Schneier on Security

MARCH 22, 2018

Interesting analysis and speculation.

Engineering 202

Engineering 202

Troy Hunt

MARCH 21, 2018

There's no way to sugar-coat this: Have I Been Pwned (HIBP) only exists due to a whole bunch of highly illegal activity that has harmed many individuals and organisations alike. That harm extends all the way from those in data breaches feeling a sense of personal violation (that's certainly how I feel when I see my personal information exposed), all the way through to people literally killing themselves (there are many documented examples of this in the wake of the Ashley Madison breach).

Data breaches 193

Data breaches Government Passwords Media 193

WIRED Threat Level

MARCH 21, 2018

Despite the repeated privacy lapses, Facebook offers a fairly robust set of tools to control who knows what about you.

Accountability 112

Accountability 112

Thales Cloud Protection & Licensing

MARCH 22, 2018

This blog was originally published on Business Reporter. To view the article, please click here. To see where the future of payments lies, we should look to its past. The concept of payment, at its most fundamental, is simply about people agreeing to exchange goods or services. A fair trade of one thing for another. Go back a few thousand years and the invention of money meant that food could be effectively turned into metal and stored for as long as needed, before being turned back into food ag

Banking 107

Banking Financial Services Accountability Technology 107

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Schneier on Security

MARCH 19, 2018

Last week, the Israeli security company CTS Labs published a series of exploits against AMD chips. The publication came with the flashy website , detailed whitepaper , cool vulnerability names -- RYZENFALL, MASTERKEY, FALLOUT, and CHIMERA -- and logos we've come to expect from these sorts of things. What's new is that the company only gave AMD a day's notice, which breaks with every norm about responsible disclosure.

183

183

Troy Hunt

MARCH 17, 2018

Last day of travel! The weekly update is out late due to a packed week which I endured whilst battling a cold as well which has made it pretty rough. But other than that, it was a fantastic week recording Pluralsight courses and meeting with some really cool tech companies which I talk about in the update. I also talk a lot about credential stuffing which is just becoming an absolutely massive issue at present and I'll write more on that from home next week.

Risk 119

Risk 119

Thales Cloud Protection & Licensing

MARCH 21, 2018

I was fortunate to be one of the presenters at SecureWorld’s recent web conference on “ Deploying Containers in the Age of GDPR.” I suggest you check it out. Here is a taste of what we discussed. A real-time poll of webinar participants asked how ready they think their organizations are for the GDPR deadline of May 25, 2018. It indicated 40% “are doing everything they know about and should be pretty much there.

Encryption 83

Encryption Risk 83

Schneier on Security

MARCH 23, 2018

Some details about the iPhone unlocker from the US company Greyshift, with photos. Little is known about Grayshift or its sales model at this point. We don't know whether sales are limited to US law enforcement, or if it is also selling in other parts of the world. Regardless of that, it's highly likely that these devices will ultimately end up in the hands of agents of an oppressive regime, whether directly from Grayshift or indirectly through the black market.

Marketing 149

Marketing Engineering 149

Troy Hunt

MARCH 22, 2018

Home again which means more time to blog and per the intro to this week's update, time to catch up on how HIBP is tracking. Here's the 2 tweets with some stats I mention at the start of this week's update: It's been almost a month since I launched Pwned Passwords V2. In that time, @cloudflare has served 156TB from their cache thus keeping the traffic off my origin.

Passwords 115

Passwords 115

WIRED Threat Level

MARCH 19, 2018

In undercover videos filmed by Britain’s Channel 4 news, Cambridge Analytica executives appear to offer up various unsavory tactics to influence campaigns.

112

112

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Threatpost

MARCH 21, 2018

Netflix opens up bug bounty program to all white hat hackers and ups the ante for bugs to as much as $15,000.

Hacking 82

Hacking 82

Schneier on Security

MARCH 21, 2018

Interesting paper " A first look at browser-based cryptojacking ": Abstract : In this paper, we examine the recent trend towards in-browser mining of cryptocurrencies; in particular, the mining of Monero through Coinhive and similar code-bases. In this model, a user visiting a website will download a JavaScript code that executes client-side in her browser, mines a cryptocurrency, typically without her consent or knowledge, and pays out the seigniorage to the website.

Cryptocurrency 143

Cryptocurrency Advertising Marketing 143

Elie

MARCH 17, 2018

This post provides an in-depth analysis of the inner workings of Gooligan, the infamous Android OAuth stealing botnet. This is the second post of a series dedicated to the hunt and takedown of Gooligan that we did at Google, in collaboration with Check Point, in November 2016. The. first post. recounts Gooligan’s origin story and provides an overview of how it works.

Encryption 82

Encryption Malware Marketing Manufacturing 82

WIRED Threat Level

MARCH 19, 2018

You give Facebook all of your data in exchange for using their service—an exchange that seems increasingly out of whack.

111

111

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Dark Reading

MARCH 21, 2018

The new division of responsibility moves some security concerns off a business's plate while changing priorities for other risks.

Risk 78

Risk 78

Schneier on Security

MARCH 23, 2018

Zeynep Tufekci is particularly cogent about Facebook and Cambridge Analytica. Several news outlets asked me to write about this issue. I didn't, because 1) my book manuscript is due on Monday (finally!), and 2) I knew Zeynep would say what I would say, only better.

136

136

Elie

MARCH 17, 2018

This post provides an in-depth analysis of the inner workings of Gooligan, the infamous Android OAuth stealing botnet. This is the second post of a series dedicated to the hunt and takedown of Gooligan that we did at Google, in collaboration with Check Point, in November 2016. The. first post. recounts Gooligan’s origin story and provides an overview of how it works.

Encryption 82

Encryption Malware Marketing Manufacturing 82

WIRED Threat Level

MARCH 23, 2018

On Friday, after months of silence, Tumblr named 84 accounts it says were devoted to spreading propaganda and disinformation on the platform.

Accountability 110

Accountability 110

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Dark Reading

MARCH 22, 2018

Man-in-the-browser attacks targeting Blockchain.info and Coinbase websites, SecurityScorecard says.

Cryptocurrency 75

Cryptocurrency 75

Schneier on Security

MARCH 20, 2018

A good warning , delivered in classic Dan Geer style.

Risk 127

Risk Cybersecurity 127

Threatpost

MARCH 20, 2018

Popular secure messaging service Telegram loses battle with Russian courts and now must hand over encryption keys or face being blocked from the country.

Encryption 66

Encryption Mobile Government 66

WIRED Threat Level

MARCH 20, 2018

Alexander Nix has been suspended until further notice and replaced by Cambridge's head of data, Alexander Tayler.

109

109

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

eSecurity Planet

MARCH 21, 2018

Next-gen firewalls, UTMs, web application firewalls, cloud-based firewalls, container firewalls and more: Everything you need to know about firewalls.

Firewall 64

Firewall 64

Dark Reading

MARCH 22, 2018

Syncing security and product development early is now a "must do.

64

64

Threatpost

MARCH 20, 2018

Security experts are calling for a higher prioritization of data security in the wake of Facebook's Cambridge Analytica scandal.

Media 66

Media Data privacy 66

WIRED Threat Level

MARCH 23, 2018

With $380 million in the spending bill earmarked for securing digital elections, the time for talk is over.

107

107

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Spinone

MARCH 22, 2018

Gurnick Academy of Medical Arts is a private nursing school in California with around 400 employees and over 2,000 students. A few months ago the school faced a data loss disaster caused by Ransomware when an instructor inadvertently infected his classroom computer with the virus that had been brought from home on a USB drive. When […] The post Google Workspace for Education: Ransomware Protection Case first appeared on SpinOne.

Education 52

Education Ransomware Threat Detection 52

Dark Reading

MARCH 22, 2018

Implementing basic security hygiene can go a long way in ensuring your systems and website don't get hijacked.

61

61

Threatpost

MARCH 21, 2018

Orbitz said Tuesday a breach of both its consumer and partner platform may have led to the disclosure of 880,000 payment cards.

Data breaches 64

Data breaches 64

WIRED Threat Level

MARCH 23, 2018

A new indictment asserts a long string of attacks against hundreds of universities and private companies, in which Iran pilfered more than $3 billion worth of intellectual property.

106

106

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity