News

Presently sponsored by: Duo Security: Going Passwordless - The Future of Authentication. Get the guide on how you can build toward a fully passwordless future.

Last week, I received my 10th Microsoft Most Valuable Professional award. Being recognised as an MVP was a pivotal moment in my career and to continue receiving the award all these years later is an honour. Particularly given recent events that have made it exceptionally difficult to sustain community contributions

Presently sponsored by: Duo Security: Going Passwordless - The Future of Authentication. Get the guide on how you can build toward a fully passwordless future.

Well, no surprises here: this week's update is dominated by Thursday's blog post about sustaining performance under extreme stress. The feedback on that post has been absolutely phenomenal; tweets, comments, DMs, emails, phone calls, all enormously supportive. Many of them also shared people's own personal struggles, ones which I think

Presently sponsored by: Duo Security: Going Passwordless - The Future of Authentication. Get the guide on how you can build toward a fully passwordless future.

I started writing this blog post alone in a hotel room in Budapest last September. It was at the absolute zenith of stress; a time when I had never been under as much pressure as I was right at that moment. Project Svalbard (the sale of HIBP which ultimately turned

Presently sponsored by: Duo Security: Going Passwordless - The Future of Authentication. Get the guide on how you can build toward a fully passwordless future.

I'm literally surrounded by broken pieces of half finished repairs. My office is usually a pretty organised place so it's kinda frustrating, but then I'm replacing equipment that's seen up to a decade or more of solid use so that's not a bad run. Amidst all that, I've well and

Presently sponsored by: Duo Security: Going Passwordless - The Future of Authentication. Get the guide on how you can build toward a fully passwordless future.

All my things are breaking 😭 Mic broke, PC broke, boat shed handle broke, fridges (both of them) broke, fireplace broke, roof broke... and that's just the stuff I could remember in the live stream. But in happier news, listening back to that video now I'm really happy with the audio

Presently sponsored by: Duo Security: Going Passwordless - The Future of Authentication. Get the guide on how you can build toward a fully passwordless future.

Today, almost one year after the release of version 5, I'm happy to release the 6th version of Pwned Passwords. The data set has increased from 555,278,657 known compromised passwords to a grand total of 572,611,621, up 17,332,964‬ (just over 3%). As with previous

Presently sponsored by: Duo Security: Going Passwordless - The Future of Authentication. Get the guide on how you can build toward a fully passwordless future.

This week's update had a bunch of people drop by and discussion tended to jump around a bit, but frankly it's kinda nice to have some interaction in an era where we're not really doing as much of that any more. The IoT topic got some good engagement as did

Presently sponsored by: Duo Security: Going Passwordless - The Future of Authentication. Get the guide on how you can build toward a fully passwordless future.

The photo up the top of this blog post was taken 259 days ago, 15 and a half thousand kilometres away in Budapest and with 1.3 billion records less in Have I Been Pwned. It was also taken in an environment that unbeknownst to all of us at the

Presently sponsored by: Duo Security: Going Passwordless - The Future of Authentication. Get the guide on how you can build toward a fully passwordless future.

It's a total mixed bag this week with a couple of new blog posts thrown in to boot. An award at an event nobody could attend, a SQL injection pattern in an HIBP email that wiped an entire DB, a disinformation campaign by "Anonymous" amidst a tumultuous time in the

Presently sponsored by: Duo Security: Going Passwordless - The Future of Authentication. Get the guide on how you can build toward a fully passwordless future.

Pwned again. Damn. That's me who's pwned again because my personal data has just turned up in yet another incident from a source I can't attribute. Less than 3 weeks ago I wrote about The Unattributable "db8151dd" Data Breach which, after posting that blog post and a sample of my

Presently sponsored by: Duo Security: Going Passwordless - The Future of Authentication. Get the guide on how you can build toward a fully passwordless future.

The situation in Minneapolis at the moment (and many other places in the US) following George Floyd's death is, I think it's fair to say, extremely volatile. I wouldn't even know where to begin commentary on that, but what I do have a voice on is data breaches which prompted

Presently sponsored by: Duo Security: Going Passwordless - The Future of Authentication. Get the guide on how you can build toward a fully passwordless future.

First time back in a restaurant! Wandering down my local dining area during the week, I was rather excited to see a cafe that wasn't just open, but actually had spare seating. Being limited to only 10 patrons at present, demand is well in excess of supply and all you

Presently sponsored by: Duo Security: Going Passwordless - The Future of Authentication. Get the guide on how you can build toward a fully passwordless future.

Hey, check out that haircut! And shirt! It's almost like I'm a professional again 😊 Come Monday, schools here return as usual so I figured it was time for both my son and I to head to the barber. Other events of the day had me sprucing up to a level

Presently sponsored by: Duo Security: Going Passwordless - The Future of Authentication. Get the guide on how you can build toward a fully passwordless future.

