2017

article thumbnail

What Would It Look Like If We Put Warnings on IoT Devices Like We Do Cigarette Packets?

Troy Hunt

A couple of years ago, I was heavily involved in analysing and reporting on the massive VTech hack , the one where millions of records were exposed including kids' names, genders, ages, photos and the relationship to parents' records which included their home address. Part of this data was collected via an IoT device called the InnoTab which is a wifi connected tablet designed for young kids; think Fisher Price designing an iPad. then totally screwing up the security.

IoT 279
article thumbnail

Tracking People Without GPS

Schneier on Security

Interesting research : The trick in accurately tracking a person with this method is finding out what kind of activity they're performing. Whether they're walking, driving a car, or riding in a train or airplane, it's pretty easy to figure out when you know what you're looking for. The sensors can determine how fast a person is traveling and what kind of movements they make.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

9 best practices to improve security in industrial IoT

Tech Republic Security

Dell EMC's senior product manager for IoT security, Rohan Kotian, hosted a presentation at Dell EMC World explaining how industrial enterprises can protect their IoT deployments.

IoT 166
article thumbnail

‘Mailsploit’ Lets Hackers Forge Perfect Email Spoofs

WIRED Threat Level

The attack uncovers bugs in how more than a dozen programs implement email's creaky protocol.

212
212
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Ode to the use-after-free: one vulnerable function, a thousand possibilities

Scary Beasts Security

Overview This post explores an old but wonderful vulnerability that enables us to really showcase the (oft underestimated) power of the use-after-free vulnerability class. We’re going to take a step back and consider the wider class of “use-after-invalidation”, of which use-after-free is one type of use of invalidated state. We will see one single area of vulnerable code that has it all: use-after-invalidation leading to out of bounds reads and writes; use-after-free leading to object aliasing;

Hacking 126
article thumbnail

How to trace ransomware payments end-to-end

Elie

Over the last two years, ransomware has been all over the news. Hardly a week goes by without a report of a large ransomware outbreak or the emergence of a new ransomware family. Despite all this attention, very little is known about how profitable ransomware is and who the criminals are that benefit from it. To answer these questions and expose the inner workings of the ransomware economy, our research team at Google, in partnership with.

More Trending

article thumbnail

Top 8 Cybersecurity Skills IT Pros Need in 2018

Dark Reading

Cloud security architecture skills to customer-service savvy are among the key IT security skills needed next year as CIOs ramp up hiring.

article thumbnail

Cloud Leaks Continue: 123 Million U.S. Households' Personal Information Exposed Online

eSecurity Planet

The information, from data analytics firm Alteryx, was in an Amazon S3 bucket configured to provide any AWS user with access.

98
article thumbnail

I'm Sorry You Feel This Way NatWest, but HTTPS on Your Landing Page Is Important

Troy Hunt

Occasionally, I feel like I'm just handing an organisation more shovels - "here, keep digging, I'm sure this'll work out just fine." The latest such event was with NatWest (a bank in the UK), and it culminated with this tweet from them: I'm sorry you feel this way. I can certainly pass on your concerns and feed this back to the tech team for you Troy?

Banking 274
article thumbnail

The 6-Step "Happy Path" to HTTPS

Troy Hunt

It's finally time: it's time the pendulum swings further towards the "secure by default" end of the scale than what it ever has before. At least insofar as securing web traffic goes because as of this week's Chrome 62's launch, any website with an input box is now doing this when served over an insecure connection: It's not doing it immediately for everyone , but don't worry, it's coming very soon even if it hasn't yet arrived for you personally and it's going to take many people by surp

260
260
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Disqus Demonstrates How to Do Breach Disclosure Right

Troy Hunt

We all jumped on "the Equifax dumpster fire bandwagon" recently and pointed to all the things that went fundamentally wrong with their disclosure process. But it's equally important that we acknowledge exemplary handling of data breaches when they occur because that's behaviour that should be encouraged. Last week, someone reached out and shared a number of data breaches with me.

article thumbnail

2018 Cause Awareness & Giving Day Calendar

Troy Hunt

Cause awareness and giving days can be very powerful themes upon which to launch online fundraising campaigns. The real-time, in-the-moment nature of cause awareness and giving days can inspire donors to give provided that your nonprofit knows how to promote the days effectively. The first step is to decide which days to build a campaign upon and add them to your 2018 editorial calendar.

Internet 242
article thumbnail

Big data privacy is a bigger issue than you think

Tech Republic Security

When it comes to privacy, big data analysts have a responsibility to users to be transparent about data collection and usage. Here are ways to allay users' concerns about privacy and big data.

Big data 167
article thumbnail

Women in cybersecurity: IBM wants to send you to a hacker conference for free

Tech Republic Security

A new IBM scholarship will cover 100% of the entry fees for any woman interested in attending EC-Council's Hacker Halted conference. Here's how to take advantage of the offer.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

How to make your employees care about cybersecurity: 10 tips

Tech Republic Security

People are the largest security vulnerability in any organization. Here's some expert advice on how to make cybersecurity training more effective and protect your business.

article thumbnail

Ukraine is a test bed for global cyberattacks that will target major infrastructure

Tech Republic Security

On the ground in Kiev, TechRepublic got a first-hand look at the frontline of a cyberwar that involves alleged Russian state-sponsored hackers, organized crime, and lone-wolf attackers.

165
165
article thumbnail

The next generation of cybersecurity professionals is being created by the Girl Scouts

Tech Republic Security

Girl Scouts of the USA is rolling out a set of 18 new cybersecurity badges next year, to teach young women in grades K-12 programming, ethical hacking, and identity theft prevention.

article thumbnail

IBM uses Watson to fill cybersecurity gaps

Tech Republic Security

IBM's new Watson for Cyber Security, unveiled at RSA, can tap into more than 1 million security documents to help cybersecurity professionals more easily identify and mitigate potential threats.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

macOS malware on the rise as Apple silently patches a mysterious new threat called Proton

Tech Republic Security

No one is safe from malware these days, even macOS users. 2017 has been a banner year for malware on Apple computers, including a new threat that allows total remote control from a web console.

Malware 163
article thumbnail

Rise of the 'accidental' cybersecurity professional

Tech Republic Security

To fill cybersecurity job shortages, a number of people, especially women, are entering the field from other careers. Here's why they might be able to help your company.

article thumbnail

80% of IoT apps not tested for vulnerabilities, report says

Tech Republic Security

A new report from the Ponemon Institute, IBM, and Arxan claims that just 20% of IoT apps and 29% of mobile apps are actually tested for vulnerabilities, raising security concerns.

IoT 160
article thumbnail

10 books on cybersecurity that all IT leaders should read

Tech Republic Security

Want to start learning about cybersecurity? Check out TechRepublic's top 10 titles to understand how hackers have stolen millions in private data, how governments wage cyberwar, and how to beef up security systems.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Do you work in the financial sector? Time to step up your cybersecurity habits

Tech Republic Security

A report from IBM Security revealed a 937% increase in records stolen from the financial sector in 2016. Here's what you need to know and do to protect your sensitive data.

article thumbnail

A visual map of emerging cybersecurity trends

Tech Republic Security

A study by TechRepublic and data firm Affinio reveals the social media communities and influencers talking about IoT, ransomware, bots, and other cybersecurity threats.

article thumbnail

4 questions businesses should be asking about cybersecurity attacks

Tech Republic Security

At the 2017 Dell EMC World conference, RSA senior director of advanced cyber defense, Peter Tran, walked through examples of real-world IT questions and how they could be answered.

article thumbnail

Free charging stations can hack your phone, here's how to protect yourself

Tech Republic Security

A recent experiment conducted by security company Authentic8 showed how lax some users are regarding their phone data. Here's how to practice good security when you need to charge.

Hacking 159
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

The world needs more cybersecurity pros, but millennials aren't interested in the field

Tech Republic Security

Only 7% of cybersecurity workers are under age 29, and just 11% are women. Here's how your business can better recruit younger, more diverse cybersecurity workers.

article thumbnail

Yahoo confirms 32M accounts breached in 2015-2016 forged cookies attack

Tech Republic Security

In a recent annual report filed with the SEC, Yahoo confirmed that forged cookies were used to hack 32 million accounts. Here's what it means and why your company should be aware of such attacks.

article thumbnail

Your internet history is now for sale. Here's how you can protect it

Tech Republic Security

Congress has voted to repeal restrictions preventing ISPs from gathering and selling your browsing data and other personal info. Here's how you can protect yourself.

Internet 166
article thumbnail

4 tips to help your business recruit, and keep, cybersecurity pros

Tech Republic Security

According to a new report from ISACA, 27% of US companies are unable to fill cybersecurity positions, and most applicants aren't qualified for the job. Here's how to better recruit cyber professionals.

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.