Troy Hunt

JUNE 10, 2019

Back in 2013, I was beginning to get the sense that data breaches were becoming a big thing. The prevalence of them seemed to be really ramping up as was the impact they were having on those of us that found ourselves in them, myself included. Increasingly, I was writing about what I thought was a pretty fascinating segment of the infosec industry; password reuse across Gawker and Twitter resulting in a breach of the former sending Acai berry spam via the latter.

Data breaches 278

Data breaches Passwords InfoSec Accountability 278

The Last Watchdog

JUNE 10, 2019

Locking down firmware. This is fast becoming a profound new security challenge for all companies – one that can’t be pushed to a side burner. Related: The rise of ‘memory attacks’ I’m making this assertion as federal authorities have just commenced steps to remove and replace switching gear supplied, on the cheap, to smaller U.S. telecoms by Chinese tech giant Huawei.

Firmware 233

Firmware Cybersecurity Technology Engineering 233

Schneier on Security

JUNE 12, 2019

How in the world did I not know about this for three years? Researchers at the University of Tokyo have developed a robot that always wins at rock-paper-scissors. It watches the human player's hand, figures out which finger position the human is about to deploy, and reacts quickly enough to always win.

214

214

Krebs on Security

JUNE 12, 2019

Microsoft on Tuesday released updates to fix 88 security vulnerabilities in its Windows operating systems and related software. The most dangerous of these include four flaws for which there is already exploit code available. There’s also a scary bug affecting all versions of Microsoft Office that can be triggered by a malicious link or attachment.

Backups 189

Backups Malware Software Engineering 189

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Troy Hunt

JUNE 14, 2019

Well this was a big one. The simple stuff first - I'm back in Norway running workshops and getting ready for my absolute favourite event of the year, NDC Oslo. I'm also talking about Scott's Hack Yourself First UK Tour where he'll be hitting up Manchester, London and Glasgow with public workshops. Tickets are still available at those and it'll be your last chance for a long time to do that event in the UK.

Hacking 182

Hacking 182

Adam Levin

JUNE 14, 2019

Online invitation service Evite notified users about a data breach of user data that included names, usernames, email addresses, passwords, and mailing addresses. The company disclosed the breach following the release of the affected data on the dark web. A hacker claimed to have access to 10 million user accounts. “We became aware of a data security incident involving potential unauthorized access to our systems in April 2019.

Data breaches 114

Data breaches Passwords Accountability Technology 114

Adam Shostack

JUNE 13, 2019

I’m happy to say that some new research by Jay Jacobs, Wade Baker, and myself is now available, thanks to the Global Cyber Alliance. They asked us to look at the value of DNS security, such as when your DNS provider uses threat intel to block malicious sites. It’s surprising how effective it is for a tool that’s so easy to deploy. (Just point to a DNS server like 9.9.9.9).

DNS 113

DNS 113

Troy Hunt

JUNE 13, 2019

It's the Hack Yourself First UK Tour! I've been tweeting a bit about this over recent times and had meant to write about it earlier, but I've been a little busy of late. Last year, I asked good friend and fellow security person Scott Helme to help me out running my Hack Yourself First workshops. I was overwhelmed with demand and he was getting sensational reviews for the TLS workshops he was already running.

Hacking 159

Hacking 159

Security Affairs

JUNE 13, 2019

Encrypted messaging service Telegram was hit by a major DDoS attack apparently originated from China, likely linked to the ongoing political unrest in Hong Kong. Telegram was used by protesters in Hong Kong to evade surveillance and coordinate their demonstrations against China that would allow extraditions from the country to the mainland. The country is facing the worst political crisis ùsince its 1997 handover from Britain to China.

DDOS 111

DDOS Advertising Surveillance Encryption 111

Schneier on Security

JUNE 10, 2019

Interesting story of an old-school remote-deposit capture fraud scam, wrapped up in a fake employment scam. Slashdot thread.

Scams 205

Scams 205

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Thales Cloud Protection & Licensing

JUNE 12, 2019

As one of our recent blogs discussed, we are entering a new era of business – one that will see wholesale digital transformation drive a digital-first approach by businesses globally. And as our 2019 Thales Data Threat Report – Europe Edition recently revealed, many of these businesses become extremely vulnerable during digital transformation, with those in Europe being no different.

Digital transformation 102

Digital transformation Cybersecurity Encryption Threat Reports 102

Dark Reading

JUNE 13, 2019

Business email compromise attacks are growing in prevalence and creativity. Here's a look at how they work, the latest stats, and some recent horror stories.

Scams 110

Scams 110

Security Affairs

JUNE 8, 2019

A security researcher found new evidence of activities conducted by the ICEFOG APT group, also tracked by the experts as Fucobha. Chi-en (Ashley) Shen, a senior security researcher at FireEye, collected evidence that demonstrates that China-linked APT group ICEFOG (aka Fucobha ) is still active. Slides from my talk presented today at @CONFidenceConf – Into the Fog – The Return of ICEFOG APT.

Malware 111

Malware Government Advertising Banking 111

Schneier on Security

JUNE 11, 2019

Last week, I hosted the eighteenth Workshop on the Economics of Information Security at Harvard. Ross Anderson liveblogged the talks.

Information Security 193

Information Security 193

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Thales Cloud Protection & Licensing

JUNE 10, 2019

Virtually every major enterprise is moving to a cloud or multi-cloud environment as part of their digital transformation. In fact, according to our 2019 Thales Data Threat Report-Global Edition , 71% of respondents are using sensitive data in the cloud. This sensitive data as well as workloads in the cloud must be protected for compliance and security purposes.

Digital transformation 92

Digital transformation Encryption Threat Reports Software 92

Dark Reading

JUNE 14, 2019

Researchers at the Workshop on the Economics of Information Security highlight the cost savings of sharing cybersecurity data and push for greater access to information on breaches, attacks, and incidents.

Cybersecurity 93

Cybersecurity Information Security 93

Security Affairs

JUNE 10, 2019

Security expert discovered an exposed database belonging to Shanghai Jiao Tong University containing 8.4TB in email metadata. Cloudflare Director of Trust & Safety Justin Paine discovered an unprotected database owned by Shanghai Jiao Tong University that was exposed online. The Shanghai Jiao Tong University is considered one of the most prominent academic institution based in China.

Advertising 107

Advertising Authentication Hacking Data breaches 107

Schneier on Security

JUNE 14, 2019

This is a current list of where and when I am scheduled to speak: I'm speaking on " Securing a World of Physically Capable Computers " at Oxford University on Monday, June 17, 2019. The list is maintained on this page.

139

139

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

WIRED Threat Level

JUNE 14, 2019

The same hackers behind a potentially lethal 2017 oil refinery cyberattack are now sniffing at US electrical utility targets.

Hacking 107

Hacking 107

Dark Reading

JUNE 12, 2019

Organizations can't just rely on diverse and cutting-edge technologies to fight adversaries. They will also need people with diverse expertise and backgrounds.

Cybersecurity 96

Cybersecurity Technology 96

Security Affairs

JUNE 9, 2019

Millions of Exim mail servers are exposed to attacks due to a critical vulnerability that makes it possible for unauthenticated remote attackers to execute arbitrary commands. A critical vulnerability affects versions 4.87 to 4.91 of the Exim mail transfer agent (MTA) software. The flaw could be exploited by unauthenticated remote attackers to execute arbitrary commands on mail servers for some non-default server configurations.

Cyber Attacks 110

Cyber Attacks Advertising Hacking Software 110

Schneier on Security

JUNE 13, 2019

Citizen Lab just published an excellent report on the stalkerware industry.

Surveillance 203

Surveillance 203

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

WIRED Threat Level

JUNE 12, 2019

In a controversial move, the Alphabet-owned tech firm played both sides of an online argument in Russia with the aim of testing disinformation-for-hire services.

94

94

Dark Reading

JUNE 14, 2019

No organization can prioritize and mitigate hundreds of risks effectively. The secret lies in carefully filtering out the risks, policies, and processes that waste precious time and resources.

Cybersecurity 87

Cybersecurity Risk 87

Security Affairs

JUNE 9, 2019

Automated teller machine vendor Diebold Nixdorf has released security updates to address a remote code execution vulnerability in older ATMs. Diebold Nixdorf discovered a remote code execution vulnerability in older ATMs and is urging its customers in installing security updates it has released to address the flaw. The vulnerability affects older Opteva model ATMs , Diebold Nixdorf will start notifying the customers next week.

Firewall 109

Firewall Advertising Financial Services Software 109

Threatpost

JUNE 14, 2019

Attackers are exploiting a Linux Exim critical flaw to execute remote commands, download crypto miners and sniff out other vulnerable servers.

98

98

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

WIRED Threat Level

JUNE 14, 2019

In a strangely public product announcement, the phone-cracking firm revealed a powerful new device.

Hacking 109

Hacking 109

Dark Reading

JUNE 10, 2019

A one-man 419 scam evolved into a lucrative social-engineering syndicate over the past decade that conducts a combination of business email compromise, romance, and financial fraud.

Social Engineering 86

Social Engineering Cybercrime Scams Engineering 86

Security Affairs

JUNE 12, 2019

Security researchers disclosed the details of RAMBleed, a new type of side-channel attack on DRAM that can allow stealing sensitive data from a memory. A team of academics from several universities has disclosed the details a new type of side-channel attack on dynamic random-access memory (DRAM), dubbed RAMBleed. The RAMBleed issue, tracked as CVE-2019-0174, could be used by attackers to potentially obtain from the system’s memory sensitive data. “ RAMBleed is based on a previous sid

Advertising 107

Advertising Hacking Technology Information Security 107

Threatpost

JUNE 14, 2019

ASCO is the latest headline-making organization to be hit by ransomware, prompting many companies to consider what to do to minimize their risk.

Ransomware 89

Ransomware Risk Manufacturing Backups 89

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity