July, 2018

Google: Security Keys Neutralized Employee Phishing

Krebs on Security

Google has not had any of its 85,000+ employees successfully phished on their work-related accounts since early 2017, when it began requiring all employees to use physical Security Keys in place of passwords and one-time codes, the company told KrebsOnSecurity. A YubiKey Security Key made by Yubico.

UK to Establish Court for Cybercrime in London

Data Breach Today

The Facility Will Also Handle Economic Crime And Fraud Cases The U.K. has approved a plan to build a cutting-edge court complex in London designed to handle cybercrime, fraud and economic crime. The facility is expected to be a growth driver for the country's legal industry, despite the U.K.'s

4 Basic Principles to Help Keep Hackers Out

Dark Reading

The most effective hackers keep things simple, something organizations must take into account


Cryptojacking Displaces Ransomware as Top Malware Threat

Data Breach Today

Criminals' Quest for Cryptocurrency Continues If 2017 was the year of ransomware innovation, 2018 is well on its way to being known as the year of cryptocurrency mining malware. Numerous studies have found that the most seen malware attacks today are designed for cryptojacking.

Tokenization: Ready for Prime Time

Thales eSecurity

The digital transformation has changed how the world does business. It has created whole new enterprises and industries, but it has also left many organizations vulnerable to new and destructive threats.

UK government cracks down on cyber security

IT Governance

To improve cyber risk governance among public-sector departments and their suppliers, the UK government has issued a series of minimum cyber security standards that will be incorporated into the Government Functional Standard for Security.

More Trending

The GDPR for the Little Guy (or Gal)

Weissman's World

What is the GDPR? The GDPR is the European Union’s General Data Protection Regulation, and as the EU’s new take on privacy protection, it took effect a month ago to much fanfare.

GDPR 190

Warm words for the UK's intelligence privacy practices from the UN

Data Protector

I t’s not often that the UK is praised for the manner in which its intelligence agencies adopt appropriate data protection standards. So let's give due acknowledgement to Joe Cannataci, the UN’s Special Rapporteur on the right to privacy, who has recently used some very warm words to comment on these privacy practices.

Course 120

California's New Privacy Law: It's Almost GDPR in the US

Data Breach Today

But Tech Giants are Taking Aim at the Law, Which Can Be Amended Until 2020 California's legislature has quickly introduced and passed new privacy legislation, making the state's laws the strongest in the U.S.

GDPR 209

Here's Why Your Static Website Needs HTTPS

Troy Hunt

Demo 114

A Landmark Legal Shift Opens Pandora’s Box for DIY Guns

WIRED Threat Level

Cody Wilson makes digital files that let anyone 3-D print untraceable guns. The government tried to stop him. He sued—and won. Backchannel Security

LifeLock Bug Exposed Millions of Customer Email Addresses

Krebs on Security

Identity theft protection firm LifeLock — a company that’s built a name for itself based on the promise of helping consumers protect their identities online — may have actually exposed customers to additional attacks from ID thieves and phishers.

On Leaving the Bay Area

John Battelle's Searchblog

I first moved to the Bay area in 1983. I graduated from high school, spent my summer as an exchange student/day laborer in England (long story), then began studies at Berkeley, where I had a Navy scholarship (another long story). 35 years ago.

NEW TECH: DataLocker introduces encrypted flash drive — with key pad

The Last Watchdog

One sliver of the $90 billion, or so, companies are expected to spend this year on cybersecurity products and services is an estimated $85 million they will shell out for encrypted flash drives. One of more fascinating innovators in this space is 11-year-old DataLocker, based in Overland Park, Kansas. Related: How DataLocker got its start h. Co-founder Jay took a business trip to South Korea in the fall of 2007.

Trump's DNC 'Server' Conspiracy Rebutted

Data Breach Today

President Continues to Dismiss Russian Hacking Attribution, Backs Putin's Denials Asked in a press conference if he would denounce Russia for interfering in U.S. elections, President Trump responded with a conspiracy theory about a missing DNC server.

List of data breaches and cyber attacks in July 2018 – 139,731,894 million records leaked

IT Governance

Another month passes where I’m left thinking ‘I should really create a Healthcare category’. So, from next month – I’ll be doing exactly that. There were some incredibly sensitive breaches this month, the majority of which were caused by human error.

Identifying People by Metadata

Schneier on Security

Interesting research: " You are your Metadata: Identification and Obfuscation of Social Media Users using Metadata Information ," by Beatrice Perez, Mirco Musolesi, and Gianluca Stringhini.

State Govts. Warned of Malware-Laden CD Sent Via Snail Mail from China

Krebs on Security

Here’s a timely reminder that email isn’t the only vector for phishing attacks: Several U.S. state and local government agencies have reported receiving strange letters via snail mail that include malware-laden compact discs (CDs) apparently sent from China, KrebsOnSecurity has learned.

How Cloudflare Uses Lava Lamps to Guard Against Hackers

WIRED Threat Level

Inside Cloudflare's San Francisco office, 100 units of Edward Craven Walker’s groovy hardware help guard the internet. Security

How ‘digital transformation’ gave birth to a new breed of criminal: ‘machine-identity thieves’

The Last Watchdog

There’s a new breed of identity thief at work plundering consumers and companies. However, these fraudsters don’t really care about snatching up your credentials or mine. By now, your personal information and mine has been hacked multiple times and is readily on sale in the Dark Web. This has long been true of the vast majority of Americans. Related article: 7 hacks signaling a coming global cyber war. The identities most sought after by cyber criminals today are those associated with machines.

How IoT Changes Security

Data Breach Today

Steve Rog of ForeScout Technologies on Improving Security Hygiene The growth of IoT means traditional methods of security are inadequate, says Steve Rog of ForeScout Technologies, who calls for improvements in security hygiene

IoT 208

CCTV and the GDPR – an overview for small businesses

IT Governance

As of 25 May 2018, organisations that use CCTV to capture images of individuals are processing personal data as defined by the GDPR (General Data Protection Regulation) and must comply with the Regulation’s requirements.


The Poor Cybersecurity of US Space Assets

Schneier on Security

Good policy paper (summary here ) on the threats, current state, and potential policy solutions for the poor security of US space systems. academicpapers cybersecurity nationalsecuritypolicy

‘LuminosityLink RAT’ Author Pleads Guilty

Krebs on Security

Tools 190

Apple's China-Friendly Censorship Caused an iPhone-Crashing Bug

WIRED Threat Level

The bug serves as a reminder of China-friendly censorship code hidden in all iOS devices. Security

MY TAKE: Here’s why identities are the true firewalls, especially as digital transformation unfolds

The Last Watchdog

Was it really that long ago that company networks were comprised of a straightforward cluster of servers, data bases, applications and user devices corralled largely on premises? Related article: Taking a ‘zero-trust’ approach to authentication. In today’s digitally transformed environment, companies must monitor and defend systems housed on-premises and in overlapping public and private clouds.

Bank Hackers Exploit Outdated Router to Steal $1 Million

Data Breach Today

Groups 206

The Tragedy of the Data Commons

John Battelle's Searchblog

Before, and after? A theme of my writing over the past ten or so years has been the role of data in society. I tend to frame that role anthropologically: How have we adapted to this new element in our society?

Data 84

New Report on Chinese Intelligence Cyber-Operations

Schneier on Security

The company ProtectWise just published a long report linking a bunch of Chinese cyber-operations over the past few years. The always interesting gruqq has some interesting commentary on the group and its tactics.

Notorious ‘Hijack Factory’ Shunned from Web

Krebs on Security

Facebook Gave Russian Internet Giant Special Data Extension

WIRED Threat Level

also ran hundreds of apps on Facebook at a time when the platform’s policies allowed app developers to collect their users' friends' data. Security

Data 84

GUEST ESSAY: Theft of MQ-9 Reaper docs highlights need to better protect ‘high-value assets’

The Last Watchdog

The discovery of sensitive U.S. military information for sale on the Dark Web for a nominal sum, in and of itself, is unfortunate and unremarkable. However, details of the underlying hack , ferreted out and shared by researchers of the Insikt Group, an arm of the security research firm Recorded Future, are most welcomed. They help frame wider questions, and pave the way for improved best practices.

Hospital Diverts Ambulances Due to Ransomware Attack

Data Breach Today

Latest Cyber Incident Spotlights Impact on Patient Care A ransomware attack that forced a Missouri medical center to divert ambulances carrying trauma and stroke patients to other facilities serves as reminder of the impact cyberattacks can have on healthcare delivery. What are the lessons to learn

Knock, Knock; Who’s There? – IoT Device Identification & Data Integrity Is No Joke

Thales eSecurity

The Internet of Things (IoT) is very crowded. Connected devices outnumber people. The United Nations estimates the current world population at 7.6 billion 1 , and Gartner projects over 20.8 billion devices will be connected to the Internet by 2020 2.

IoT 83