I was reticent to write this blog post because it leaves a lot of questions unanswered, questions that we should be able to answer. It's about a data breach with almost 90GB of personal information in it across tens of millions of records - including mine. Here's what I know:

Presently sponsored by: Duo Security: Going Passwordless - The Future of Authentication. Get the guide on how you can build toward a fully passwordless future.

I think I'm going to stick with the live weekly update model for the foreseeable future. It makes life so much easier when it comes to editing, rendering and uploading and it means I always have something out on time. So, that's that, other news this week is mostly just

The vulnerability, which received the highest possible severity score, leaves thousands of devices at risk of being taken over by remote attackers. A patch is available.

The post Attackers target critical flaw in popular networking gear appeared first on WeLiveSecurity

How (over)sharing your children’s triumphs and antics with the world may impact their immediate and distant future – and how to reduce the risks of ‘sharenting’

The post Raising children in the social media limelight? Pause before you post appeared first on WeLiveSecurity

The Federal Reserve looks at ways to counter what is thought to be the fastest-growing type of financial crime in the country

The post Fed shares insight on how to combat synthetic identity fraud appeared first on WeLiveSecurity

Brute-force attacks against RDP surge – Is contact tracing the answer to ending the COVID-19 crisis? – Microsoft ships urgent security updates

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

European police infiltrate EncroChat, go on to crack down on crime kingpins and seize guns, drugs, cars and millions in cash

The post Hundreds arrested after police crack encrypted chat network appeared first on WeLiveSecurity

The cybercriminal behind the ransom raids on almost 23,000 databases threatens to leak the data and alert GDPR regulators

The post Thousands of MongoDB databases ransacked, held for ransom appeared first on WeLiveSecurity

The out-of-band update plugs two remote code execution bugs in the Windows Codecs library, including one rated as critical

The post Microsoft releases emergency update to fix two serious Windows flaws appeared first on WeLiveSecurity

Can a technological intervention stem the pandemic while avoiding the privacy pitfalls of location tracking?

The post COVID‑19 contact tracing – technology panacea or privacy nightmare? appeared first on WeLiveSecurity

Poorly secured remote access attracts mostly ransomware gangs, but can provide access to coin miners and backdoors too

The post Remote access at risk: Pandemic pulls more cyber‑crooks into the brute‑forcing game appeared first on WeLiveSecurity

Android ransomware posing as a COVID-19 tracing app – Ill-trained and ill-equipped newly-minted remote workers – How Bitcoin giveaway scams misuse Elon Musk's name

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

A password manager can make your digital life both simpler and more secure. Are there any downsides to relying on software to create and store your passwords?

The post What is a password manager and why is it useful? appeared first on WeLiveSecurity

In a move lauded by privacy advocates, Boston joins the ranks of cities that have voted down the municipal use of the technology

The post Facial recognition technology banned in another US city appeared first on WeLiveSecurity

ESET researchers dissect an Android app that masquerades as an official COVID-19 contact-tracing app and encrypts files on the victim's device

The post New ransomware posing as COVID‑19 tracing app targets Canada; ESET offers decryptor appeared first on WeLiveSecurity

And many of them didn’t receive any new security training or tools from their employer to properly secure the devices, a study finds

The post Majority of new remote employees use their personal laptops for work appeared first on WeLiveSecurity

The giveaway scheme uses the tech titan’s name as part of Bitcoin addresses for extra credibility

The post Scam uses Elon Musk’s name to trick people out of US$2 million in bitcoin appeared first on WeLiveSecurity

ESET research into Operation In(ter)ception and InvisiMole's latest shenanigans – Security flaws in countless IoT devices

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

Cyberbullying can happen to anyone, at any time – and at any age. How can adults deal with various forms of online abuse and harassment?

The post Cyberbullying: Adults can be victims too appeared first on WeLiveSecurity

ESET researchers reveal the modus operandi of the elusive InvisiMole group, including newly discovered ties with the Gamaredon group

The post Digging up InvisiMole’s hidden arsenal appeared first on WeLiveSecurity

Devices used in the energy, transportation and communications sectors are also affected by the flaws in the TCP/IP software library

The post Ripple20 bugs expose hundreds of millions of devices to attacks appeared first on WeLiveSecurity

ESET researchers uncover targeted attacks against high-profile aerospace and military companies

The post Operation In(ter)ception: Aerospace and military companies in the crosshairs of cyberspies appeared first on WeLiveSecurity

The unsolicited phone calls tout everything from miracle cures to financial relief – here's how you can stay safe

The post Survey shows rise in scam robocalls amid COVID‑19 fears appeared first on WeLiveSecurity

The owners of the vulnerable indoor cameras are advised to unplug the devices immediately

The post Warning issued over hackable security cameras appeared first on WeLiveSecurity

