Troy Hunt

MARCH 21, 2018

There's no way to sugar-coat this: Have I Been Pwned (HIBP) only exists due to a whole bunch of highly illegal activity that has harmed many individuals and organisations alike. That harm extends all the way from those in data breaches feeling a sense of personal violation (that's certainly how I feel when I see my personal information exposed), all the way through to people literally killing themselves (there are many documented examples of this in the wake of the Ashley Madison breach).

Data breaches 179

Data breaches Government Media Passwords 179

Schneier on Security

MARCH 19, 2018

Last week, the Israeli security company CTS Labs published a series of exploits against AMD chips. The publication came with the flashy website , detailed whitepaper , cool vulnerability names -- RYZENFALL, MASTERKEY, FALLOUT, and CHIMERA -- and logos we've come to expect from these sorts of things. What's new is that the company only gave AMD a day's notice, which breaks with every norm about responsible disclosure.

174

174

Thales Cloud Protection & Licensing

MARCH 22, 2018

This blog was originally published on Business Reporter. To view the article, please click here. To see where the future of payments lies, we should look to its past. The concept of payment, at its most fundamental, is simply about people agreeing to exchange goods or services. A fair trade of one thing for another. Go back a few thousand years and the invention of money meant that food could be effectively turned into metal and stored for as long as needed, before being turned back into food ag

Banking 107

Banking Financial Services Accountability Technology 107

WIRED Threat Level

MARCH 19, 2018

In undercover videos filmed by Britain’s Channel 4 news, Cambridge Analytica executives appear to offer up various unsavory tactics to influence campaigns.

111

111

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Troy Hunt

MARCH 17, 2018

Last day of travel! The weekly update is out late due to a packed week which I endured whilst battling a cold as well which has made it pretty rough. But other than that, it was a fantastic week recording Pluralsight courses and meeting with some really cool tech companies which I talk about in the update. I also talk a lot about credential stuffing which is just becoming an absolutely massive issue at present and I'll write more on that from home next week.

Risk 115

Risk 115

Schneier on Security

MARCH 23, 2018

Some details about the iPhone unlocker from the US company Greyshift, with photos. Little is known about Grayshift or its sales model at this point. We don't know whether sales are limited to US law enforcement, or if it is also selling in other parts of the world. Regardless of that, it's highly likely that these devices will ultimately end up in the hands of agents of an oppressive regime, whether directly from Grayshift or indirectly through the black market.

Marketing 140

Marketing Engineering 140

WIRED Threat Level

MARCH 21, 2018

Despite the repeated privacy lapses, Facebook offers a fairly robust set of tools to control who knows what about you.

Accountability 111

Accountability 111

Troy Hunt

MARCH 22, 2018

Home again which means more time to blog and per the intro to this week's update, time to catch up on how HIBP is tracking. Here's the 2 tweets with some stats I mention at the start of this week's update: It's been almost a month since I launched Pwned Passwords V2. In that time, @cloudflare has served 156TB from their cache thus keeping the traffic off my origin.

Passwords 115

Passwords 115

Schneier on Security

MARCH 21, 2018

Interesting paper " A first look at browser-based cryptojacking ": Abstract : In this paper, we examine the recent trend towards in-browser mining of cryptocurrencies; in particular, the mining of Monero through Coinhive and similar code-bases. In this model, a user visiting a website will download a JavaScript code that executes client-side in her browser, mines a cryptocurrency, typically without her consent or knowledge, and pays out the seigniorage to the website.

Cryptocurrency 136

Cryptocurrency Advertising Marketing 136

Elie

MARCH 17, 2018

This post provides an in-depth analysis of the inner workings of Gooligan, the infamous Android OAuth stealing botnet. This is the second post of a series dedicated to the hunt and takedown of Gooligan that we did at Google, in collaboration with Check Point, in November 2016. The. first post. recounts Gooligan’s origin story and provides an overview of how it works.

Encryption 82

Encryption Malware Marketing Manufacturing 82

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

WIRED Threat Level

MARCH 19, 2018

You give Facebook all of your data in exchange for using their service—an exchange that seems increasingly out of whack.

106

106

eSecurity Planet

MARCH 21, 2018

Next-gen firewalls, UTMs, web application firewalls, cloud-based firewalls, container firewalls and more: Everything you need to know about firewalls.

Firewall 80

Firewall 80

Schneier on Security

MARCH 23, 2018

Zeynep Tufekci is particularly cogent about Facebook and Cambridge Analytica. Several news outlets asked me to write about this issue. I didn't, because 1) my book manuscript is due on Monday (finally!), and 2) I knew Zeynep would say what I would say, only better.

130

130

Elie

MARCH 17, 2018

This post provides an in-depth analysis of the inner workings of Gooligan, the infamous Android OAuth stealing botnet. This is the second post of a series dedicated to the hunt and takedown of Gooligan that we did at Google, in collaboration with Check Point, in November 2016. The. first post. recounts Gooligan’s origin story and provides an overview of how it works.

Encryption 82

Encryption Malware Marketing Manufacturing 82

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

WIRED Threat Level

MARCH 23, 2018

A new indictment asserts a long string of attacks against hundreds of universities and private companies, in which Iran pilfered more than $3 billion worth of intellectual property.

87

87

Dark Reading

MARCH 21, 2018

The new division of responsibility moves some security concerns off a business's plate while changing priorities for other risks.

Risk 78

Risk 78

Schneier on Security

MARCH 22, 2018

Interesting analysis and speculation.

Engineering 186

Engineering 186

Threatpost

MARCH 21, 2018

Netflix opens up bug bounty program to all white hat hackers and ups the ante for bugs to as much as $15,000.

Hacking 82

Hacking 82

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

WIRED Threat Level

MARCH 23, 2018

On Friday, after months of silence, Tumblr named 84 accounts it says were devoted to spreading propaganda and disinformation on the platform.

Accountability 94

Accountability 94

Spinone

MARCH 22, 2018

Gurnick Academy of Medical Arts is a private nursing school in California with around 400 employees and over 2,000 students. A few months ago the school faced a data loss disaster caused by Ransomware when an instructor inadvertently infected his classroom computer with the virus that had been brought from home on a USB drive. When […] The post Google Workspace for Education: Ransomware Protection Case first appeared on SpinOne.

Education 52

Education Ransomware Threat Detection 52

Schneier on Security

MARCH 20, 2018

A good warning , delivered in classic Dan Geer style.

Risk 122

Risk Cybersecurity 122

Threatpost

MARCH 20, 2018

AMD on Tuesday acknowledged several vulnerabilities that had been reported in its Ryzen and EPYC chips, and said that it would roll out PSP firmware patches in the coming week.

Firmware 61

Firmware 61

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

WIRED Threat Level

MARCH 20, 2018

Alphabet tech incubator Jigsaw wants to make it easy to run your own, more private virtual private network.

VPN 107

VPN Software 107

Dark Reading

MARCH 19, 2018

DragonFly hacking team that targeted US critical infrastructure compromised a network router as part of its attack campaign against UK energy firms last year.

Hacking 59

Hacking 59

Elie

MARCH 18, 2018

In-depth research publications, industry talks and blog posts about Google security, research at Google and cybersecurity in general in open-access.

Cybersecurity 48

Cybersecurity 48

Threatpost

MARCH 20, 2018

Popular secure messaging service Telegram loses battle with Russian courts and now must hand over encryption keys or face being blocked from the country.

Encryption 66

Encryption Mobile Government 66

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

WIRED Threat Level

MARCH 18, 2018

Spectre fixes forced browsers to break the compatibility covenant of the web. Other unchecked technologies could cause even deeper damage.

Technology 86

Technology 86

Dark Reading

MARCH 22, 2018

Man-in-the-browser attacks targeting Blockchain.info and Coinbase websites, SecurityScorecard says.

Cryptocurrency 75

Cryptocurrency 75

Privacy and Cybersecurity Law

MARCH 23, 2018

On March 14, 2018, IBM Security announced the results of a new global study on organizational cybersecurity readiness and resiliency entitled “The 2018 Cyber Resilient Organization.” The new survey includes insights from more than 2,800 security and IT professionals, and makes clear that cybersecurity readiness and resilience remain a critical challenge for businesses worldwide: 77% of respondents admit they do not have a formal cybersecurity incident response plan applied consisten

Cybersecurity 40

Cybersecurity Data breaches Artificial Intelligence IoT 40

Threatpost

MARCH 22, 2018

Drupal is giving developers ample time to prepare for an update that patches a “highly critical” flaw because exploits might be developed within hours or days of disclosure.

58

58

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity