Troy Hunt

JANUARY 3, 2020

Cookies like to get around. They have no scruples about where they go save for some basic constraints relating to the origin from which they were set. I mean have a think about it: If a website sets a cookie then you click a link to another page on that same site, will the cookie be automatically sent with the request? Yes. What if an attacker sends you a link to that same website in a malicious email and you click that link, will the cookie be sent?

Passwords 285

Passwords Accountability Hacking Risk 285

Adam Levin

DECEMBER 30, 2019

2020 seems to be getting off to an inauspicious start with the compromise of the home addresses of prominent UK citizens–many of them in lines of work that could make them targets for crime. The UK Cabinet Office issued an apology after a data leak that involved the exact addresses (including house and apartment numbers) of more than 1,000 New Year Honours recipients.

Government 237

Government 237

Schneier on Security

DECEMBER 30, 2019

Lance Vick suggesting that students hack their schools' surveillance systems. "This is an ethical minefield that I feel students would be well within their rights to challenge, and if needed, undermine," he said. Of course, there are a lot more laws in place against this sort of thing than there were in -- say -- the 1980s, but it's still worth thinking about.

Surveillance 241

Surveillance Hacking 241

The Last Watchdog

DECEMBER 31, 2019

Physical security is the protection of personnel and IT infrastructure (such as hardware, software, and data) from physical actions and events that could cause severe damage to an organization. This includes protection from natural disasters, theft, vandalism, and terrorism. Related: Good to know about IoT Physical security is often a second thought when it comes to information security.

Cyber Risk 173

Cyber Risk Risk Firewall Surveillance 173

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Krebs on Security

DECEMBER 29, 2019

Today marks the 10th anniversary of KrebsOnSecurity.com! Over the past decade, the site has featured more than 1,800 stories focusing mainly on cybercrime, computer security and user privacy concerns. And what a decade it has been. Stories here have exposed countless scams, data breaches, cybercrooks and corporate stumbles. In the ten years since its inception, the site has attracted more than 37,000 newsletter subscribers, and nearly 100 million pageviews generated by roughly 40 million unique

Data breaches 144

Data breaches Scams Cybercrime Advertising 144

Troy Hunt

JANUARY 3, 2020

I couldn't get 2 days into the new decade without without having to deal with ridiculous password criteria from Tik Tok followed by my phone automatically associating with what it thought was my washing machine whilst in a grocery store on the other side of the world (yep, you read that correctly). It somehow seems to just be reflective of how crazy online security is becoming in the modern era.

Passwords 140

Passwords 140

Schneier on Security

JANUARY 3, 2020

A malicious Chrome extension surreptitiously steals Ethereum keys and passwords: According to Denley, the extension is dangerous to users in two ways. First, any funds (ETH coins and ERC0-based tokens) managed directly inside the extension are at risk. Denley says that the extension sends the private keys of all wallets created or managed through its interface to a third-party website located at erc20wallet[.]tk.

Cryptocurrency 196

Cryptocurrency Passwords Risk 196

Adam Shostack

JANUARY 2, 2020

For my first blog post of 2020, I want to look at threat modeling machine learning systems. Microsoft recently released a set of documents including “ Threat Modeling AI/ML Systems and Dependencies ” and “ Failure Modes in Machine Learning ” (the later also available in a more printer-friendly version at arxiv.). These build on last December’s “ Securing the Future of Artificial Intelligence and Machine Learning at Microsoft.” First and foremost, I’

Artificial Intelligence 130

Artificial Intelligence Software Engineering Technology 130

Troy Hunt

DECEMBER 28, 2019

Sitting down to do this one today I thought it would be brief, turns out a bit more ended up on the agenda than I expected. The GoGetSSL bit in particular was unfolding as I recorded and to their credit, they later apologised for their "rude messages" which is a good sign. I still intend to finish writing up the blog post because the issues they've raised need tackling, but as with the Sophos example I also talk about, it's good to see a bit of humility (I've certainly been there myself before).

Data breaches 139

Data breaches 139

Adam Levin

JANUARY 2, 2020

California’s groundbreaking privacy law went into effect January 1, 2020. The California Consumer Privacy Act (CCPA) requires businesses to inform state residents if their data is being monetized as well as to provide them with a clearly stated means of opting out from the collection of their data and/or having it deleted. Businesses not in compliance with CCPA regulations may be fined by the state of California and sued by its residents.

Insurance 113

Insurance Cybersecurity Consumer Protection Government 113

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Tech Republic Security

JANUARY 2, 2020

E-commerce sites are trying to keep up with sophisticated skimming schemes, but chances are your credit card information will still be compromised. A security expert offers advice.

122

122

Schneier on Security

JANUARY 2, 2020

No one knows who they belong to. (Well, of course someone knows. And my guess is that it's likely that we will know soon.).

