December, 2018

10 Personal Finance Lessons for Technology Professionals

Troy Hunt

Patience. Frugality. Sacrifice. When you boil it down, what do those three things have in common? Those are choices. Money is not peace of mind. Money’s not happiness. Money is, at its essence, that measure of a man’s choices.

Expert devised a new WiFi hack that works on WPA/WPA2

Security Affairs

The popular expert Jens ‘Atom’ Steube devised a new WiFi hack that allows cracking WiFi passwords of most modern routers.

What the Marriott Breach Says About Security

Krebs on Security

We don’t yet know the root cause(s) that forced Marriott this week to disclose a four-year-long breach involving the personal and financial information of 500 million guests of its Starwood hotel properties.

GDPR: EU Sees More Data Breach Reports, Privacy Complaints

Data Breach Today

Ireland, France, Germany and UK Report Increases Since Privacy Law Took Effect The number of data breach reports filed since the EU General Data Protection Regulation went into effect has hit nearly 3,500 in Ireland, over 4,600 in Germany, 6,000 in France and 8,000 in the U.K.

Predictions 2018: How I Did. (Pretty Damn Well, Turns Out)

John Battelle's Searchblog

Nostradamus. Every year I write predictions for the year ahead. And at the end of that year, I grade myself on how I did. I love writing this post, and thankfully you all love reading it as well.

Mining 114

Your Personal Data is Already Stolen

Schneier on Security

Access 114

More Trending

Hackers infect Linux servers with JungleSec Ransomware via IPMI Remote console

Security Affairs

Since November, a new ransomware called JungleSec has been infecting servers through unsecured IPMI (Intelligent Platform Management Interface) cards.

Happy 9th Birthday, KrebsOnSecurity!

Krebs on Security

Hard to believe we’ve gone another revolution around the Sun: Today marks the 9th anniversary of KrebsOnSecurity.com!

Equifax Breach 'Entirely Preventable,' House Report Finds

Data Breach Today

Democrats Slam Republican Report for Not Advancing New Breach-Prevention Laws The massive data breach suffered by Equifax in 2017 "was entirely preventable," according to a report released by the House Oversight Committee's Republican majority.

Pan Am Flight 103: Robert Mueller’s 30-Year Search for Justice

WIRED Threat Level

In December 1988 a bomb downed a Pan Am jet, leaving 270 dead. It was the first mass killing of Americans by terrorists. As the head of the Justice Department’s criminal division, Robert Mueller oversaw the case. And for him, it was personal. Backchannel Security

IT 107

Drone Denial-of-Service Attack against Gatwick Airport

Schneier on Security

Someone is flying a drone over Gatwick Airport in order to disrupt service: Chris Woodroofe, Gatwick's chief operating officer, said on Thursday afternoon there had been another drone sighting which meant it was impossible to say when the airport would reopen.

Faulty DoD Cybersecurity Leaves U.S. At Risk of Missile Attacks

Adam Levin

The U.S. Ballistic Missile Defense System (BMDS) falls short of critical cybersecurity standards, according to an audit issued by the Department of Defense Inspector General.

Cisco ASA is affacted by a privilege escalation flaw. Patch it now!

Security Affairs

Cisco Adaptive Security Appliance (ASA) Software is affected by a vulnerability that could be exploited by an attacker to retrieve files or replace software images on a device. .

Serial Swatter and Stalker Mir Islam Arrested for Allegedly Dumping Body in River

Krebs on Security

Hackers Intercepted EU Diplomatic Cables for 3 Years

Data Breach Today

GUEST ESSAY: The case for engaging in ‘threat hunting’ — and how to do it effectively

The Last Watchdog

Modern cyber threats often are not obvious – in fact it is common for them to lurk inside a business’ systems for a long time without anyone noticing. This is referred to as ‘dwell time’, and a recent report from the Ponemon Institute indicates that the average dwell time is 191 days. Related podcast: The re-emergence of SIEMs. In an ideal world there would no dwell time at all, and threats would be identified before they can penetrate business’ defenses.

How To 146

Bad Consumer Security Advice

Schneier on Security

There are lots of articles about there telling people how to better secure their computers and online accounts. While I agree with some of it, this article contains some particularly bad advice: 1. Never, ever, ever use public (unsecured) Wi-Fi such as the Wi-Fi in a café, hotel or airport.

