Sat.Dec 16, 2017 - Fri.Dec 22, 2017

article thumbnail

Fixing Data Breaches Part 3: The Ease of Disclosure

Troy Hunt

This week, I've been writing up my 5-part guide on "Fixing Data Breaches" On Monday I talked about the value of education ; let's try and stop the breach from happening in the first place. Then yesterday it was all about reducing the impact of a breach , namely by collecting a lot less data in the first place then recognising that it belongs to the person who provided it and treating with the appropriate respect.

article thumbnail

GCHQ Found -- and Disclosed -- a Windows 10 Vulnerability

Schneier on Security

Now this is good news. The UK's National Cyber Security Centre (NCSC) -- part of GCHQ -- found a serious vulnerability in Windows Defender (their anti-virus component). Instead of keeping it secret and all of us vulnerable, it alerted Microsoft. I'd like believe the US does this, too.

202
202
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Snowden-Backed App 'Haven' Turns Your Phone Into a Home Security System

WIRED Threat Level

The NSA leaker's latest project aims to secure your computer—and you—from not just digital but physical attacks.

111
111
article thumbnail

Top 8 Cybersecurity Skills IT Pros Need in 2018

Dark Reading

Cloud security architecture skills to customer-service savvy are among the key IT security skills needed next year as CIOs ramp up hiring.

article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

Fixing Data Breaches Part 1: Education

Troy Hunt

We have a data breach problem. They're constant news headlines, they're impacting all of us and frankly, things aren't getting any better. Quite the opposite, in fact - things are going downhill in a hurry. Last month, I went to Washington DC, sat in front of Congress and told them about the problem. My full written testimony is in that link and it talks about many of the issue we face today and the impact data breaches have on identity verification.

article thumbnail

Lessons Learned from the Estonian National ID Security Flaw

Schneier on Security

Estonia recently suffered a major flaw in the security of their national ID card. This article discusses the fix and the lessons learned from the incident: In the future, the infrastructure dependency on one digital identity platform must be decreased, the use of several alternatives must be encouraged and promoted. In addition, the update and replacement capacity, both remote and physical, should be increased.

LifeWorks

More Trending

article thumbnail

Cloud Leaks Continue: 123 Million U.S. Households' Personal Information Exposed Online

eSecurity Planet

The information, from data analytics firm Alteryx, was in an Amazon S3 bucket configured to provide any AWS user with access.

98
article thumbnail

Fixing Data Breaches Part 2: Data Ownership & Minimisation

Troy Hunt

Yesterday, I wrote the first part of this 5-part series on fixing data breaches and I focused on education. It's the absolute best bang for your buck by a massive margin and it pays off over and over again across many years and many projects. Best of all, it's about prevention rather than cure. The next few parts of this series all focus on cures - how do we fix data breaches once bad code has already been written or bad server configurations deployed?

article thumbnail

Details on the Mirai Botnet Authors

Schneier on Security

Brian Krebs has a long article on the Mirai botnet authors, who pled guilty.

174
174
article thumbnail

Researchers Made Google's Image Recognition AI Mistake a Rifle For a Helicopter

WIRED Threat Level

To safeguard AI, we’re going to need to solve the problem of ‘adversarial examples.’.

92
article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

Securing the future of payments – what does 2018 have in store?

Thales Cloud Protection & Licensing

Thanks to heightened consumer confidence, a rise in proximity payments adoption and ongoing developments in biometrics, the payments industry continued to undergo digital transformation throughout 2017. We’re now seeing big data play an increasing role in how retail sales and payments are being tailored to individual consumer’s preferences, and providers are adopting and integrating smarter, more efficient ways of completing the path-to-purchase.

Retail 83
article thumbnail

Fixing Data Breaches Part 5: Penalties

Troy Hunt

In the first 4 parts of "Fixing Data Breaches", I highlighted education , data ownership and minimisation , the ease of disclosure and bug bounties as ways of addressing the problem. It was inevitable that we'd eventually end up talking about penalties though because the fact remains that although all the aforementioned recommendations make perfect sense, we're still faced with data breaches day in and day out from companies just not getting the message.

article thumbnail

2018 IT Security Employment Outlook: Which Security Skills and Certs are Hottest?

eSecurity Planet

The cyber security skills shortage remains unfilled, so security pros can expect good pay and opportunities for the foreseeable future.