178

178

Adam Shostack

DECEMBER 30, 2019

I’m featured in (local NPR Affiliate) KUOW’s Primed: Season 3, Episode 8. I appreciate how the sense of fun that many security people bring to their work comes through. For me, it was fun learning about how Elevation of Privilege works for non-techies. (Spoiler: not super-well, you need to select the cards pretty carefully. Maybe there’s another game there?).

100

100

Threatpost

DECEMBER 31, 2019

Mobile becomes a prime phishing attack vector, hackers will increasingly employ machine learning in attacks and cloud will increasingly be seen as fertile ground for compromise.

Cybersecurity 109

Cybersecurity Mobile Phishing IoT 109

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

DECEMBER 29, 2019

If you find port 80 is a security risk on your network, you can change the Apache listening port to something non-standard.

Risk 129

Risk 129

Security Affairs

DECEMBER 29, 2019

New trojan called ‘Lampion’ has spread using template emails from the Portuguese Government Finance & Tax during the last days of 2019. Last days of 2019 were the perfect time to spread phishing campaigns using email templates based on the Portuguese Government Finance & Tax. SI-LAB noted that Portuguese users were targeted with malscam messages that reported issues related to a debt of the year 2018.

Malware 98

Malware Internet Internet Antivirus 98

Daniel Miessler

DECEMBER 30, 2019

[advanced_iframe src=”[link] width=”100%”] No related posts.

Information Security 100

Information Security 100

Threatpost

JANUARY 2, 2020

The U.S. Army this week has banned TikTok from government-owned devices as scrutiny over the platform's relationship with China grows.

Government 107

Government Data privacy 107

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

JANUARY 2, 2020

E-commerce sites are trying to keep up with sophisticated skimming schemes, but chances are your credit card information will still be compromised. A security expert offers advice.

79

79

Security Affairs

JANUARY 1, 2020

Developers at Starbucks left exposed an API key that could be used by an attacker to access internal systems and manipulate the list of authorized users. The development team at Starbucks left exposed an API key that could be used by an attacker to access company internal systems and manipulate the list of authorized users. The issue was discovered by the security expert Vinoth Kumar, he found the key in a public GitHub repository.

Advertising 98

Advertising Accountability Hacking Information Security 98

WIRED Threat Level

JANUARY 3, 2020

In addition to securing physical structures, the Diplomatic Security Service runs simulations of protests in a model city in Virginia.

95

95

Threatpost

JANUARY 3, 2020

Days before Christmas, employees found out that The Heritage Company had been hit by a ransomware attack and was "temporarily suspending operations.".

Ransomware 83

Ransomware Malware 83

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Tech Republic Security

JANUARY 2, 2020

Survey suggests overall volume and high rate of false problems are changing priority lists in security operations centers.

100

100

Security Affairs

JANUARY 2, 2020

Crooks are exploiting the popularity of the Star Wars saga to monetize their efforts, experts warn of online streaming sites delivering malware. Cybercriminals leverage popular movies like Star Wars to lure users into downloading malware to watch exclusive scenes or the full movie. Experts at Kaspersky have analyzed some threats that exploit the new Star Wars movie The Rise of Skywalker as bait for unaware users. .

Phishing 106

Phishing Malware Advertising Media 106

Dark Reading

DECEMBER 30, 2019

Understanding the new risks and threats posed by increased use of artificial intelligence.

Artificial Intelligence 102

Artificial Intelligence Cybersecurity Risk 102

WIRED Threat Level

DECEMBER 31, 2019

In the early aughts the internet was less dangerous than it was disruptive. That's changed. .

Internet 92

Internet Internet 92

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Tech Republic Security

JANUARY 2, 2020

Learn how to gain more security in your git repository with the help of the git-secret tool.

97

97

Security Affairs

JANUARY 1, 2020

The Irish government has published its National Cyber Security Strategy ?, it is an update of the country’s first Strategy which was published in 2015. The 2019 National Cyber Security Strategy aims to allow Ireland to continue to safely enjoy the benefits of the digital revolution and play a full part in shaping the future of the Internet. The report warns the national economy and the confidence in the State would be undermined by a major cyber attack on one of the numerous data centers t

Cyber threats 96

Cyber threats Advertising Government Cyber Attacks 96

Dark Reading

DECEMBER 30, 2019

We asked chief information security officers how they plan to get their infosec departments in shape next year.

CISO 88

CISO InfoSec Information Security 88

Threatpost

DECEMBER 30, 2019

Cybercrime increasingly went mobile in 2019, with everything from Apple iPhone jailbreaks and rogue Android apps to 5G and mobile-first phishing dominating the news coverage. Here are Threatpost's Top 10 mobile security stories of 2019.

Mobile 63

Mobile Cybercrime Phishing IoT 63

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity