Sat.Sep 15, 2018 - Fri.Sep 21, 2018

article thumbnail

Credit Freezes are Free: Let the Ice Age Begin

Krebs on Security

It is now free in every U.S. state to freeze and unfreeze your credit file and that of your dependents, a process that blocks identity thieves and others from looking at private details in your consumer credit history. If you’ve been holding out because you’re not particularly worried about ID theft, here’s another reason to reconsider: The credit bureaus profit from selling copies of your file to others, so freezing your file also lets you deny these dinosaurs a valuable reven

article thumbnail

Extended Validation Certificates are Dead

Troy Hunt

That's it - I'm calling it - extended validation certificates are dead. Sure, you can still buy them (and there are companies out there that would just love to sell them to you!), but their usefulness has now descended from "barely there" to "as good as non-existent" This change has come via a combination of factors including increasing use of mobile devices, removal of the EV visual indicator by browser vendors and as of today, removal from Safari on iOS (it'll also be gone in M

Marketing 272
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

AES Resulted in a $250 Billion Economic Benefit

Schneier on Security

NIST has released a new study concluding that the AES encryption standard has resulted in a $250 billion world-wide economic benefit over the past twenty years. I have no idea how to even begin to assess the quality of the study and its conclusions -- it's all in the 150-page report, though -- but I do like the pretty block diagram of AES on the report's cover.

article thumbnail

MY TAKE: Here’s why we need ‘SecOps’ to help secure ‘Cloud Native’ companiess

The Last Watchdog

For many start-ups, DevOps has proven to be a magical formula for increasing business velocity. Speed and agility is the name of the game — especially for Software as a Service (SaaS) companies. Related: How DevOps enabled the hacking of Uber. DevOps is a process designed to foster intensive collaboration between software developers and the IT operations team, two disciplines that traditionally have functioned as isolated silos with the technology department.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

GovPayNow.com Leaks 14M+ Records

Krebs on Security

Government Payment Service Inc. — a company used by thousands of U.S. state and local governments to accept online payments for everything from traffic citations and licensing fees to bail payments and court-ordered fines — has leaked more than 14 million customer records dating back at least six years, including names, addresses, phone numbers and the last four digits of the payer’s credit card.

Mobile 248
article thumbnail

State Department’s Email Server Breached

Adam Levin

An email server containing “sensitive but unclassified” data belonging to the State Department was breached, the government agency announced earlier this month. The information included personally identifiable information of an undisclosed number of employees who have since been notified. While the breach itself is relatively minor, it highlights the relative lack of progress made by the department to enact more rigorous security measures, despite repeated hack attempts and security breaches.

More Trending

article thumbnail

MY TAKE: The no. 1 reason ransomware attacks persist: companies overlook ‘unstructured data’

The Last Watchdog

All too many companies lack a full appreciation of how vital it has become to proactively manage and keep secure “unstructured data.”. One reason for the enduring waves of ransomware is that unstructured data is easy for hackers to locate and simple for them to encrypt. Related video: Why it’s high time to protect unstructured data. Ironically, many victimized companies are paying hefty ransoms to decrypt unstructured data that may not be all that sensitive or mission critical.

article thumbnail

Mirai Botnet Authors Avoid Jail Time

Krebs on Security

Citing “extraordinary cooperation” with the government, a court in Alaska on Tuesday sentenced three men to probation, community service and fines for their admitted roles in authoring and using “ Mirai ,” a potent malware strain used in countless attacks designed to knock Web sites offline — including an enormously powerful attack in 2016 that sidelined this Web site for nearly four days.

article thumbnail

Weekly Update 105

Troy Hunt

It's another day-late weekly update courtesy of another hectic week. Scott and I were at NDC Sydney doing a bunch of talks and other events and I just simply didn't get time to push this out until sitting at the airport waiting for the plan home. This week's update is a little different as we did it at SSW's recording setup in front of a live audience.

article thumbnail

NSA Attacks Against Virtual Private Networks

Schneier on Security

A 2006 document from the Snowden archives outlines successful NSA operations against "a number of "high potential" virtual private networks, including those of media organization Al Jazeera, the Iraqi military and internet service organizations, and a number of airline reservation systems.". It's hard to believe that many of the Snowden documents are now more than a decade old.

Media 238
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

California’s Controversial IoT Security Bill Passes

Adam Levin

The first major piece of cybersecurity legislation to address vulnerabilities in Internet of Things (IoT) devices has passed in California, and is ready to be signed into law by Governor Jerry Brown. First introduced in 2017 by State Senator Hannah-Beth Jackson, SB-327 calls for “a manufacturer of a connected device… to equip [it] with a reasonable security feature or features that are appropriate to the nature and function of the device… to protect the device and any information contained there

IoT 143
article thumbnail

Cracked Windows installations are serially infected with EternalBlue exploit code

Security Affairs

According to Avira, hundreds of thousands of unpatched Windows systems are serially infected with EternalBlue exploit code. The EternalBlue , is the alleged NSA exploit that made the headlines with DOUBLEPULSAR in the WannaCry attack. The malicious code was leaked online by the Shadow Brokers hacking group that stole it from the arsenal of the NSA-linked Equation Group.

article thumbnail

The 'Opsec Fail' That Helped Unmask a North Korean State Hacker

Dark Reading

How Park Jin Hyok - charged by the US government for alleged computer crimes for the Sony, Bank of Bangladesh, WannaCry cyberattacks - inadvertently blew his cover via email accounts.

Banking 90
article thumbnail

New Findings About Prime Number Distribution Almost Certainly Irrelevant to Cryptography

Schneier on Security

Lots of people are e-mailing me about this new result on the distribution of prime numbers. While interesting, it has nothing to do with cryptography. Cryptographers aren't interested in how to find prime numbers, or even in the distribution of prime numbers. Public-key cryptography algorithms like RSA get their security from the difficulty of factoring large composite numbers that are the product of two prime numbers.

231
231
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

John Deere Just Cost Farmers Their Right to Repair

WIRED Threat Level

The California Farm Bureau has given away the right of farmers to fix their equipment without going through a dealer.

111
111
article thumbnail

Cyber attack took offline flight display screens at the Bristol Airport

Security Affairs

The Bristol Airport was hit by a cyber attack that caused problems with operations, flight display screens were taken offline for two days. The Bristol Airport was hit by a ransomware-based attack that caused problems to the flight display screens for two entire days. The news reported by the BBC and was confirmed by an airport spokesman that explained that the information screens were taken offline early on Friday in response to a “ransomware” based attack. “Bristol Airport ha

article thumbnail

Turn the NIST Cybersecurity Framework into Reality: 5 Steps

Dark Reading

Actionable advice for tailoring the National Institute of Standards and Technology's security road map to your company's business needs.

article thumbnail

Public Shaming of Companies for Bad Security

Schneier on Security

Troy Hunt makes some good points , with good examples.

219
219
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

How the HTC Exodus Blockchain Phone Plans to Secure Your Cryptocurrency

WIRED Threat Level

HTC starts filling in the details of its so-called blockchain smartphone, expected to launch later this year.

article thumbnail

Sustes Malware: CPU for Monero

Security Affairs

Sustes Malware doesn’t infect victims by itself, but it is spread via brute-force activities with special focus on IoT and Linux servers. Today I’d like to share a simple analysis based on a fascinating threat that I like to call Sustes (you will see name genesis in a bit). Everybody knows Monero cryptocurrency and probably everybody knows that it has built upon privacy, by meaning It’s not that simple to figure out Monero wallet balance.

Malware 110
article thumbnail

Turn the NIST Cybersecurity Framework into Reality: 4 Steps

Dark Reading

Actionable advice for tailoring the National Institute of Standards and Technology's security road map to your company's business needs.

article thumbnail

The IT Security Mistakes that Led to the Equifax Breach

eSecurity Planet

Patching failures alone didn't lead to the massive data breach at Equifax. Here are a half-dozen other mistakes that Equifax made.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Critical Vulnerability Found in Cisco Video Surveillance Manager

Threatpost

Cisco has patched vulnerability in its video surveillance manager software that could give an unauthenticated, remote attacker the ability to execute arbitrary commands on targeted systems.

article thumbnail

New XBash malware combines features from ransomware, cryptocurrency miners, botnets, and worms

Security Affairs

Palo Alto Network researchers discovered a new malware, tracked as XBash, that combines features from ransomware, cryptocurrency miners, botnets, and worms. Security researchers at Palo Alto Networks have discovered a new piece of malware, dubbed XBash piece that is targeting both Linux and Microsoft Windows servers. Xbash was developed using Python, then the authors converted into self-contained Linux ELF executables by abusing the legitimate tool PyInstaller for distribution.

article thumbnail

The 7 Habits of Highly Effective Security Teams

Dark Reading

Security requires smart people, processes, and technology. Too often, the "people" portion of the PPT equation is neglected.

article thumbnail

Multi-cloud use, regulatory compliance and information protection drive new era of encryption and key management in France

Thales Cloud Protection & Licensing

Now in its 13 th year, our Global Encryption Trends Study that is performed by the Ponemon Institute reveals interesting findings that span a dozen different geographies. This year, we found that multi-cloud use as well as compliance requirements have encouraged organizations around the globe to embrace a more extensive encryption strategy. Our study also found that these two key drivers along with protection of information against specific, identified threats are ushering in a new era of encryp

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Edward Snowden on Protecting Activists Against Surveillance

WIRED Threat Level

“Turnkey tyranny” has never been closer. For some communities, it feels like it’s already here.

article thumbnail

Access to over 3,000 compromised sites sold on Russian black marketplace MagBo

Security Affairs

Security experts at Flashpoint discovered the availability of the access to over 3,000 compromised sites sold on Russian black marketplace MagBo. A new report published by researchers at Flashpoint revealed the availability on an underground hacking forum for Russian-speaking users of access to over 3,000 breached websites. “Access to approximately 3,000 breached websites has been discovered for sale on a Russian-speaking underground marketplace called MagBo.

article thumbnail

Think Like An Attacker: How a Red Team Operates

Dark Reading

Seasoned red teamers explain the value-add of a red team, how it operates, and how to maximize its effectiveness.

95
article thumbnail

Old WordPress Plugin Being Exploited in RCE Attacks

Threatpost

Old instances of the popular WordPress Duplicator Plugin are leaving sites open to remote code execution attacks.

Hacking 90
article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.