It’s Not Facebook’s Fault: Our Shadow Internet Constitution

John Battelle's Searchblog

Those of us fortunate enough to have lived through the birth of the web have a habit of stewing in our own nostalgia. We’ll recall some cool site from ten or more years back, then think to ourselves (or sometimes out loud on Twitter ): “Well damn, things were way better back then.”

IT 101

Hackers defaced Linux.org with DNS hijack

Security Affairs

The Linux.org website was defaced last week via DNS hijack, attackers breached into associated registrar account and changed the DNS settings.

A Chief Security Concern for Executive Teams

Krebs on Security

Virtually all companies like to say they take their customers’ privacy and security seriously, make it a top priority, blah blah. But you’d be forgiven if you couldn’t tell this by studying the executive leadership page of each company’s Web site.

GDPR: 8,000 Data Breach Reports Filed So Far in UK

Data Breach Today

Privacy Watchdog Counts 41 Daily Breach Reports Since GDPR Enforcement Began The U.K.'s s privacy watchdog says that six months after enforcement of the EU's General Data Protection Regulation began, it's seen a dramatic increase in data breach reports - as well as privacy complaints from the publi

How long do you have to report a data breach?

IT Governance

This blog has been updated to reflect industry updates. Originally published 24 October 2018. The first 72 hours after you become aware of a data breach are critical.

Massive Ad Fraud Scheme Relied on BGP Hijacking

Schneier on Security

This is a really interesting story of an ad fraud scheme that relied on hijacking the Border Gateway Protocol: Members of 3ve (pronounced "eve") used their large reservoir of trusted IP addresses to conceal a fraud that otherwise would have been easy for advertisers to detect.

Tools 107

Have I Been Pwned - The Sticker

Troy Hunt

So today is Have I Been Pwned's (HIBP's) 5th birthday.

CVE-2018-15982 Adobe zero-day exploited in targeted attacks

Security Affairs

Adobe released security updates for Flash Player that address two vulnerabilities, including a critical flaw, tracked as CVE-2018-15982, exploited in targeted attacks.

Microsoft Issues Emergency Fix for IE Zero Day

Krebs on Security

Microsoft today released an emergency software patch to plug a critical security hole in its Internet Explorer (IE) Web browser that attackers are already using to break into Windows computers.

Risk 212

Ireland's Privacy Watchdog Probes Facebook Data Breaches

Data Breach Today

Million Users' Private Photos Exposed, Triggering GDPR Investigation Ireland's privacy watchdog is probing data breaches at Facebook that exposed users' private data. In the latest breach to be disclosed, Facebook has warned that for a 12-day period in September, up to 6.8

2019 may not be the year of quantum, but it should be the year of preparation

Thales eSecurity

A few weeks ago, the National Academies of Sciences, Engineering and Medicine published a new report exploring the progress and prospects – or lack of – around quantum computing.

IT 98

New Australian Backdoor Law

Schneier on Security

Last week, Australia passed a law [link] the government the ability to demand backdoors in computers and communications systems. Details are still to be defined , but it's really bad. Note: Many people e-mailed me to ask why I haven't blogged this yet. One, I was busy with other things.

114 Million US Citizens and Companies Found Unprotected Online

Adam Levin

The data of 114 million businesses and individuals has been discovered in an unprotected database.

‘Roma225’ campaign targets companies in the Italian automotive sector

Security Affairs

‘Roma225’ campaign -The Cybaze-Yoroi ZLab researchers investigated a recent espionage malware implant weaponized to target companies in the Italian automotive sector.

A Breach, or Just a Forced Password Reset?

Krebs on Security

Software giant Citrix Systems recently forced a password reset for many users of its Sharefile content collaboration service, warning it would be doing this on a regular basis in response to password-guessing attacks that target people who re-use passwords across multiple Web sites.

Top Republican Email Accounts Compromised

Data Breach Today

National Republican Congressional Committee Emails Spied On For Months Thousands of emails from four senior aides within the National Republican Congressional Committee were exposed after their accounts were compromised for several months earlier this year, Politico reports on Tuesday.

213
213

AI for Insight: Three things we learned at the Forrester Data Strategy and Insights Forum

OpenText Information Management

We live in an age of unequaled access to data. By some estimates, the average company has between 150 and 400 terabytes of information stored. A large enterprise may have multiple petabytes, i.e. as much data as all the printed books in the world.