December, 2018

article thumbnail

10 Personal Finance Lessons for Technology Professionals

Troy Hunt

Patience. Frugality. Sacrifice. When you boil it down, what do those three things have in common? Those are choices. Money is not peace of mind. Money’s not happiness. Money is, at its essence, that measure of a man’s choices. This is part of the opening monologue of the Ozark series and when I first heard it, I immediately stopped the show and dropped it into this blog post.

Education 111
article thumbnail

Expert devised a new WiFi hack that works on WPA/WPA2

Security Affairs

The popular expert Jens ‘Atom’ Steube devised a new WiFi hack that allows cracking WiFi passwords of most modern routers. Jens ‘Atom’ Steube, the lead developer of the popular password-cracking tool Hashcat, has developed a new WiFi hacking technique that allows cracking WiFi passwords of most modern routers. Jens ‘Atom’ Steube, the lead developer of the popular password-cracking tool Hashcat, has developed a new WiFi hacking technique that allows cracking WiF

Passwords 103
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

What the Marriott Breach Says About Security

Krebs on Security

We don’t yet know the root cause(s) that forced Marriott this week to disclose a four-year-long breach involving the personal and financial information of 500 million guests of its Starwood hotel properties. But anytime we see such a colossal intrusion go undetected for so long, the ultimate cause is usually a failure to adopt the most important principle in cybersecurity defense that applies to both corporations and consumers: Assume you are compromised.

Security 275
article thumbnail

GDPR: EU Sees More Data Breach Reports, Privacy Complaints

Data Breach Today

Ireland, France, Germany and UK Report Increases Since Privacy Law Took Effect The number of data breach reports filed since the EU General Data Protection Regulation went into effect has hit nearly 3,500 in Ireland, over 4,600 in Germany, 6,000 in France and 8,000 in the U.K. Regulators say more Europeans are also filing more complaints about organizations' data protection and privacy practices.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

How long do you have to report a data breach?

IT Governance

This blog has been updated to reflect industry updates. Originally published 24 October 2018. The first 72 hours after you become aware of a data breach are critical. This is the deadline given to you under the EU GDPR (General Data Protection Regulation) to report information security incidents to your supervisory authority. As you might expect, there are a lot of intricacies involved.

More Trending

article thumbnail

Your Personal Data is Already Stolen

Schneier on Security

In an excellent blog post , Brian Krebs makes clear something I have been saying for a while: Likewise for individuals, it pays to accept two unfortunate and harsh realities: Reality #1: Bad guys already have access to personal data points that you may believe should be secret but which nevertheless aren't, including your credit card information, Social Security number, mother's maiden name, date of birth, address, previous addresses, phone number, and yes ­ even your credit file.

article thumbnail

Cisco ASA is affacted by a privilege escalation flaw. Patch it now!

Security Affairs

Cisco Adaptive Security Appliance (ASA) Software is affected by a vulnerability that could be exploited by an attacker to retrieve files or replace software images on a device. . A privilege escalation vulnerability tracked as CVE-2018-15465 affects the Cisco Adaptive Security Appliance (ASA) software. The flaw could be exploited by an unauthenticated, remote attacker to perform privileged operations using the web management interface.

IT 111
article thumbnail

Happy 9th Birthday, KrebsOnSecurity!

Krebs on Security

Hard to believe we’ve gone another revolution around the Sun: Today marks the 9th anniversary of KrebsOnSecurity.com! This past year featured some 150 blog posts , but as usual the biggest contribution to this site came from the amazing community of readers here who have generously contributed their knowledge, wit and wisdom in more than 10,000 comments.

Phishing 222
article thumbnail

Emails Expose Sensitive Internal Facebook Discussions

Data Breach Today

Material Gives Insight Into Company's Views on Data Security A batch of documents meant to be kept under court seal lay bare Facebook's strategic brokering of access to user data to reward partners and punish potential rivals. The material also demonstrates Facebook's views at the time on privacy and the risks of leaking data.

Privacy 249
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Amnesty Report: Twitter Abuse Toward Women Is Rampant

WIRED Threat Level

Frustrated by Twitter's silence on abuse against women, Amnesty International crowdsourced its own data and found that the platform was especially toxic for black women.

IT 107
article thumbnail

QR Codes: The future with no security shake up

Thales Cloud Protection & Licensing

( Originally posted on Cards International). To reach its tipping point, cashless payment technology has come on a long way since the first magnetic stripe card almost 50 years ago. The development of chip and PIN addressed concerns over security, before the emergence of contactless catered to consumer demands for greater convenience. Today, a new stage in the evolution of payments is growing in popularity.

Security 100
article thumbnail

Customers lose confidence – data breaches aren’t just about fines

IT Governance

A recent survey by Ping Identity shows that customers move away from brands that have suffered data breaches. Data breaches are now a common occurrence – big-name brands affected in 2018 include FIFA , British Airways , Vision Direct , Eurostar and Marriott. These are just a few of the household names that have suffered at the hands of criminal hackers this year and under ongoing investigation; any penalties have yet to be confirmed.

article thumbnail

Hackers defaced Linux.org with DNS hijack

Security Affairs

The Linux.org website was defaced last week via DNS hijack, attackers breached into associated registrar account and changed the DNS settings. Attackers changed the defacement page a few times, they protested against the new Linux kernel developer code of conduct in a regrettable way with racial slurs and the image of an individual showing the anus.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Serial Swatter and Stalker Mir Islam Arrested for Allegedly Dumping Body in River

Krebs on Security

A 22-year-old man convicted of cyberstalking and carrying out numerous bomb threats and swatting attacks — including a 2013 swatting incident at my home — was arrested Sunday morning in the Philippines after allegedly helping his best friend dump the body of a housemate into a local river. Suspects Troy Woody Jr. (left) and Mir Islam, were arrested in Manila this week for allegedly dumping the body of Woody’s girlfriend in a local river.

article thumbnail

Kubernetes Alert: Security Flaw Could Enable Remote Hacking

Data Breach Today

Patch Container-Orchestration System Now or Risk Serious Consequences A severe vulnerability in Kubernetes, the popular, open-source software for managing Linux applications deployed within containers, could allow an attacker to remotely steal data or crash production applications. Microsoft and Red Hat have issued guidance and patches, and recommend immediate updating.

Security 249
article thumbnail

Facebook users cannot avoid location-based ads, investigation finds

The Guardian Data Protection

No combination of settings can stop location data being used by advertisers, says report Facebook targets users with location-based adverts even if they block the company from accessing GPS on their phones, turn off location history in the app, hide their work location on their profile and never use the company’s “check in” feature, according to an investigation published this week.

Privacy 97
article thumbnail

Retail in 2019 needs security precautions

Thales Cloud Protection & Licensing

As the retail industry follows suit with today’s digital transformation, customer expectations are at an all-time high. Retailers are looking to address these demands with interconnected experiences to give customers more personalized and immediate experiences both in-stores and online. But do these connected experiences actually live up to the hype?

Retail 99
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Google finds bug in Google+ – 52.5 million users affected

IT Governance

Google has announced yet another data breach affecting its Google+ social network. This incident is separate to the one that came to light in October, which prompted Google to announce that it would shut Google+ down – a decision that the Wall Street Journal said was calculated to avoid reputational damage and regulatory interest. Following the latest incident, Google has decided to close Google+ four months earlier than originally planned.

article thumbnail

CVE-2018-15982 Adobe zero-day exploited in targeted attacks

Security Affairs

Adobe released security updates for Flash Player that address two vulnerabilities, including a critical flaw, tracked as CVE-2018-15982, exploited in targeted attacks. Adobe fixed two flaws including a critical use-after-free bug, tracked as CVE-2018-15982, exploited by an advanced persistent threat actor aimed at a healthcare organization associated with the Russian presidential administration.

