Sat.Jun 08, 2019 - Fri.Jun 14, 2019

article thumbnail

Project Svalbard: The Future of Have I Been Pwned

Troy Hunt

Back in 2013, I was beginning to get the sense that data breaches were becoming a big thing. The prevalence of them seemed to be really ramping up as was the impact they were having on those of us that found ourselves in them, myself included. Increasingly, I was writing about what I thought was a pretty fascinating segment of the infosec industry; password reuse across Gawker and Twitter resulting in a breach of the former sending Acai berry spam via the latter.

article thumbnail

MY TAKE: Why locking down ‘firmware’ has now become the next big cybersecurity challenge

The Last Watchdog

Locking down firmware. This is fast becoming a profound new security challenge for all companies – one that can’t be pushed to a side burner. Related: The rise of ‘memory attacks’ I’m making this assertion as federal authorities have just commenced steps to remove and replace switching gear supplied, on the cheap, to smaller U.S. telecoms by Chinese tech giant Huawei.

Firmware 233
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Rock-Paper-Scissors Robot

Schneier on Security

How in the world did I not know about this for three years? Researchers at the University of Tokyo have developed a robot that always wins at rock-paper-scissors. It watches the human player's hand, figures out which finger position the human is about to deploy, and reacts quickly enough to always win.

222
222
article thumbnail

Microsoft Patch Tuesday, June 2019 Edition

Krebs on Security

Microsoft on Tuesday released updates to fix 88 security vulnerabilities in its Windows operating systems and related software. The most dangerous of these include four flaws for which there is already exploit code available. There’s also a scary bug affecting all versions of Microsoft Office that can be triggered by a malicious link or attachment.

Backups 199
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Weekly Update 143

Troy Hunt

Well this was a big one. The simple stuff first - I'm back in Norway running workshops and getting ready for my absolute favourite event of the year, NDC Oslo. I'm also talking about Scott's Hack Yourself First UK Tour where he'll be hitting up Manchester, London and Glasgow with public workshops. Tickets are still available at those and it'll be your last chance for a long time to do that event in the UK.

Hacking 192
article thumbnail

Evite Experiences Data Breach

Adam Levin

Online invitation service Evite notified users about a data breach of user data that included names, usernames, email addresses, passwords, and mailing addresses. The company disclosed the breach following the release of the affected data on the dark web. A hacker claimed to have access to 10 million user accounts. “We became aware of a data security incident involving potential unauthorized access to our systems in April 2019.

More Trending

article thumbnail

DNS Security

Adam Shostack

I’m happy to say that some new research by Jay Jacobs, Wade Baker, and myself is now available, thanks to the Global Cyber Alliance. They asked us to look at the value of DNS security, such as when your DNS provider uses threat intel to block malicious sites. It’s surprising how effective it is for a tool that’s so easy to deploy. (Just point to a DNS server like 9.9.9.9).

DNS 113
article thumbnail

Hack Yourself First - The UK Tour by Scott Helme

Troy Hunt

It's the Hack Yourself First UK Tour! I've been tweeting a bit about this over recent times and had meant to write about it earlier, but I've been a little busy of late. Last year, I asked good friend and fellow security person Scott Helme to help me out running my Hack Yourself First workshops. I was overwhelmed with demand and he was getting sensational reviews for the TLS workshops he was already running.

Hacking 175
article thumbnail

The Highly Dangerous 'Triton' Hackers Have Probed the US Grid

WIRED Threat Level

The same hackers behind a potentially lethal 2017 oil refinery cyberattack are now sniffing at US electrical utility targets.

Hacking 111
article thumbnail

Report on the Stalkerware Industry

Schneier on Security

Citizen Lab just published an excellent report on the stalkerware industry.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Massive DDos attack hit Telegram, company says most of junk traffic is from China

Security Affairs

Encrypted messaging service Telegram was hit by a major DDoS attack apparently originated from China, likely linked to the ongoing political unrest in Hong Kong. Telegram was used by protesters in Hong Kong to evade surveillance and coordinate their demonstrations against China that would allow extraditions from the country to the mainland. The country is facing the worst political crisis ùsince its 1997 handover from Britain to China.

DDOS 111
article thumbnail

7 Truths About BEC Scams

Dark Reading

Business email compromise attacks are growing in prevalence and creativity. Here's a look at how they work, the latest stats, and some recent horror stories.

Scams 110
article thumbnail

Cellebrite Now Says It Can Unlock Any iPhone for Cops

WIRED Threat Level

In a strangely public product announcement, the phone-cracking firm revealed a powerful new device.

Hacking 111
article thumbnail

Video Surveillance by Computer

Schneier on Security

The ACLU's Jay Stanley has just published a fantastic report: " The Dawn of Robot Surveillance " (blog post here ) Basically, it lays out a future of ubiquitous video cameras watched by increasingly sophisticated video analytics software, and discusses the potential harms to society. I'm not going to excerpt a piece, because you really need to read the whole thing.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Hunting the ICEFOG APT group after years of silence

Security Affairs

A security researcher found new evidence of activities conducted by the ICEFOG APT group, also tracked by the experts as Fucobha. Chi-en (Ashley) Shen, a senior security researcher at FireEye, collected evidence that demonstrates that China-linked APT group ICEFOG (aka Fucobha ) is still active. Slides from my talk presented today at @CONFidenceConf – Into the Fog – The Return of ICEFOG APT.

Malware 111
article thumbnail

The state of European cybersecurity and lessons to learn

Thales Cloud Protection & Licensing

As one of our recent blogs discussed, we are entering a new era of business – one that will see wholesale digital transformation drive a digital-first approach by businesses globally. And as our 2019 Thales Data Threat Report – Europe Edition recently revealed, many of these businesses become extremely vulnerable during digital transformation, with those in Europe being no different.

article thumbnail

The Next Big Privacy Hurdle? Teaching AI to Forget

WIRED Threat Level

111
111
article thumbnail

Workshop on the Economics of Information Security

Schneier on Security

Last week, I hosted the eighteenth Workshop on the Economics of Information Security at Harvard. Ross Anderson liveblogged the talks.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Millions of Exim mail servers vulnerable to cyber attacks

Security Affairs

Millions of Exim mail servers are exposed to attacks due to a critical vulnerability that makes it possible for unauthenticated remote attackers to execute arbitrary commands. A critical vulnerability affects versions 4.87 to 4.91 of the Exim mail transfer agent (MTA) software. The flaw could be exploited by unauthenticated remote attackers to execute arbitrary commands on mail servers for some non-default server configurations.

article thumbnail

Millions of Linux Servers Under Worm Attack Via Exim Flaw

Threatpost

Attackers are exploiting a Linux Exim critical flaw to execute remote commands, download crypto miners and sniff out other vulnerable servers.

98
article thumbnail

Radiohead Dropped 18 Hours of Unreleased Music to Screw Pirates

WIRED Threat Level

You can listen to the _OK Computer_–era tracks right here.

Hacking 112
article thumbnail

Upcoming Speaking Engagements

Schneier on Security

This is a current list of where and when I am scheduled to speak: I'm speaking on " Securing a World of Physically Capable Computers " at Oxford University on Monday, June 17, 2019. The list is maintained on this page.

149
149
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Critical RCE affects older Diebold Nixdorf ATMs

Security Affairs

Automated teller machine vendor Diebold Nixdorf has released security updates to address a remote code execution vulnerability in older ATMs. Diebold Nixdorf discovered a remote code execution vulnerability in older ATMs and is urging its customers in installing security updates it has released to address the flaw. The vulnerability affects older Opteva model ATMs , Diebold Nixdorf will start notifying the customers next week.

Firewall 111
article thumbnail

Tomorrow's Cybersecurity Analyst Is Not Who You Think

Dark Reading

Organizations can't just rely on diverse and cutting-edge technologies to fight adversaries. They will also need people with diverse expertise and backgrounds.

article thumbnail

Jigsaw Bought a Russian Twitter Troll Campaign as an Experiment

WIRED Threat Level

In a controversial move, the Alphabet-owned tech firm played both sides of an online argument in Russia with the aim of testing disinformation-for-hire services.

111
111
article thumbnail

Going all-in on AWS Cloud

Thales Cloud Protection & Licensing

Virtually every major enterprise is moving to a cloud or multi-cloud environment as part of their digital transformation. In fact, according to our 2019 Thales Data Threat Report-Global Edition , 71% of respondents are using sensitive data in the cloud. This sensitive data as well as workloads in the cloud must be protected for compliance and security purposes.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

RAMBleed, a new Side-Channel Attack that allows stealing sensitive data

Security Affairs

Security researchers disclosed the details of RAMBleed, a new type of side-channel attack on DRAM that can allow stealing sensitive data from a memory. A team of academics from several universities has disclosed the details a new type of side-channel attack on dynamic random-access memory (DRAM), dubbed RAMBleed. The RAMBleed issue, tracked as CVE-2019-0174, could be used by attackers to potentially obtain from the system’s memory sensitive data. “ RAMBleed is based on a previous sid

article thumbnail

SQL Injection Attacks Represent Two-Third of All Web App Attacks

Dark Reading

When Local File Inclusion attacks are counted, nearly nine in 10 attacks are related to input validation failures, Akamai report shows.

96
article thumbnail

Hackers Stole a Border Agency Database of Traveler Photos

WIRED Threat Level

In compromising a Customs and Border Protection subcontractor, hackers make off with photos of travelers and license plates.

Hacking 110
article thumbnail

Ransomware: A Persistent Scourge Requiring Corporate Action Now

Threatpost

ASCO is the latest headline-making organization to be hit by ransomware, prompting many companies to consider what to do to minimize their risk.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!