Troy Hunt

JUNE 25, 2018

Pretty much every day, I get a reminder from someone about how little people know about their exposure in data breaches. Often, it's after someone has searched Have I Been Pwned (HIBP) and found themselves pwned somewhere or other. Frequently, it's some long-forgotten site they haven't even thought about in years and also frequently, the first people know of these incidents is via HIBP: large @ticketfly data breach. thanks @troyhunt for the excellent @haveibeenpwned service that notifies users o

Passwords 272

Passwords Data breaches Password Management Accountability 272

Schneier on Security

JUNE 27, 2018

The IEEE came out in favor of strong encryption: IEEE supports the use of unfettered strong encryption to protect confidentiality and integrity of data and communications. We oppose efforts by governments to restrict the use of strong encryption and/or to mandate exceptional access mechanisms such as "backdoors" or "key escrow schemes" in order to facilitate government access to encrypted data.

Encryption 248

Encryption Government 248

Krebs on Security

JUNE 28, 2018

Many people, particularly older folks, proudly declare they avoid using the Web to manage various accounts tied to their personal and financial data — including everything from utilities and mobile phones to retirement benefits and online banking services. The reasoning behind this strategy is as simple as it is alluring: What’s not put online can’t be hacked.

Banking 215

Banking Accountability Mobile Media 215

The Last Watchdog

JUNE 28, 2018

The use of an additional form of authentication to protect the accessing of a sensitive digital system has come a long way over the past decade and a half. Most individuals today are nonplussed when required, under certain circumstances, to retrieve a one-time passcode, pushed out in a text message to their smartphone, and then typing the passcode to gain access to a privileged account.

Authentication 154

Authentication Digital transformation Mobile Technology 154

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Troy Hunt

JUNE 27, 2018

HTTPS is easy! In fact, it's so easy I decided to create 4 short videos around 5 minutes each to show people how to enable HTTPS on their site and get all traffic redirecting securely, optimise their HTTPS configuration to get it rating higher than most banks, fix any insecure references in a few clicks and finally, secure all the traffic all the way back to their website.

Encryption 172

Encryption Banking 172

Schneier on Security

JUNE 29, 2018

Here's some interesting research about how we perceive threats. Basically, as the environment becomes safer we basically manufacture new threats. From an essay about the research: To study how concepts change when they become less common, we brought volunteers into our laboratory and gave them a simple task ­-- to look at a series of computer-generated faces and decide which ones seem "threatening.

Manufacturing 176

Manufacturing Risk 176

Adam Levin

JUNE 29, 2018

If the reports are accurate, a Florida-based marketing and data company exposed sensitive personal data belonging to 340 million records. The gravity of the situation is yet to be confirmed or even discussed by Exactis, but the leak is estimated to include 230 million consumers and 110 million businesses. If confirmed, this breach involves basically everyone in the United States.

Marketing 120

Marketing Surveillance Scams Accountability 120

Troy Hunt

JUNE 29, 2018

Geez it's nice to be home! I took a ride on the jet ski today which was just one of those typically perfect Gold Coast winters days at a balmy 24C. I cruised around the ocean with a pod of dolphins (probably a dozen of them), grabbed some prawns for lunch (not those "shrimp" you get other places, proper big prawns ), then sat down here and enjoyed the serenity: I’ve really gotta stay home more ??

Passwords 117

Passwords IoT 117

Schneier on Security

JUNE 28, 2018

The Norwegian Consumer Council just published an excellent report on the deceptive practices tech companies use to trick people into giving up their privacy. From the executive summary: Facebook and Google have privacy intrusive defaults, where users who want the privacy friendly option have to go through a significantly longer process. They even obscure some of these settings so that the user cannot know that the more privacy intrusive option was preselected.

Media 175

Media Accountability 175

WIRED Threat Level

JUNE 27, 2018

The leak may include data on hundreds of millions of Americans, with hundreds of details for each, from demographics to personal interests.

Marketing 112

Marketing 112

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

eSecurity Planet

JUNE 26, 2018

Stopping a DDoS attack quickly is critical for the survival of your business. Here are six ways you can stop a DDoS attack.

DDOS 111

DDOS 111

Adam Levin

JUNE 25, 2018

If Facebook’s ongoing privacy woes become any more regular, clocks may soon become obsolete. This week’s (first?) news about the increasingly leak-prone company (or increasingly transparent company when it comes to leaks?) has to do with an accident. Scratch that. What do you call an ongoing accident? Perhaps the correct answer, is Facebook. The company has been accidentally sending data from apps that run on their platform to testers (people who use beta versions of the apps to identify bugs),

Government 108

Government Accountability 108

Schneier on Security

JUNE 26, 2018

Last week, a story was going around explaining how to brute-force an iOS password. Basically, the trick was to plug the phone into an external keyboard and trying every PIN at once: We reported Friday on Hickey's findings, which claimed to be able to send all combinations of a user's possible passcode in one go, by enumerating each code from 0000 to 9999, and concatenating the results in one string with no spaces.

