMBER 19, 2017
And 87 percent expect the volume of email threats to increase.
WIRED Threat Level
DECEMBER 19, 2017
As the US government points the finger at North Korea for the WannaCry ransomware epidemic, it also needs to acknowledge the role of its leaked hacking tools.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Thales Cloud Protection & Licensing
DECEMBER 21, 2017
The nonprofit GDI Foundation has tracked close to 175,000 examples of misconfigured software and services on the cloud this year. As more and more organizations are moving to the cloud, the number of leaky servers is increasing. We have seen several AWS data leaks this year – from Booz Allen Hamilton to the WWE – that have left millions of private records exposed.
Dark Reading
DECEMBER 19, 2017
Many of the old standbys made this year's list of the 25 stolen - and weakest - passwords found dumped online.
eSecurity Planet
DECEMBER 18, 2017
Password managers are supposed to help keep users safe, so what can you do to help mitigate the risk?
WIRED Threat Level
DECEMBER 21, 2017
A Health and Human Services hackathon produced smart ideas for the fight against opioid addiction—but can only do so much in the face of a collapsing health care system.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Threatpost
DECEMBER 19, 2017
The United States government is officially blaming North Korea for the WannaCry ransomware outbreak in May that infected nearly a quarter-million computers in 150 countries.
Dark Reading
DECEMBER 18, 2017
Businesses struggle to quantify and manage risk, leading to wasted resources and oversight of major problems.
eSecurity Planet
DECEMBER 20, 2017
The managed security service provider plans to bring its security-as-a-service solutions to more markets.
WIRED Threat Level
DECEMBER 22, 2017
The VR action game Star Trek: Bridge Crew just lost its virtual reality requirement, Ubisoft has announced, saying the new non-VR option is arriving as a free update. Bridge Crew lets players experience the Star Trek universe in a virtual ship, taking on a particular role within that ship to help tackle obstacles and otherwise face various in-universe challenges.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Expert insights. Personalized for you.
229 
Let's personalize your content