82
article thumbnail

Don't Gift an Internet-Connected Toy This Holiday

WIRED Threat Level

They can be hacked. They're a privacy nightmare. This year, it's not too late to keep the IoT toys away from the tree.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Microsoft Office Docs New Vessel for Loki Malware

Dark Reading

Loki malware, built to steal credentials, is distributed via Microsoft Excel and other Office applications rigged with malicious 'scriptlets' to evade detection.

Malware 76
article thumbnail

Established and emerging technologies to watch out for in 2018

Thales Cloud Protection & Licensing

As 2017 draws to a close, the trends and innovations that will shape the technology industry over the coming weeks, months and years were brought into sharper focus over the course of the last twelve months. Cloud computing has gone mainstream for many enterprises, and the Internet of Things (IoT) is changing how both industrial and consumer-oriented companies do business.

article thumbnail

While Blaming Companies for Breaches, Consumers Aren't Prioritizing Their Own Security

eSecurity Planet

Just 25 percent of U.S. consumers use two-factor authentication, and just 45 percent use a PIN to protect their mobile device.

Mobile 74
article thumbnail

Facebook Squashes 19-Year-Old Bug, and More Security News This Week

WIRED Threat Level

A Facebook bug, the Kaspersky ban becomes law, and more of the week's top security news.

71
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Massive Cloud Leak Exposes Alteryx, Experian, US Census Bureau Data

Dark Reading

A misconfigured Amazon Web Services S3 storage bucket exposed sensitive data on consumers' financial histories, contact information, and mortgage ownership.

66
article thumbnail

Q&A: Cloud Providers and Leaky Servers

Thales Cloud Protection & Licensing

The nonprofit GDI Foundation has tracked close to 175,000 examples of misconfigured software and services on the cloud this year. As more and more organizations are moving to the cloud, the number of leaky servers is increasing. We have seen several AWS data leaks this year – from Booz Allen Hamilton to the WWE – that have left millions of private records exposed.

article thumbnail

78 Percent of U.S. Healthcare Providers Were Hit by Email Cyber Attacks in 2017

eSecurity Planet

And 87 percent expect the volume of email threats to increase.

article thumbnail

Hold North Korea Accountable for WannaCry—and the NSA, Too

WIRED Threat Level

As the US government points the finger at North Korea for the WannaCry ransomware epidemic, it also needs to acknowledge the role of its leaked hacking tools.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

'Starwars' Debuts on List of Worst Passwords of 2017

Dark Reading

Many of the old standbys made this year's list of the 25 stolen - and weakest - passwords found dumped online.

article thumbnail

U.S. Government Blames North Korea for WannaCry

Threatpost

The United States government is officially blaming North Korea for the WannaCry ransomware outbreak in May that infected nearly a quarter-million computers in 150 countries.

article thumbnail

Keeper Security Patches Password Protection Flaw Reported by Google

eSecurity Planet

Password managers are supposed to help keep users safe, so what can you do to help mitigate the risk?

article thumbnail

Tech Can't Solve the Opioid Crisis on Its Own

WIRED Threat Level

A Health and Human Services hackathon produced smart ideas for the fight against opioid addiction—but can only do so much in the face of a collapsing health care system.

61
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Businesses Fail in Risk Modeling and Management: Report

Dark Reading

Businesses struggle to quantify and manage risk, leading to wasted resources and oversight of major problems.

Risk 54
article thumbnail

User ‘Gross Negligence’ Leaves Hundreds of Lexmark Printers Open to Attack

Threatpost

Researchers warn hundreds of Lexmark printers are vulnerable to a trivial hack thanks to user “gross negligence.”.

Hacking 48
article thumbnail

Cybersecurity Services Provider Proficio Secures Additional Investment

eSecurity Planet

The managed security service provider plans to bring its security-as-a-service solutions to more markets.

article thumbnail

Star Trek: Bridge Crew loses the VR requirement

WIRED Threat Level

The VR action game Star Trek: Bridge Crew just lost its virtual reality requirement, Ubisoft has announced, saying the new non-VR option is arriving as a free update. Bridge Crew lets players experience the Star Trek universe in a virtual ship, taking on a particular role within that ship to help tackle obstacles and otherwise face various in-universe challenges.

40
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.