Troy Hunt

APRIL 23, 2018

Remember the anti-piracy campaign from years back about "You Wouldn't Steal a Car"? This was the rather sensationalist piece put together by the Motion Picture Association of America in an attempt to draw parallels between digital piracy and what they viewed as IRL ("In Real Life") equivalents. Here's a quick recap: The very premise that the young girl sitting in her bedroom in the opening scene is in any way relatable to the guy in the dark alley sliding a slim jim down the Merc

Internet 208

Internet Internet Penetration Testing Hacking 208

Schneier on Security

APRIL 23, 2018

Russia has banned the secure messaging app Telegram. It's making an absolute mess of the ban -- blocking 16 million IP addresses , many belonging to the Amazon and Google clouds -- and it's not even clear that it's working. But, more importantly, I'm not convinced Telegram is secure in the first place. Such a weird story. If you want secure messaging, use Signal.

Encryption 184

Encryption 184

WIRED Threat Level

APRIL 25, 2018

Ray Ozzie thinks his Clear method for unlocking encrypted devices can attain the impossible: It satisfies both law enforcement and privacy purists.

Encryption 107

Encryption 107

Elie

APRIL 23, 2018

This post looks at the main challenges that arise when training a classifier to combat fraud and abuse. At a high level, what makes training a classifier to detect fraud and abuse unique is that it deals with data generated by an adversary that actively attempts to evade detection. Sucessfully training a classifier is such adversarial settings requires to overcome the following four challenges: Non stationarity.

Phishing 90

Phishing Accountability Architecture Software 90

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Troy Hunt

APRIL 27, 2018

When I launched Pwned Passwords in August , I honestly didn't know how much it would be used. I made 320M SHA-1 password hashes downloadable and also stood up an API to query the data "as a service" by either a plain text password or a SHA-1 hash. (Incidentally, for anyone about to lose their mind over SHA-1, read that launch post as to why that hashing algorithm is used.

Passwords 186

Passwords 186

Schneier on Security

APRIL 25, 2018

The ISO has rejected two symmetric encryption algorithms: SIMON and SPECK. These algorithms were both designed by the NSA and made public in 2013. They are optimized for small and low-cost processors like IoT devices. The risk of using NSA-designed ciphers, of course, is that they include NSA-designed backdoors. Personally, I doubt that they're backdoored.

IoT 174

IoT Encryption Technology Risk 174

Elie

APRIL 23, 2018

This post looks at the four main challenges that arise when training a classifier to combat fraud and abuse. This is the second post of a series of four that is dedicated to provide a concise overview of how to harness AI to build robust anti-abuse protections. The first post. explains why AI is key to build robust anti-defenses that keep up with user expectations and increasingly sophisticated attackers.

Phishing 90

Phishing Data collection Accountability Architecture 90

Troy Hunt

APRIL 27, 2018

This week. I'm tired. A two-day remote workshop on London hours meant very unfriendly times for me here in Aus but hey, it beats jet lag! So just a very short intro this time, I recorded the update this morning whilst I was rather a lot more awake so I'll let that do the talking. Enjoy! iTunes podcast | Google Play Music podcast | RSS podcast. Reference.

Backups 119

Backups 119

Schneier on Security

APRIL 27, 2018

This seems like an absolute disaster: The very short version is that a UK bank, TSB, which had been merged into and then many years later was spun out of Lloyds Bank, was bought by the Spanish bank Banco Sabadell in 2015. Lloyds had continued to run the TSB systems and was to transfer them over to Sabadell over the weekend. It's turned out to be an epic failure, and it's not clear if and when this can be straightened out.

Banking 168

Banking Accountability 168

WIRED Threat Level

APRIL 25, 2018

Researchers found—and helped fix—a flaw in Vingcard RFID locks that would let hackers break into any room in hotels around the world.

107

107

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Thales Cloud Protection & Licensing

APRIL 23, 2018

By Peter Galvin, Chief Strategy & Marketing Officer, Thales eSecurity. Today, organizations are rapidly adopting cloud technology. Many organizations have implemented a cloud first philosophy, requiring that any new applications or IT investments start with the cloud. And not just one cloud, but organizations are investing in multiple clouds and SaaS applications.

Digital transformation 75

Digital transformation Encryption Technology Big data 75

Threatpost

APRIL 24, 2018

The Ukrainian Energy Ministry has been hit by a ransomware attack – and for once it looks like this is the work of amateurs, not nation-state attackers bent on making a geopolitical point. However, the bad actors appear to have made use of the recently patched Drupal vulnerability, pointing out yet once again that patch […].

