Troy Hunt

SEPTEMBER 5, 2018

As time has gone by, one of the things I've enjoyed the most in running Have I Been Pwned (HIBP) is seeing how far I could make the dollars stretch. How big can it go whilst at the same time, running it on a shoestring? I keep finding new ways of optimising cost and the two most significant contributions to that since launching almost 5 years ago have come via serverless technology provided by 2 of my favourite tech companies: Cloudflare and Microsoft.

Passwords 236

Passwords Architecture Data breaches Technology 236

Krebs on Security

SEPTEMBER 4, 2018

mSpy , the makers of a software-as-a-service product that claims to help more than a million paying customers spy on the mobile devices of their kids and partners, has leaked millions of sensitive records online, including passwords, call logs, text messages, contacts, notes and location data secretly collected from phones running the stealthy spyware.

Spyware 217

Spyware Mobile Advertising Software 217

The Last Watchdog

SEPTEMBER 6, 2018

All companies today are exposed to intense cyber-attacks. And yet the vast majority simply do not have the capability to effectively defend their networks. That’s where managed security services providers, or MSSPs, come in. MSSPs monitor and manage cybersecurity systems as a contracted service. This can include spam filtering, malware detection, firewalls upkeep, vulnerability management and more.

Digital transformation 189

Digital transformation Technology Mobile Firewall 189

Schneier on Security

SEPTEMBER 5, 2018

It's amazing that this is even possible: " SonarSnoop: Active Acoustic Side-Channel Attacks ": Abstract: We report the first active acoustic side-channel attack. Speakers are used to emit human inaudible acoustic signals and the echo is recorded via microphones, turning the acoustic system of a smart phone into a sonar system. The echo signal can be used to profile user interaction with the device.

Passwords 164

Passwords Authentication Hacking 164

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Troy Hunt

SEPTEMBER 7, 2018

It's been a week of travel for me with API Days in Melbourne on Tuesday, Fortinet Fast & Secure in Sydney on Wednesday then the Varonis webinar yesterday (recorded, I'll share once it's online). Be that as it may, I did manage to pump out a long-awaited blog post on the total cost of running Pwned Passwords in HIBP and its. 2.6c per day ??. This week there's also a few random things ranging from online authenticity (the human kind), changes in Chrome 69 (there's some major visual security in

Spyware 112

Spyware Authentication Passwords Hacking 112

Krebs on Security

SEPTEMBER 6, 2018

A 19-year-old man from the United Kingdom who headed a cybercriminal group whose motto was “Feds Can’t Touch Us” pleaded guilty this week to making bomb threats against thousands of schools. On Aug. 31, officers with the U.K.’s National Crime Agency (NCA) arrested Hertfordshire resident George Duke-Cohan, who admitted making bomb threats to thousands of schools and a United Airlines flight traveling from the U.K. to San Francisco last month.

DDOS 191

DDOS Internet Internet Cybercrime 191

Schneier on Security

SEPTEMBER 4, 2018

I am pleased to announce the publication of my latest book: Click Here to Kill Everybody: Security and Survival in a Hyper-connected World. In it, I examine how our new immersive world of physically capable computers affects our security. I argue that this changes everything about security. Attacks are no longer just about data, they now affect life and property: cars, medical devices, thermostats, power plants, drones, and so on.

Government 158

Government Internet Internet Authentication 158

WIRED Threat Level

SEPTEMBER 4, 2018

"Whatever we propose is going to be controversial. But it’s important we do something, because everyone is unsatisfied by URLs. They kind of suck.".

108

108

Krebs on Security

SEPTEMBER 5, 2018

Popular file-sharing site Mega.nz is warning users that cybercriminals hacked its browser extension for Google Chrome so that any usernames and passwords submitted through the browser were copied and forwarded to a rogue server in Ukraine. This attack serves as a fresh reminder that legitimate browser extensions can and periodically do fall into the wrong hands, and that it makes good security sense to limit your exposure to such attacks by getting rid of extensions that are no longer useful or

Risk 168

Risk Hacking Software Phishing 168

The Last Watchdog

SEPTEMBER 5, 2018

There is a concept in computing, called runtime, that is so essential and occurs so ubiquitously that it has long been taken for granted. Now cyber criminals have begun to leverage this heretofore innocuous component of computing to insinuate themselves deep inside of company networks. Related: The coming wave of ‘microcode’ attacks. They’ve figured out how to manipulate applications while in runtime and execute powerful and stealthy attacks that bypass conventional security tools.

Mobile 140

Mobile Internet Internet Ransomware 140

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Schneier on Security

SEPTEMBER 7, 2018

I did a Reddit AMA on Thursday, September 6.

117

117

Security Affairs

SEPTEMBER 5, 2018

Security expert discovered that S kype has a malloc(): memory corruption vulnerability that could be triggered while users share some media/file with someone during a call. . Tested on: Linux zero 4.15.0-29-generic #31-Ubuntu SMP Tue Jul 17 15:39:52 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux (Ubuntu 18.04 LTS). Product affected: Skype for linux (skypeforlinux_8.27.0.85_amd64.deb) Steps to reproduce this issue: 1.

Advertising 103

Advertising Media Hacking 103

Krebs on Security

SEPTEMBER 2, 2018

A 20-year-old from Vancouver, Washington was indicted last week on federal hacking charges and for allegedly operating the “ Satori ” botnet, a malware strain unleashed last year that infected hundreds of thousands of wireless routers and other “Internet of Things” (IoT) devices. This outcome is hardly surprising given that the accused’s alleged alter ego has been relentless in seeking media attention for this global crime machine.

IoT 128

IoT Media DDOS Internet 128

The Last Watchdog

SEPTEMBER 7, 2018

Over the past couple of decades, some amazing advances in locking down software code have quietly unfolded in, of all places, Hollywood. Related: HBO hack spurs cyber insurance market. Makes sense, though. Digital media and entertainment giants like Netflix, Amazon, Hulu, HBO, ESPN, Sony, and Disney are obsessive about protecting their turf. These Tinsel Town powerhouses retain armies of investigators and lawyers engaged in a never-ending war to keep piracy and subscription fraud in check.

IoT 133

IoT Technology Software Media 133

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Dark Reading

SEPTEMBER 7, 2018

These methods may not yet be on your security team's radar, but given their impact, they should be.

86

86

Security Affairs

SEPTEMBER 6, 2018

The MEGA Chrome browser extension had been hacked and replaced with a one that steals users’ credentials for popular web services. Are you using the MEGA Chrome browser extension? Uninstall it now because the Chrome extension for MEGA file storage service had been hacked and replaced with a one that steals users’ credentials for popular web services (i.e.

Hacking 90

Hacking Cryptocurrency Advertising Accountability 90

eSecurity Planet

SEPTEMBER 5, 2018

Enterprises are turning to SOAR solutions to streamline response to cybersecurity incidents.

Cybersecurity 84

Cybersecurity 84

The Last Watchdog

SEPTEMBER 4, 2018

Most large enterprises today can point to multi-millions of dollars expended over the past two decades erecting “layered defenses” to protect their digital systems. Yet catastrophic network breaches continue apace. Turns out there’s a downside to “defense in depth.”. Related: Obsolecense creeps into legacy systems. There’s no doubt that monitoring and continually updating all parts of a multi-tiered security system is a must-do best practice.

Penetration Testing 133

Penetration Testing Firewall Data breaches Malware 133

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

WIRED Threat Level

SEPTEMBER 7, 2018

Adware Doctor has long been one of the top-selling apps in the Mac App Store. But researchers say it harvested browsing data, and sent it to China.

Adware 83

Adware Spyware 83

Security Affairs

SEPTEMBER 6, 2018

Schneider Electric announced that some of the USB drives it has shipped with its Conext ComBox and Conext Battery Monitor products were infected with malware. Schneider Electric has found a malicious code on the USB drives that have been shipped with Conext ComBox and Conext Battery Monitor products. Both products are part of the solar energy offering of the vendor.

Malware 84

Malware Energy and Utilities Manufacturing Media 84

Threatpost

SEPTEMBER 7, 2018

A macOS App called Adware Doctor blocks ads, but share’s user browser history with a China-based domain.

Adware 78

Adware 78

Dark Reading

SEPTEMBER 5, 2018

Blockchain is being used as a security tool. If you haven't thought about adopting it, you might want to reconsider your take.

75

75

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

WIRED Threat Level

SEPTEMBER 6, 2018

After years of abuse and spreading conspiracy theories, Alex Jones finally went too far for Twitter with a relatively tame rant.

77

77

Security Affairs

SEPTEMBER 2, 2018

MagentoCore skimmer already infected 7,339 Magento stores, according to the Willem de Groot who uncovered the campaign, it is the most aggressive to date. The cybersecurity researcher Willem de Groot has uncovered a massive hacking campaign aimed at Magento stores. The hackers have already infected 7,339 Magento stores with a skimmer script, dubbed MagentoCore, that siphons payment card data from users who purchased on the sites.

Advertising 83

Advertising Hacking Malware Data breaches 83

eSecurity Planet

SEPTEMBER 6, 2018

Some accounts are more valuable than others. Privileged access management (PAM) can help.

Accountability 73

Accountability 73

Thales Cloud Protection & Licensing

SEPTEMBER 4, 2018

It’s hard to believe we are nine weeks away from the midterm elections here in the United States. Regardless of the winners and losers, all eyes will focus on election security. And there are so many factors to consider. Just last month at Def Con and Black Hat, we found out just how easy it is to break into election machines. White Hat (ethical) hackers worked in under 15 minutes to disrupt the entire voting process from the moment someone attempted to register to vote to the point at which res

Hacking 67

Hacking Software Encryption Internet 67

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

WIRED Threat Level

SEPTEMBER 7, 2018

Someone hijacked a volunteer tool to make it look like Beto O'Rourke encouraged voter fraud—and that could just be the beginning.

73

73

Security Affairs

SEPTEMBER 4, 2018

Security researchers at the SANS Internet Storm Center discovered that thousands of 3D printers are exposed online without proper defense. The news is worrisome, thousands of 3D printers are exposed online to remote cyber attacks. According to the experts at SANS Internet Storm Center that scanned the internet for vulnerable 3D printers, a Shodan query has found more than 3,700 instances of OctoPrint interfaces exposed online, most in the United States (1,600).

Internet 82

Internet Internet Advertising VPN 82

Dark Reading

SEPTEMBER 5, 2018

Researchers detected the vulnerability in an attack campaign two days after it was posted on social media.

Malware 63

Malware Media 63

Thales Cloud Protection & Licensing

SEPTEMBER 6, 2018

In my recent blog on the evolving PCI SSC initiatives in 2018, “ Minor on PCI DSS, major on almost everything else ,” I outlined how the organisation is covering new areas to reflect the migration from physical card payments to online digital payments. Much of the latest innovation involves the use of mobile devices (for both initiation and acceptance ) to provide greater flexibility in how payments can be made and offer additional methods to authenticate transactions.

Mobile 66

Mobile Software Encryption Risk 66

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity