December, 2018

10 Personal Finance Lessons for Technology Professionals

Troy Hunt

Patience. Frugality. Sacrifice. When you boil it down, what do those three things have in common? Those are choices. Money is not peace of mind. Money’s not happiness. Money is, at its essence, that measure of a man’s choices.

Expert devised a new WiFi hack that works on WPA/WPA2

Security Affairs

The popular expert Jens ‘Atom’ Steube devised a new WiFi hack that allows cracking WiFi passwords of most modern routers.

What the Marriott Breach Says About Security

Krebs on Security

We don’t yet know the root cause(s) that forced Marriott this week to disclose a four-year-long breach involving the personal and financial information of 500 million guests of its Starwood hotel properties.

GDPR: EU Sees More Data Breach Reports, Privacy Complaints

Data Breach Today

Ireland, France, Germany and UK Report Increases Since Privacy Law Took Effect The number of data breach reports filed since the EU General Data Protection Regulation went into effect has hit nearly 3,500 in Ireland, over 4,600 in Germany, 6,000 in France and 8,000 in the U.K.

GUEST ESSAY: The case for engaging in ‘threat hunting’ — and how to do it effectively

The Last Watchdog

Modern cyber threats often are not obvious – in fact it is common for them to lurk inside a business’ systems for a long time without anyone noticing. This is referred to as ‘dwell time’, and a recent report from the Ponemon Institute indicates that the average dwell time is 191 days. Related podcast: The re-emergence of SIEMs. In an ideal world there would no dwell time at all, and threats would be identified before they can penetrate business’ defenses.

How To 142

Predictions 2018: How I Did. (Pretty Damn Well, Turns Out)

John Battelle's Searchblog

Nostradamus. Every year I write predictions for the year ahead. And at the end of that year, I grade myself on how I did. I love writing this post, and thankfully you all love reading it as well.

Trends 114

More Trending

Your Personal Data is Already Stolen

Schneier on Security

Access 114

Happy 9th Birthday, KrebsOnSecurity!

Krebs on Security

Hard to believe we’ve gone another revolution around the Sun: Today marks the 9th anniversary of KrebsOnSecurity.com!

Equifax Breach 'Entirely Preventable,' House Report Finds

Data Breach Today

Democrats Slam Republican Report for Not Advancing New Breach-Prevention Laws The massive data breach suffered by Equifax in 2017 "was entirely preventable," according to a report released by the House Oversight Committee's Republican majority.

GUEST ESSAY: The true cost of complacency, when it comes to protecting data, content

The Last Watchdog

Facebook was lucky when the Information Commissioner’s Office (ICO)—the UK’s independent authority set up to uphold information rights in the public interest—hit the U.S. social media company with a £500,000 fine. Related: Zuckerberg’s mea culpa rings hollow. This penalty was in connection with Facebook harvesting user data, over the course of seven years — between 2007 and 2014. This user data became part of the now infamous Cambridge Analytica scandal.

It’s Not Facebook’s Fault: Our Shadow Internet Constitution

John Battelle's Searchblog

Those of us fortunate enough to have lived through the birth of the web have a habit of stewing in our own nostalgia. We’ll recall some cool site from ten or more years back, then think to ourselves (or sometimes out loud on Twitter ): “Well damn, things were way better back then.”

IT 103

Retail in 2019 needs security precautions

Thales Data Security

As the retail industry follows suit with today’s digital transformation, customer expectations are at an all-time high. Retailers are looking to address these demands with interconnected experiences to give customers more personalized and immediate experiences both in-stores and online.

Retail 102

Drone Denial-of-Service Attack against Gatwick Airport

Schneier on Security

Someone is flying a drone over Gatwick Airport in order to disrupt service: Chris Woodroofe, Gatwick's chief operating officer, said on Thursday afternoon there had been another drone sighting which meant it was impossible to say when the airport would reopen.

Serial Swatter and Stalker Mir Islam Arrested for Allegedly Dumping Body in River

Krebs on Security

Hackers Intercepted EU Diplomatic Cables for 3 Years

Data Breach Today

MY TAKE: Massive Marriott breach continues seemingly endless run of successful hacks

The Last Watchdog

I have a Yahoo email account, I’ve shopped at Home Depot and Target , my father was in the military and had a security clearance, which included a dossier on his family, archived at the U.S. Office of Personnel Management , I’ve had insurance coverage from Premera Blue Cross and I’ve stayed at the Marriott Marquis in San Francisco. Related: Uber hack shows DevOps risk. The common demonitor: All of those organizations have now disclosed massive data breaches over a span of the past five years.

Faulty DoD Cybersecurity Leaves U.S. At Risk of Missile Attacks

Adam Levin

The U.S. Ballistic Missile Defense System (BMDS) falls short of critical cybersecurity standards, according to an audit issued by the Department of Defense Inspector General.

How long do you have to report a data breach?

IT Governance

This blog has been updated to reflect industry updates. Originally published 24 October 2018. The first 72 hours after you become aware of a data breach are critical.

Bad Consumer Security Advice

Schneier on Security

There are lots of articles about there telling people how to better secure their computers and online accounts. While I agree with some of it, this article contains some particularly bad advice: 1. Never, ever, ever use public (unsecured) Wi-Fi such as the Wi-Fi in a café, hotel or airport.

A Chief Security Concern for Executive Teams

Krebs on Security

Virtually all companies like to say they take their customers’ privacy and security seriously, make it a top priority, blah blah. But you’d be forgiven if you couldn’t tell this by studying the executive leadership page of each company’s Web site.

GDPR: 8,000 Data Breach Reports Filed So Far in UK

Data Breach Today

Privacy Watchdog Counts 41 Daily Breach Reports Since GDPR Enforcement Began The U.K.'s s privacy watchdog says that six months after enforcement of the EU's General Data Protection Regulation began, it's seen a dramatic increase in data breach reports - as well as privacy complaints from the publi

GUEST ESSAY: Atrium Health data breach highlights lingering third-party exposures

The Last Watchdog

The healthcare industry has poured vast resources into cybersecurity since 2015, when a surge of major breaches began. While the nature of these breaches has evolved over the last four years, the growth in total healthcare incidents has unfortunately continued unabated. Related: How to get of HIPAA hit list. The recent disclosure from Atrium Health that more than 2.65

2019 may not be the year of quantum, but it should be the year of preparation

Thales Data Security

A few weeks ago, the National Academies of Sciences, Engineering and Medicine published a new report exploring the progress and prospects – or lack of – around quantum computing.

IT 94

AI for Insight: Three things we learned at the Forrester Data Strategy and Insights Forum

OpenText Information Management

We live in an age of unequaled access to data. By some estimates, the average company has between 150 and 400 terabytes of information stored. A large enterprise may have multiple petabytes, i.e. as much data as all the printed books in the world.

Massive Ad Fraud Scheme Relied on BGP Hijacking

Schneier on Security

This is a really interesting story of an ad fraud scheme that relied on hijacking the Border Gateway Protocol: Members of 3ve (pronounced "eve") used their large reservoir of trusted IP addresses to conceal a fraud that otherwise would have been easy for advertisers to detect.

Tools 104

Microsoft Issues Emergency Fix for IE Zero Day

Krebs on Security

Microsoft today released an emergency software patch to plug a critical security hole in its Internet Explorer (IE) Web browser that attackers are already using to break into Windows computers.

Risk 214

Ireland's Privacy Watchdog Probes Facebook Data Breaches

Data Breach Today

Million Users' Private Photos Exposed, Triggering GDPR Investigation Ireland's privacy watchdog is probing data breaches at Facebook that exposed users' private data. In the latest breach to be disclosed, Facebook has warned that for a 12-day period in September, up to 6.8

GUEST ESSAY: ‘Tis the season — to take proactive measures to improve data governance

The Last Watchdog

The holiday season is upon us and the bright lights and greenery aren’t the only indicators that we’ve reached December. Sadly, data breaches often occur at this time of year. Recently we’ve seen major news stories about breaches at Starwood Hotels and Quora. Related podcast: The need to lock down unstructured data. Last year, at this time, it was announced that there was a significant privacy leak at eBay affecting many customers.

Google finds bug in Google+ – 52.5 million users affected

IT Governance

Google has announced yet another data breach affecting its Google+ social network.

114 Million US Citizens and Companies Found Unprotected Online

Adam Levin

The data of 114 million businesses and individuals has been discovered in an unprotected database.

New Australian Backdoor Law

Schneier on Security

Last week, Australia passed a law [link] the government the ability to demand backdoors in computers and communications systems. Details are still to be defined , but it's really bad. Note: Many people e-mailed me to ask why I haven't blogged this yet. One, I was busy with other things.

A Breach, or Just a Forced Password Reset?

Krebs on Security

Software giant Citrix Systems recently forced a password reset for many users of its Sharefile content collaboration service, warning it would be doing this on a regular basis in response to password-guessing attacks that target people who re-use passwords across multiple Web sites.

Top Republican Email Accounts Compromised

Data Breach Today

National Republican Congressional Committee Emails Spied On For Months Thousands of emails from four senior aides within the National Republican Congressional Committee were exposed after their accounts were compromised for several months earlier this year, Politico reports on Tuesday.

228
228

GUEST ESSAY: 5 security steps all companies should adopt from the Intelligence Community

The Last Watchdog

The United States Intelligence Community , or IC, is a federation of 16 separate U.S. intelligence agencies, plus a 17th administrative office. The IC gathers, stores and processes large amounts of data, from a variety of sources, in order to provide actionable information for key stakeholders. And, in doing so, the IC has developed an effective set of data handling and cybersecurity best practices. Related video: Using the NIST framework as a starting point.