Ransomware 67

Ransomware Government Hacking 67

Schneier on Security

APRIL 24, 2018

" Do Not Disturb " is a Macintosh app that send an alert when the lid is opened. The idea is to detect computer tampering. Wire article : Do Not Disturb goes a step further than just the push notification. Using the Do Not Disturb iOS app, a notified user can send themselves a picture snapped with the laptop's webcam to catch the perpetrator in the act, or they can shut down the computer remotely.

123

123

WIRED Threat Level

APRIL 22, 2018

The mythical creature's popularity says a lot about the psychology of password creation.

Passwords 109

Passwords 109

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Thales Cloud Protection & Licensing

APRIL 25, 2018

Jim DeLorenzo, Solutions Marketing Manager, Thales eSecurity. By now, few businesses can be unaware that there is just one month to go until the EU General Data Protection Regulation, better known as the GDPR, comes into force. Perhaps the most comprehensive data privacy standard ever introduced, the GDPR will impact every individual and business that is either a ‘controller’ or ‘processor’ of EU citizens’ personal data.

Encryption 63

Encryption Data breaches Data privacy Risk 63

Threatpost

APRIL 25, 2018

Researchers discovered a flaw in Amazon’s Alexa virtual assistant that enabled them to eavesdrop on consumers with smart devices – and automatically transcribe every word said.

Hacking 66

Hacking IoT 66

Schneier on Security

APRIL 23, 2018

This acoustic technology identifies individuals by their ear shapes. No information about either false positives or false negatives.

Technology 127

Technology 127

WIRED Threat Level

APRIL 27, 2018

Joy Reid may have very well been the target of a malicious breach. Or she's just the latest person to blame hackers for her past mistakes.

88

88

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Elie

APRIL 23, 2018

In-depth research publications, industry talks and blog posts about Google security, research at Google and cybersecurity in general in open-access.

Cybersecurity 62

Cybersecurity 62

Threatpost

APRIL 24, 2018

A freshly minted attack group dubbed Orangeworm has been uncovered, deploying a custom backdoor in mostly healthcare-related environments. It’s bent on laser-focused, comprehensive corporate espionage, with a noisy attack vector that shows that it’s unlikely to be related to nation-state actors. Researchers first found Orangeworm in the form of an interesting binary in 2016, and […].

Healthcare 65

Healthcare Malware 65

Schneier on Security

APRIL 24, 2018

Info on the coded signals used by the Colorado Rockies.

Encryption 173

Encryption 173

WIRED Threat Level

APRIL 23, 2018

Whether to pay ransomware is a complicated—and costly—calculation.

Ransomware 108

Ransomware 108

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Dark Reading

APRIL 26, 2018

As IAM companies try to stretch 'identity context' into all points of the cybersecurity market, identity is becoming 'its own solar system.

Marketing 73

Marketing Cybersecurity 73

Threatpost

APRIL 27, 2018

It's analyzing the server, operated by the North Korea-sponsored APT, which was used to control the global GhostSecret espionage campaign affecting 17 countries.

Government 55

Government Malware Hacking 55

Schneier on Security

APRIL 26, 2018

It's Lt. Gen. Paul Nakasone. I know nothing about him.

Cybersecurity 128

Cybersecurity 128

Thales Cloud Protection & Licensing

APRIL 23, 2018

RSA 2018 kicked off on a high note with Thales eSecurity’s annual partner/customer happy hour , and the week just got better from there. Our hard-working staff remained energetic and unflappable, as it juggled various roles: guiding conference attendees through the Cyber Escape Room; walking booth visitors through demos of the Thales eSecurity product line; managing giveaways (the URB-E scooter proved highly popular!

Healthcare 48

Healthcare Cyber threats Hacking Cybersecurity 48

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Dark Reading

APRIL 26, 2018

In an attempt to steal financial data, the attack bribes users with coupons in exchange for taking an online quiz.

Phishing 68

Phishing 68

Threatpost

APRIL 25, 2018

Webstresser[.]org, a DDoS-for-hire market believed to be behind at least 4 million cyberattacks around the world, has served up its last internet-paralyzing traffic tsunami.

DDOS 52

DDOS Marketing Internet Internet 52

WIRED Threat Level

APRIL 21, 2018

Xbox hacking, LinkedIn bugs, and more security news this week.

Hacking 77

Hacking 77

eSecurity Planet

APRIL 23, 2018

VIDEO: F5 CISO Mike Convertino discusses the technology and human resources he uses to help secure his network and inform F5's product development.

CISO 45

CISO Technology 45

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity