Sat.Jul 07, 2018 - Fri.Jul 13, 2018

article thumbnail

Here's Why Your Static Website Needs HTTPS

Troy Hunt

It was Jan last year that I suggested HTTPS adoption had passed the "tipping point" , that is it had passed the moment of critical mass and as I said at the time, "will very shortly become the norm" Since that time, the percentage of web pages loaded over a secure connection has rocketed from 52% to 71% whilst the proportion of the world's top 1 million websites redirecting people to HTTPS has gone from 20% to about half (projected).

DNS 275
article thumbnail

Gas Pump Hack

Schneier on Security

This is weird : Police in Detroit are looking for two suspects who allegedly managed to hack a gas pump and steal over 600 gallons of gasoline, valued at about $1,800. The theft took place in the middle of the day and went on for about 90 minutes, with the gas station attendant unable to thwart the hackers. The theft, reported by Fox 2 Detroit , took place at around 1pm local time on June 23 at a Marathon gas station located about 15 minutes from downtown Detroit.

Hacking 210
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

How ‘digital transformation’ gave birth to a new breed of criminal: ‘machine-identity thieves’

The Last Watchdog

There’s a new breed of identity thief at work plundering consumers and companies. However, these fraudsters don’t really care about snatching up your credentials or mine. By now, your personal information and mine has been hacked multiple times and is readily on sale in the Dark Web. This has long been true of the vast majority of Americans. Related article: 7 hacks signaling a coming global cyber war.

article thumbnail

Notorious ‘Hijack Factory’ Shunned from Web

Krebs on Security

Score one for the good guys: Bitcanal , a Portuguese Web hosting firm long accused of helping spammers hijack large swaths of dormant Internet address space over the years, was summarily kicked off the Internet this week after a half-dozen of the company’s bandwidth providers chose to sever ties with the company. Spammers and Internet service providers (ISPs) that facilitate such activity often hijack Internet address ranges that have gone unused for periods of time.

Internet 156
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

The 111 Million Record Pemiblanc Credential Stuffing List

Troy Hunt

One of the most alarming trends I've seen in the world of data breaches since starting Have I Been Pwned (HIBP) back in 2013 is the rapid rise of credential stuffing attacks. Per the definition in that link, it simply means this: Credential stuffing is the automated injection of breached username/password pairs in order to fraudulently gain access to user accounts.

Passwords 206
article thumbnail

Department of Commerce Report on the Botnet Threat

Schneier on Security

Last month, the US Department of Commerce released a report on the threat of botnets and what to do about it. I note that it explicitly said that the IoT makes the threat worse, and that the solutions are largely economic. The Departments determined that the opportunities and challenges in working toward dramatically reducing threats from automated, distributed attacks can be summarized in six principal themes.

Marketing 198

More Trending

article thumbnail

Patch Tuesday, July 2018 Edition

Krebs on Security

Microsoft and Adobe each issued security updates for their products today. Microsoft’s July patch batch includes 14 updates to fix more than 50 security flaws in Windows and associated software. Separately, Adobe has pushed out an update for its Flash Player browser plugin, as well as a monster patch bundle for Adobe Reader/Acrobat. According to security firm Qualys , all but two of the “critical” fixes in this round of updates apply to vulnerabilities in Microsoft’s b

Software 140
article thumbnail

Pwned Passwords V3 is Now Live!

Troy Hunt

Over recent weeks, I've begun planning the release of the 3rd version of Pwned Passwords. If you cast your mind back, version 1 came along in August last year and contained 320M passwords. I made all the data downloadable as SHA-1 hashes (for reasons explained in that post) and stood up a basic API to enable anyone to query it by plain text password or hash.

Passwords 127
article thumbnail

WPA3

Schneier on Security

Everyone is writing about the new WPA3 Wi-Fi security standard, and how it improves security over the current WPA2 standard. This summary is as good as any other: The first big new feature in WPA3 is protection against offline, password-guessing attacks. This is where an attacker captures data from your Wi-Fi stream, brings it back to a private computer, and guesses passwords over and over again until they find a match.

Passwords 166
article thumbnail

Q&A: Here’s why it has become vital for companies to deter ‘machine-identity thieves’

The Last Watchdog

We’re undergoing digital transformation , ladies and gentlemen. And we’re in a nascent phase where clever advances are blossoming even as unprecedented data breaches arise in parallel. The latest example of this dichotomy comes from Timehop, a service that enables social media users to plug into their past. On Sunday, Timehop shared details about how a hacker got into their network, conducted several reconnaissance forays, and then moved swiftly on July 4th to pilfer personal information for 21

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

A Landmark Legal Shift Opens Pandora’s Box for DIY Guns

WIRED Threat Level

Cody Wilson makes digital files that let anyone 3-D print untraceable guns. The government tried to stop him. He sued—and won.

article thumbnail

Weekly Update 95

Troy Hunt

Not only has this been a super busy blogging week, it's also the week my coffee machine decided to die ?? It's not terminal, it's just continually leaking so it's off for a service and I have to fuel my productivity through other means. But fuel it I did and I spent a big whack of the week doing things I hope to talk about next week (namely some major architectural changes to HIBP services), as well as preparing both the Pemiblanc credential stuffing list for HIBP and then pushing out Pwned Pass

Passwords 113
article thumbnail

Recovering Keyboard Inputs through Thermal Imaging

Schneier on Security

Researchers at the University of California, Irvine, are able to recover user passwords by way of thermal imaging. The tech is pretty straightforward, but it's interesting to think about the types of scenarios in which it might be pulled off. Abstract: As a warm-blooded mammalian species, we humans routinely leave thermal residues on various objects with which we come in contact.