Archiving 105
article thumbnail

A Chief Security Concern for Executive Teams

Krebs on Security

Virtually all companies like to say they take their customers’ privacy and security seriously, make it a top priority, blah blah. But you’d be forgiven if you couldn’t tell this by studying the executive leadership page of each company’s Web site. That’s because very few of the world’s biggest companies list any security executives in their highest ranks.

Security 210
article thumbnail

Hackers Intercepted EU Diplomatic Cables for 3 Years

Data Breach Today

Phishing Attack Against Cyprus Stole Access Passwords, New York Times Reports For the past three years, hackers have been intercepting sensitive diplomatic cables sent between EU member states after stealing passwords for accessing the EU network via a phishing attack against diplomats in Cyprus, The New York Times reports.

Phishing 248
article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

Foreign Trolls Are Targeting Veterans on Facebook

WIRED Threat Level

Opinion: The VA needs to take preventative measures to protect vets—and more broadly, our democracy—from digital manipulation and fraud.

Security 111
article thumbnail

Bad Consumer Security Advice

Schneier on Security

There are lots of articles about there telling people how to better secure their computers and online accounts. While I agree with some of it, this article contains some particularly bad advice: 1. Never, ever, ever use public (unsecured) Wi-Fi such as the Wi-Fi in a café, hotel or airport. To remain anonymous and secure on the Internet, invest in a Virtual Private Network account, but remember, the bad guys are very smart, so by the time this column runs, they may have figured out a way to hack

article thumbnail

Your DPO questions answered

IT Governance

Organisations have had to get a lot more serious about data processing and information security since the EU GDPR (General Data Protection Regulation) came into effect earlier this year. For many, that has included the mandatory appointment of a DPO (data protection officer) to ensure key requirements of the Regulation are being met. But with so many uncertainties about what effective data protection should look like, many DPOs have been thrust into the role without time to think about how best

article thumbnail

NASA data breach – The agency notifies employees of a security intrusion

Security Affairs

U.S. National Aeronautics and Space Administration (NASA) notifies employees of a data breach that exposed social security numbers and other personal information. According to the data breach notification, hackers have breached at least one of the agency’s servers, the security breach impacted both past and present employees. . Website SpaceRef published a data breach notification note sent by the NASA to its employees, the Agency informed them of an ongoing investigation due to an intrusion int

article thumbnail

The Big Payoff of Application Analytics

Outdated or absent analytics won’t cut it in today’s data-driven applications – not for your end users, your development team, or your business. That’s what drove the five companies in this e-book to change their approach to analytics. Download this e-book to learn about the unique problems each company faced and how they achieved huge returns beyond expectation by embedding analytics into applications.

article thumbnail

A Breach, or Just a Forced Password Reset?

Krebs on Security

Software giant Citrix Systems recently forced a password reset for many users of its Sharefile content collaboration service, warning it would be doing this on a regular basis in response to password-guessing attacks that target people who re-use passwords across multiple Web sites. Many Sharefile users interpreted this as a breach at Citrix and/or Sharefile, but the company maintains that’s not the case.

Passwords 204
article thumbnail

Marriott Mega-Breach: Will GDPR Apply?

Data Breach Today

Legal Experts Suspect So, But Investigation Could Take a Year or More Will Marriott be the first organization that lost control of Europeans' personal data to feel the full force of the EU's General Protection Regulation? With GDPR in full effect since May, organizations with data security practices face the potential of massive fines.

GDPR 247
article thumbnail

A Short Cybersecurity Writing Course Just for You

Lenny Zeltser

My new writing course for cybersecurity professionals teaches how to write better reports, emails, and other content we regularly create. It captures my experience of writing in the field for over two decades and incorporates insights from other community members. It’s a course I wish I could’ve attended when I needed to improve my own security writing skills.