ESET research into Gamaredon's tricks – A flawed online voting platform – Massive hack-for-hire campaigns

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

Watch out for attacks attempting to take advantage of the lockdown-induced surge in mobile banking use

The post FBI warns about fraudsters targeting banking app users appeared first on WeLiveSecurity

Active APT group adds cunning remote template injectors for Word and Excel documents; unique Outlook mass-mailing macro

The post Gamaredon group grows its game appeared first on WeLiveSecurity

An obscure Indian company operated a scheme targeting non-profits, banks, politicians and journalists all over the world, a report says

The post Vast hack‑for‑hire scheme targeted thousands of people, organizations appeared first on WeLiveSecurity

The latest Patch Tuesday knocks out a record-high number of vulnerabilities, including new bugs in the SMB protocol

The post Microsoft ships hefty patch load this month appeared first on WeLiveSecurity

Bad actors could tamper with ballots cast via OmniBallot without being detected by voters, election officials or the tool’s developer, a study finds

The post Alarm sounded over security risks in online voting system appeared first on WeLiveSecurity

The tech giant wants developers of password managers to collaborate for better user experience and security

The post Apple hopes to bolster password security with open source project appeared first on WeLiveSecurity

A deep-clean of your Facebook history – Google's Advanced Protection-Nest integration – Talking to your kids before they join social media

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

From the humble passcode to biometric authentication, there are quite a few options to lock your Android phone. But which of them are more secure than the others?

The post How secure is your phone’s lock screen? appeared first on WeLiveSecurity

The browser maker rolls out updates on back-to-back days, including a patch to avoid unintentionally overloading DNS providers

The post Mozilla fixes five high‑risk Firefox flaws, bug in DoH feature appeared first on WeLiveSecurity

Dealing with skeletons lurking in your Facebook closet has never been easier

The post Facebook now lets you delete old posts in bulk appeared first on WeLiveSecurity

You can now shore up your smart home security by leveraging Google's top security offering

The post Google adds Nest devices to Advanced Protection Program appeared first on WeLiveSecurity

The tech giant rewards the bug bounty hunter who found the severe flaw in its login mechanism with US$100,000

The post Bug in ‘Sign in with Apple’ could have allowed account hijacking appeared first on WeLiveSecurity

What are some of the key things your children should know about before they make their first foray into social media?

The post 3 things to discuss with your kids before they join social media appeared first on WeLiveSecurity

New ESET research into Turla's malicious toolkit – GDPR turns two – Critical flaw in Android devices

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

And most people don’t change their password even after hearing about a breach, a survey finds

The post People know reusing passwords is risky – then do it anyway appeared first on WeLiveSecurity

Left unpatched, the vulnerability could expose almost all Android users to the risk of having their personal data intercepted by attackers

The post Critical Android flaw lets attackers hijack almost any app, steal data appeared first on WeLiveSecurity

A hack-and-extort campaign takes aim at poorly secured databases replete with customer information that can be exploited for further attacks

The post Crooks threaten to leak customer data stolen from e‑commerce sites appeared first on WeLiveSecurity

Turla has updated its ComRAT backdoor and now uses the Gmail web interface for Command and Control

The post From Agent.BTZ to ComRAT v4: A ten‑year journey appeared first on WeLiveSecurity

Has the landmark law helped build a culture of privacy in organizations and have consumers become more wary of sharing their personal data?

The post Two years later, has GDPR fulfilled its promise? appeared first on WeLiveSecurity

ESET research into Winnti Group's new backdoor – A dangerous Android app under the microscope – The BIAS Bluetooth bug

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

ESET researchers detect a new way of misusing Accessibility Service, the Achilles’ heel of Android security

The post Insidious Android malware gives up all malicious features but one to gain stealth appeared first on WeLiveSecurity

Here’s how encryption can help keep your data safe from prying eyes – even if your device is stolen or your cloud account is hacked

The post How encryption can help protect your sensitive data appeared first on WeLiveSecurity

New features include DNS over HTTPS, a Safety Check section and simpler cookie management

The post Chrome 83 arrives with enhanced security and privacy controls appeared first on WeLiveSecurity

The notorious APT group continues to play the video game industry with yet another backdoor

The post No “Game over” for the Winnti Group appeared first on WeLiveSecurity

In the rush to embrace IoT devices, we shouldn’t trade in our privacy and security for the added convenience

The post These things may be cool, but are they safe? appeared first on WeLiveSecurity

As many as 30 different smartphones, laptops and other devices were tested – and all were found to be vulnerable

The post Bluetooth flaw exposes countless devices to BIAS attacks appeared first on WeLiveSecurity

Several high-performance computers working on COVID-19 research have been forced offline following a string of attacks

The post European supercomputers hacked to mine cryptocurrency appeared first on WeLiveSecurity