Sat.Nov 18, 2017 - Fri.Nov 24, 2017

article thumbnail

Websites Use Session-Replay Scripts to Eavesdrop on Every Keystroke and Mouse Movement

Schneier on Security

The security researchers at Princeton are posting. You may know that most websites have third-party analytics scripts that record which pages you visit and the searches you make. But lately, more and more sites use "session replay" scripts. These scripts record your keystrokes, mouse movements, and scrolling behavior, along with the entire contents of the pages you visit, and send them to third-party servers.

article thumbnail

I'm Testifying in Front of Congress in Washington DC about Data Breaches - What Should I Say?

Troy Hunt

There's a title I never expected to write! But it's exactly what it sounds like and on Thursday next week, I'll be up in front of US congress on the other side of the world testifying about the impact of data breaches. It's an amazing opportunity to influence decision makers at the highest levels of government and frankly, I don't want to stuff it up which is why I'm asking the question - what should I say?

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

'Vapor Wake' Explosive-Sniffing Dogs Help Protect the Thanksgiving Day Parade

WIRED Threat Level

This year, a team of Labrador retrievers trained to sniff out body-worn explosives will help lock down NYC's Macy's Thanksgiving Day Parade.

111
111
article thumbnail

‘Tis the season for proliferating payment options…and risk

Thales Cloud Protection & Licensing

It’s hard to believe that the holiday season is already upon us with both the biggest online and offline shopping events just around the corner. The one-two punch of Black Friday and Cyber Monday are the highest volume shopping days of the year and finding the best deals can be a hobby in itself. In 2016, 108.5 million Americans shopped online over the long weekend.

Risk 90
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Vulnerability in Amazon Key

Schneier on Security

Amazon Key is an IoT door lock that can enable one-time access codes for delivery people. To further secure that system, Amazon sells Cloud Cam, a camera that watches the door to ensure that delivery people don't abuse their one-time access privilege. Cloud Cam has been hacked : But now security researchers have demonstrated that with a simple program run from any computer in Wi-Fi range, that camera can be not only disabled but frozen.

IoT 169
article thumbnail

Weekly Update 62 (Rockhampton Edition)

Troy Hunt

This is going to be a couple of weeks of polar opposite updates: This week I'm in Rockhampton, a regional centre in my home state where I'm surrounded by gum trees, chirping birds and a croc-invested river. Next week will be Washington DC where I'll have just finished testifying in front of US Congress. Whoa. That's the big story this week. This year.

More Trending

article thumbnail

Samsung Pay Leaks Mobile Device Information

Dark Reading

Researcher at Black Hat Europe will show how Samsung Pay's security falls short and ways attackers could potentially bypass it.

Mobile 80
article thumbnail

Amazon Creates Classified US Cloud

Schneier on Security

Amazon has a cloud for U.S. classified data. The physical and computer requirements for handling classified information are considerable, both in terms of technology and procedure. I am surprised that a company with no experience dealing with classified data was able to do it.

article thumbnail

Key Findings from the 2017 Thales Encryption Trends Study: Australia

Thales Cloud Protection & Licensing

Security: moving up the executive stack. The last few years will be remembered for frequent, large and damaging data breaches. They’ve impacted big business and small, private and public organisations, in Australia and around the world. When it comes to data security, hackers don’t discriminate. This has made senior executives everywhere sit up and take notice, with companies concerned about being compromised and becoming tomorrow’s news headline.

article thumbnail

What Amazon Echo and Google Home Do With Your Voice Data—And How to Delete It

WIRED Threat Level

Like the idea of Amazon Echo and Google Home, but feel uneasy about all that recording? Here's what they listen to—and how to delete it.

111
111
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

DDoS Attack Attempts Doubled in 6 Months

Dark Reading

Organizations face an average of eight attempts a day, up from an average of four per day at the beginning of this year.

DDOS 78
article thumbnail

Mozilla's Guide to Privacy-Aware Christmas Shopping

Schneier on Security

Mozilla reviews the privacy practices of Internet-connected toys, home accessories, exercise equipment, and more.

Internet 140
article thumbnail

HP to Patch Bug Impacting 50 Enterprise Printer Models

Threatpost

HP said dozens of enterprise-class printer models will receive a patch for an arbitrary code execution vulnerability sometime this week.

Malware 66
article thumbnail

Intel Management Engine Flaws Leave Millions of PCs Exposed

WIRED Threat Level

Security experts have warned of Intel's Management Engine for years. A new set of confirmed vulnerabilities that impact PCs, servers, and IoT devices shows they may have been right.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

6 Real Black Friday Phishing Lures

Dark Reading

As the mega-shopping day approaches, here's a look at six examples of phishing attacks - and ways to avoid taking the bait.

article thumbnail

The Hay CFP Management Method – Part 2

Andrew Hay

I’ve had a lot of positive feedback from my first post which explained how to create the Trello board to track your Call For Paper (CFP) due dates, submissions, and results. In this post, I’ll explain how to create the cards and populate them with the required data to better manage your CFP pipeline. To start your first card click the ‘Add a card…’ link in the CFP Open swim lane.

65
article thumbnail

Ten Top Next-Generation Firewall (NGFW) Vendors

eSecurity Planet

Next-generation firewalls (NGFW) are essential to IT security and make up a $10 billion market. We review ten of the best.

article thumbnail

The US Global Engagement Center's Fight Against Russian Propaganda Has Barely Started

WIRED Threat Level

Former staffers of the State Department's Global Engagement Center, tasked with fighting propaganda, say that 'administrative incompetence' has hamstrung efforts.

106
106
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Uber Paid Hackers $100K to Conceal 2016 Data Breach

Dark Reading

The ride-sharing company has confirmed an October 2016 data breach that compromised 57 million accounts.

article thumbnail

Key Findings from the 2017 Thales Encryption Trends Study: Australia

Thales Cloud Protection & Licensing

Security: moving up the executive stack. The last few years will be remembered for frequent, large and damaging data breaches. They’ve impacted big business and small, private and public organisations, in Australia and around the world. When it comes to data security, hackers don’t discriminate. This has made senior executives everywhere sit up and take notice, with companies concerned about being compromised and becoming tomorrow’s news headline.

article thumbnail

Intel Patches CPU Bugs Impacting Millions of PCs, Servers

Threatpost

Intel released eight patches for vulnerabilities in remote management software and firmware that could allow local adversaries to elevate privileges, run arbitrary code, crash systems and eavesdrop on communications.

article thumbnail

Stopping Robocalls Will Soon Be Easier Than Ever

WIRED Threat Level

US consumers suffer 80 million robocalls a day. But a new crackdown—along with some clever apps—could help put a lid on your biggest mobile nuisance.

Mobile 106
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Intel Firmware Flaws Found

Dark Reading

Another big firmware security issue affecting Intel processors, requires OEM updates.

article thumbnail

Profile of the Month: Ashvin Kamaraju, Global Vice President of Engineering

Thales Cloud Protection & Licensing

“I did not plan my foray into security,” says Ashvin Kamaraju who, to date, has racked up an impressive seven-year tenure at Thales eSecurity. With a background in operating systems, file systems and storage, Ashvin was initially hired to help scale products in those areas. In the process, he developed an interest and expertise in data security. Ashvin has certainly traveled an unconventional path into a leadership role in enterprise security (believe it or not, he holds undergraduate and gradua

article thumbnail

Kali Linux 2017.3 Release

Kali Linux

We are pleased to announce the immediate availability of Kali Linux 2017.3 , which includes all patches, fixes, updates, and improvements since our last release. In this release, the kernel has been updated to 4.13.10 and it includes some notable improvements: CIFS now uses SMB 3.0 by default EXT4 directories can now contain 2 billion entries instead of the old 10 million limit TLS support is now built into the kernel itself In addition to the new kernel and all of the updates and fixes we pull

article thumbnail

Artificial Intelligence Can Hunt Down Missile Sites in China Hundreds of Times Faster Than Humans

WIRED Threat Level

Teaching deep learning algorithms to find surface-to-air missile sites and much more in satellite images.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Time to Pull an Uber and Disclose your Data Breach Now

Dark Reading

There is never a good time to reveal a cyber attack. But with EU's GDPR looming, the fallout is only going to get harder and more expensive if you wait.

article thumbnail

Uber Reveals 2016 Breach of 57 Million User Accounts

Threatpost

Uber CEO said a 2016 data breach that exposed 57 million Uber user accounts and a subsequent payment of $100,000 to a hacker to delete data and keep it a secret is inexcusable.

article thumbnail

Cisco Firepower NGFW: Firewall Overview and Analysis

eSecurity Planet

We review Cisco Firepower NGFW, an integrated next-gen firewall that works with a broad set of security services.

article thumbnail

The Pentagon Left Data Exposed in the Cloud

WIRED Threat Level

Face ID, WikiLeaks, and more of this week's top security news.

93
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!