Passwords 161
article thumbnail

Timehop Data Breach Exposes 21 Million Users

Adam Levin

Timehop, an app for archiving social media activities, was breached on July 4. The breach compromised data for 21 million users from the company’s cloud environment including names, email addresses, and the phone numbers for roughly a quarter of them. In an email to their users, Timehop stated: “The damage was limited because of our long-standing commitment to only use the data we absolutely need to provide our service.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Facebook Gave Russian Internet Giant Special Data Extension

WIRED Threat Level

Mail.ru also ran hundreds of apps on Facebook at a time when the platform’s policies allowed app developers to collect their users' friends' data.

Internet 111
article thumbnail

Friday Star Wars

Adam Shostack

Oddly, I am unable to find this on Etsy. Perhaps the Disney Corporation, new owners of Star Wars, doesn’t like mousetraps?

100
100
article thumbnail

PROPagate Code Injection Seen in the Wild

Schneier on Security

Last year, researchers wrote about a new Windows code injection technique called PROPagate. Last week, it was first seen in malware: This technique abuses the SetWindowsSubclass function -- a process used to install or update subclass windows running on the system -- and can be used to modify the properties of windows running in the same session. This can be used to inject code and drop files while also hiding the fact it has happened, making it a useful, stealthy attack.

Malware 139
article thumbnail

Tokenization: Ready for Prime Time

Thales Cloud Protection & Licensing

The digital transformation has changed how the world does business. It has created whole new enterprises and industries, but it has also left many organizations vulnerable to new and destructive threats. Digital transformation can and does deliver increased efficiencies, improved decision-making, lower costs, improved reach, and higher profits. But it also frequently relies on increasing amounts of personal and other sensitive data.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Apple's China-Friendly Censorship Caused an iPhone-Crashing Bug

WIRED Threat Level

The bug serves as a reminder of China-friendly censorship code hidden in all iOS devices.

111
111
article thumbnail

Threat Modeling Thursday: 2018

Adam Shostack

So this week’s threat model Thursday is simply two requests: What would you like to see in the series? What would you like me to cover in my Blackhat talk, “ Threat Modeling in 2018 ?” “Attacks always get better, and that means your threat modeling needs to evolve. This talk looks at what’s new and important in threat modeling, organizes it into a simple conceptual framework, and makes it actionable.

Media 100
article thumbnail

Major International Airport System Access Sold for $10 on Dark Web

Dark Reading

Researchers from the McAfee Advanced Threat Research team began with an open search on Russian RDP shop UAS to make their discovery.

74
article thumbnail

Knock, Knock; Who’s There? – IoT Device Identification & Data Integrity Is No Joke

Thales Cloud Protection & Licensing

The Internet of Things (IoT) is very crowded. Connected devices outnumber people. The United Nations estimates the current world population at 7.6 billion 1 , and Gartner projects over 20.8 billion devices will be connected to the Internet by 2020 2. Connected things are what make the IoT – sensors, cameras, wearable electronics, medical devices, automatic controls.

IoT 72
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

The Worst Cybersecurity Breaches of 2018 So Far

WIRED Threat Level

There haven't been as many hacks and attacks compared to this time last year, but that's where the good news ends.

article thumbnail

Automotive Privacy

Adam Shostack

[Update: clarified a sentence about whose privacy is touched, and where.]. I had missed the story “ Big Brother on wheels: Why your car company may know more about you than your spouse. ” There are surprising details, including that you might be able to shut it off, and the phrase “If a customer declines, we do not collect any data from the vehicle.

article thumbnail

This Is How Much a 'Mega Breach' Really Costs

Dark Reading

The average cost of a data breach is $3.86 million, but breaches affecting more than 1 million records are far more expensive.

article thumbnail

Trusting in technology: the need for greater assurance in connected health

Thales Cloud Protection & Licensing

Whether offering instant access to patient records, allowing remote diagnosis of treatment, or giving access to lifestyle management and monitoring apps, it’s undeniable that the Internet of Things (IoT) and connected services are revolutionising the healthcare industry. Working to improve operational efficiencies and deliver a greater level of care, the now-dubbed ‘Connected Health’ market has grown to such an extent recently that it is expected to be worth more than £450 billion by 2024.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Robert Mueller's Indictment Today of 12 Russian Hackers Could Be His Biggest Move Yet

WIRED Threat Level

The special counsel has unleashed an international, geopolitical bombshell.

111
111
article thumbnail

With So Many Eyeballs, Is Open Source Security Better?

eSecurity Planet

VIDEO: Dirk Hohndel, VP and Chief Open-Source Officer at VMware, talks about how dev security should be done, whether the code is open source or proprietary.

55
article thumbnail

Ticketmaster Breach Part of Massive Payment Card Hacking Campaign

Dark Reading

Threat actor Magecart has infiltrated over 800 e-commerce sites with card skimming software installed on third-party software components, RiskIQ says.

Hacking 62
article thumbnail

Secure Kali Pi 2018

Kali Linux

We have covered how to create secure “throw-away hack boxes” using the Raspberry Pi before , but we thought it was time to go back and take a look at the process again. With all the new Raspberry Pi models and Kali changes from when we last covered this, we found the old process was in need of some updating. As a review, what we are trying to accomplish is to create a standalone “leave behind” device that, when discovered, does not make it easy to figure out what you were

Backups 52
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!