Passwords 163

Passwords Marketing Engineering Government 163

WIRED Threat Level

JUNE 26, 2018

Trump’s call for a “Space Force” escalates a quiet, dangerous contest between the US, China, and Russia—one whose consequences no one really understands.

111

111

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Adam Shostack

JUNE 28, 2018

Continuum has released a video of me and Stuart Winter-Tear in conversation at the Open Security Summit: “At the recent Open Security Summit we had the great pleasure of interviewing Adam Shostack about his keynote presentation “A seat at the table” and the challenge of getting security involved in product and application design. We covered numerous topics from the benefits brought to business by threat modeling to pooping unicorns.

100

100

Adam Levin

JUNE 28, 2018

Event ticketing giant Ticketmaster UK experienced an ongoing data breach affecting 40,000 people over the last several months, many of whom have since fallen victim to scams. The breach was disclosed by the company on June 23, and included a full range of customer information, including names, addresses, phone numbers, payment data, logins and passwords.

Data breaches 103

Data breaches Scams Banking Cybersecurity 103

Schneier on Security

JUNE 25, 2018

We're starting to see research into designing speculative execution systems that avoid Spectre- and Meltdown-like security problems. Here's one. I don't know if this particular design secure. My guess is that we're going to see several iterations of design and attack before we settle on something that works. But it's good to see the research results emerge.

131

131

WIRED Threat Level

JUNE 28, 2018

The law will give Californians more control over the data that companies collect on them than ever before.

111

111

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Adam Shostack

JUNE 25, 2018

The decision in Carpenter v. United States is an unusually positive one for privacy. The Supreme Court ruled that the government generally can’t access historical cell-site location records without a warrant. (SCOTUS Blog links to court documents. The court put limits on the “third party” doctrine, and it will be fascinating to see how those limits play out.

Mobile 100

Mobile Government 100

Adam Levin

JUNE 27, 2018

Hackers may be in your phone right now (or your tablet). Think it’s not possible because your connected device is performing well? Think again. These hacks are discreet, using your device’s computing power to commit crimes. In a study commissioned by Distil Networks entitled “ Mobile Bots: The Next Evolution of Bad Bots ” it was determined that as many as 5.8 percent of all mobile devices worldwide have been infected with bots, a kind of malware that parasitically uses the computing power of its

Mobile 100

Mobile Malware Hacking Cybersecurity 100

Dark Reading

JUNE 25, 2018

The Wi-Fi Alliance officially launches its latest protocol, which offers new capabilities for personal, enterprise, and IoT wireless networks.

Wireless 92

Wireless Authentication Encryption IoT 92

WIRED Threat Level

JUNE 25, 2018

With better password security and idiot-proof IoT connections, WPA3 will make your internet experience much, much safer.

IoT 111

IoT Passwords Internet Internet 111

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

eSecurity Planet

JUNE 26, 2018

A DDoS attack can be costly for your business, so it's best not to give the bad guys a chance. Here are 6 ways you can prevent DDoS attacks.

DDOS 74

DDOS 74

Adam Levin

JUNE 25, 2018

South Carolina became the first state to pass a law requiring all insurance entities to create and maintain a cybersecurity and data breach response program. . Among the law’s provisions is a requirement to notify the state government within 72 hours in the event of a breach or cybersecurity event affecting 250 or more people, the protection of policyholder’s personally identifiable information, and an annual statement detailing their breach response plan. .

Insurance 100

Insurance Cybersecurity Data breaches Government 100

Dark Reading

JUNE 29, 2018

Stalkers, fraudsters, saboteurs, and all nature of malicious insiders have put the hurt on some very high-profile employers.

78

78

WIRED Threat Level

JUNE 27, 2018

From *Carpenter v. United States* to a landmark bill in California, privacy advocates sense a shift in what people will accept from Facebook, mobile carriers, and more.

Mobile 109

Mobile 109

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Thales Cloud Protection & Licensing

JUNE 28, 2018

Results from the 2018 Thales Data Threat Report. *Source – Dataset for 2018 Thales Data Threat Report. High SaaS usage – and with Sensitive Data. In the 2018 Thales Data Threat Report , one fact that came through very clearly is that SaaS usage by enterprises is high, and so is their use of SaaS with sensitive data. This sensitive data use in SaaS environments today is a real problem.

Encryption 54

Encryption Threat Reports Architecture Risk 54

eSecurity Planet

JUNE 25, 2018

VIDEO: Dmitri Alperovitch, co-founder and CTO of CrowdStrike, says simply focusing on malware prevention isn't enough for modern cybersecurity.

Cybersecurity 52

Cybersecurity Malware 52

Dark Reading

JUNE 26, 2018

Users can search breach data in a new tool called Firefox Monitor and check if passwords have been exposed in 1Password on the Web.

Passwords 76

Passwords 76

WIRED Threat Level

JUNE 29, 2018

The ACLU has been trying to challenge the NSA's bulk surveillance for years. A hearing in *Wikimedia v. NSA* Friday could mark a breakthrough.

Surveillance 101

Surveillance 101

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity