Archive
Blink Cameras Found with Multiple Vulnerabilities
Researchers found three broad types of vulnerabilities, one of which should be particularly concerning to consumers.
from Dark Reading: https://ift.tt/2t3qYip
via IFTTT
Security 101: What Is a Man-in-the-Middle Attack?
A breakdown of the common ways criminals employ MitM techniques to snare victims, and tips for protecting users from these dirty tricks.
from Dark Reading: https://ift.tt/2LKrRTI
via IFTTT
Intel’s CPU Flaws Continue to Create Problems for the Tech Community
We can’t wait out this problem and hope that it goes away. We must be proactive.
from Dark Reading: https://ift.tt/3428VWM
via IFTTT
CISO Magazine Honors KrebsOnSecurity
CISO Magazine, a publication dedicated to covering issues near and dear to corporate chief information security officers everywhere, has graciously awarded this author the designation of “Cybersecurity Person of the Year” in its December 2019 issue.
KrebsOnSecurity is grateful for the unexpected honor. But I can definitely think of quite a few people who are far more deserving of this title. In fact, if I’m eligible for any kind of recognition, perhaps “Bad News Harbinger of the Year” would be more apt.
As in years past, 2019 featured quite a few big breaches and more than a little public speaking. Almost without fail at each engagement multiple C-level folks will approach after my talk, hand me their business cards and say something like, “I hope you never have to use this, but if you do please call me first.”
I’ve taken that advice to heart, and now endeavor wherever possible to give a heads up to CISOs/CSOs about a breach before reaching out to the public relations folks. I fully realize that in many cases the person in that role will refer me to the PR department eventually or perhaps immediately.
But on balance, my experience so far is that an initial outreach to the top security person in the organization often results in that inquiry being taken far more seriously. And including this person in my initial outreach makes it much more likely that this individual ends up being on the phone when the company returns my call.
Too often, these conversations are led by the breached organization’s general counsel, which strikes me as an unnecessarily confrontational and strategically misguided approach. Especially if this is also their playbook for responding to random security researchers trying to let the company know about a dangerous security vulnerability, data breach or leak.
At least when there is a C-level security person on the phone when that call comes in I can be relatively sure I’m not going to get snowed on the technical details. While this may a distant concern for the organization in the throes of responding to a data security incident, the truth is that the first report is usually what gets repeated in the media — whether or not it is wholly accurate or fair.
This year’s CISO Magazine awards also honor the contributions of Rik Ferguson, vice president security research at Trend Micro, and Troy Hunt, an expert on web security and author of the data breach search website Have I Been Pwned? More at cisomag.com.
from Krebs on Security https://ift.tt/36l5z2E
via IFTTT
Only 53% of Security Pros Have Ownership of Workforce IAM
Most practitioners report an increase in identities, but many don’t have control over how those identities are protected from a range of attacks.
from Dark Reading: https://ift.tt/38pY2kY
via IFTTT
Data leak exposes 750,000 birth certificate applications
A variety of sensitive information has been there for the taking due to an unsecured cloud storage container
The post Data leak exposes 750,000 birth certificate applications appeared first on WeLiveSecurity
from WeLiveSecurity https://ift.tt/2YBWHTO
via IFTTT
Deliver a Deadly Counterpunch to Ransomware Attacks: 4 Steps
You can’t prevent all ransomware attacks. However, it’s possible to ensure that if a breach happens, it doesn’t spread, affect business, and become a newsworthy event.
from Dark Reading: https://ift.tt/2P6fyD6
via IFTTT
