News

Presently sponsored by: Going beyond the perimeter: what a 'zero-trust' approach to security means and how to get started. Download the guide by Duo Security.

Hey, did you hear that Facebook are going to start using your personal photos in whatever way they see fit? For real, it's going to start tomorrow unless you act quickly! All you have to do is copy and paste this message onto your own Facebook page and wammo -

Presently sponsored by: Going beyond the perimeter: what a 'zero-trust' approach to security means and how to get started. Download the guide by Duo Security.

If you're reading this, chances are you've arrived here from a link I sent you via email. That email would have been a reply to one you originally sent to me that would have sounded something like this:

Hi, I came across your blog on [thing] and I must admit,

Presently sponsored by: Going beyond the perimeter: what a 'zero-trust' approach to security means and how to get started. Download the guide by Duo Security.

I actually lost track of what week it was at the start of this video. Did I do the Aussie workshops last week? Or the week before? I know I was at home so... it's just all becoming a blur. But be that as it may, life marches on and

Presently sponsored by: Going beyond the perimeter: what a 'zero-trust' approach to security means and how to get started. Download the guide by Duo Security.

How much can you trust the assertions made by an organisation regarding their security posture? I don't mean to question whether the statements are truthful or not, but rather whether they provide any actual assurance whatsoever. For example, nearly 5 years ago now I wrote about how "we take security

Presently sponsored by: Going beyond the perimeter: what a 'zero-trust' approach to security means and how to get started. Download the guide by Duo Security.

This has been an absolutely flat-out week between running almost 3 hours of our free Cyber-Broken talk with Scott Helme, doing an hour of code with Ari each day (and helping get up to speed with remote schooling) then running our Hack Yourself First workshop on Aussie time zones the

Presently sponsored by: Going beyond the perimeter: what a 'zero-trust' approach to security means and how to get started. Download the guide by Duo Security.

Over the last 2 years I've been gradually welcoming various governments from around the world onto Have I Been Pwned (HIBP) so that they can have full and unfettered access to the list of email addresses on their domains impacted by data breaches. Today, I'm very happy to announce the

Presently sponsored by: Going beyond the perimeter: what a 'zero-trust' approach to security means and how to get started. Download the guide by Duo Security.

Strange times, these. But equally, a time to focus on new things and indeed a time to pursue experiences we might not have done otherwise. As Ari now spends his days learning from home, I wanted to really start focusing more on his coding not just for his own benefit,

Presently sponsored by: Going beyond the perimeter: what a 'zero-trust' approach to security means and how to get started. Download the guide by Duo Security.

Geez, where do I even begin? I honestly wasn't sure, then I could hear the kids playing in the background whilst I was setting up and per the video thought "yeah, stuff it, I'll leave that in" because as messed up as a bunch of stuff is, life goes on.

Presently sponsored by: Going beyond the perimeter: what a 'zero-trust' approach to security means and how to get started. Download the guide by Duo Security.

Subject: Data Breach of [your service]

Hi, my name is Troy Hunt and I run the ethical data breach notification service known as Have I Been Pwned: https://haveibeenpwned.com

People regularly send me data from compromised systems which are being traded amongst individuals who collect breaches. Recently, a collection

Presently sponsored by: Going beyond the perimeter: what a 'zero-trust' approach to security means and how to get started. Download the guide by Duo Security.

We're live! Video embedded below:

Under normal circumstances, we'd be sitting on a stage, beers in hands and doing our (I think we can use this term now) "world famous" Cyber-broken talk.

It's like Top gear for nerds. @troyhunt #NDCLondon pic.twitter.com/wxzhM6uOCG

— HarryMiller (@HarryMillerr) January

Presently sponsored by: Going beyond the perimeter: what a 'zero-trust' approach to security means and how to get started. Download the guide by Duo Security.

Of course it's virtual because let's face it, nobody is going anywhere at the moment. Plenty of you aren't even going into an office any more let alone fronting up to a conference with hundreds or even thousands of people. That sucks for you because you end up both missing

Presently sponsored by: Going beyond the perimeter: what a 'zero-trust' approach to security means and how to get started. Download the guide by Duo Security.

Geez, where do you even begin given how the world has turned just in the last week? I spend a good quarter hour at the start of this video talking about what I'll be doing, namely getting on with business and running a bunch of public workshops remotely in conjunction

Presently sponsored by: Going beyond the perimeter: what a 'zero-trust' approach to security means and how to get started. Download the guide by Duo Security.

I hate dodgy WiFi, hate it with a passion. I finally lost my mind with it a few years ago now so I went and shelled out good money on the full suite of good Ubiquiti gear. I bought a security gateway to do DHCP, a couple of switches for

Presently sponsored by: Going beyond the perimeter: what a 'zero-trust' approach to security means and how to get started. Download the guide by Duo Security.

This is the big one. It's all HIBP and Project Svalbard top to bottom this week and I've chosen to exclude everything else in its favour. This is just such an essential part of not just the HIBP narrative, but indeed the narrative of my career and what gets me

Presently sponsored by: Going beyond the perimeter: what a 'zero-trust' approach to security means and how to get started. Download the guide by Duo Security.

Since launching version 2 of Pwned Passwords with the k-anonymity model just over 2 years ago now, the thing has really gone nuts (read that blog post for background otherwise nothing from here on will make much sense). All sorts of organisations are employing the service to keep passwords from

With Zoom – and Zoom-bombing – being all the rage, here’s why the app’s default password settings may be leaving the backdoor wide open

The post Ever needed a Zoom password? Probably not. But why not? appeared first on WeLiveSecurity

ESET Chief Security Evangelist Tony Anscombe shares advice on how to keep your virtual meet-ups private and safe while you're holed up at home during the pandemic

The post Top tips for videoconferencing security appeared first on WeLiveSecurity

The users' personal data are now up for grabs on the dark web for anywhere between US$3,500 and US$22,000 worth of Bitcoin

The post 600,000 people affected in email provider breach appeared first on WeLiveSecurity

Losing your smartphone can be expensive, but the cost of the device may not be the final price you’ll be paying

The post What to do you if your phone is lost or stolen appeared first on WeLiveSecurity

Staying safe from coronavirus-themed scams – Securing remote desktop connections – The security risks of videoconferencing

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

The seemingly insatiable demand among people and businesses alike helps reveal a rash of privacy and security issues facing the platform

The post Zoom’s privacy and security woes in the spotlight appeared first on WeLiveSecurity

As work from home is the new norm in the coronavirus era, you’re probably thinking of enabling remote desktop connections for your off-site staff. Here’s how to do it securely.

The post Work from home: Securing RDP and remote access appeared first on WeLiveSecurity

Bad actors accessed a range of personally identifiable information, including names, dates of birth and a lot more

The post Marriott hacked again, 5.2 million guests affected appeared first on WeLiveSecurity

The scam machine shows no signs of slowing down, as fraudsters dispense bogus health advice, peddle fake testing kits and issue malware-laced purchase orders

The post Coronavirus con artists continue to spread infections of their own appeared first on WeLiveSecurity

With World Backup Day upon us, we walk you through the ways to back up your iPhone or Android phone so that your personal information remains safe

The post Have you backed up your smartphone lately? appeared first on WeLiveSecurity

With COVID-19 concerns canceling face-to-face meetings, be aware of the security risks of videoconferencing and how to easily overcome them

The post Work from home: Videoconferencing with security in mind appeared first on WeLiveSecurity

What COVID-19 may mean for privacy rights – Managing supply-chain risks – Two Windows zero-days remain unpatched

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

If we can’t secure the supply chain, eventually everything else will break

The post What happens when the global supply chain breaks? appeared first on WeLiveSecurity

Getting cybersecurity right in the work-from-home world can feel daunting. ESET Chief Security Evangelist Tony Anscombe shares 6 best practices that will steer you in the right direction.

The post 6 tips for safe and secure remote working appeared first on WeLiveSecurity

If left unpatched, a firmware flaw in some enterprise-class solid-state drives could make data on them unrecoverable as early as this fall

The post HPE issues fix to stop some SSDs from self‑destructing appeared first on WeLiveSecurity

As the world turns to technology to track and contain the COVID-19 pandemic, could this spell the end of digital privacy rights?

The post Public health vs. personal privacy: Choose only one? appeared first on WeLiveSecurity

Updates for the critical-rated vulnerabilities, which are being actively exploited in the wild, are still weeks away

The post Microsoft warns of two Windows zero‑day flaws appeared first on WeLiveSecurity

A prolific ransomware gang vows to dial back its campaigns and spare healthcare organizations altogether during the COVID-19 crisis. It’s no cause for celebration.

The post The good, the bad and the plain ugly appeared first on WeLiveSecurity

How to transition to a remote workforce in a safe manner – How to protect yourself from COVID-19 scams – Stantinko's miner caught using new obfuscation techniques

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

How can employees stay motivated and productive while teleworking during the COVID-19 crisis?

The post Keep calm and carry on working (remotely) appeared first on WeLiveSecurity

Losing access to your account can be stressful, but there are steps you can take to get it back – and to avoid getting hacked again

The post What to do if your Twitter account has been hacked appeared first on WeLiveSecurity

Not all they’re cracked up to be? Several password vaults contain vulnerabilities, both new and previously disclosed but never patched, a study says

The post Security flaws found in popular password managers appeared first on WeLiveSecurity

Remote work can be much safer with the right cyber‑hygiene practices in place – multi‑factor authentication is one of them

The post Work from home: Improve your security with MFA appeared first on WeLiveSecurity

ESET researchers bring to light unique obfuscation techniques discovered in the course of analyzing a new cryptomining module distributed by the Stantinko group’s botnet

The post Stantinko’s new cryptominer features unique obfuscation techniques appeared first on WeLiveSecurity

As the COVID-19 pandemic has many organizations switching employees to remote work, a virtual private network is essential for countering the increased security risks

The post Work from home: How to set up a VPN appeared first on WeLiveSecurity

The warning highlights one of the potential risks associated with revealing too much private information online

The post FBI warns of human traffickers luring victims on dating apps appeared first on WeLiveSecurity

As the pandemic forces many employees to work from home, can your organization stay productive – and safe?

The post COVID‑19 and the shift to remote work appeared first on WeLiveSecurity

From malware-laden emails to fake donations, these are some of the most common cons you should watch out for amid the public health crisis

The post Beware scams exploiting coronavirus fears appeared first on WeLiveSecurity

ESET research into Turla's new campaign – What is CEO fraud and how to defend against it – How Microsoft enterprise accounts get hacked

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

An unknown number of people had their personal data exposed as hackers accessed database backup files

The post Radio.com users affected in data breach appeared first on WeLiveSecurity

What is CEO fraud, why is it so prevalent, and how can organizations recognize and defend themselves against these scams?

The post 4:15 p.m.: An urgent message from the CEO appeared first on WeLiveSecurity

Does your child dream of becoming a YouTube or Instagram celebrity? The influencer lifestyle is not as picture-perfect as it may seem.

The post The pitfalls of being an influencer: What parents should know and do appeared first on WeLiveSecurity

The incident affected our office network, says ENTSO-E, as it implements measures to avoid future cyber-incursions

The post European power grid organization hit by cyberattack appeared first on WeLiveSecurity

Can an old APT learn new tricks? Turla’s TTPs are largely unchanged, but the group recently added a Python backdoor.

The post Tracking Turla: New backdoor delivered via Armenian watering holes appeared first on WeLiveSecurity

NordVPN praised its bug bounty program and said that a fix had been shipped within two days

The post Flaw in popular VPN service may have exposed customer data appeared first on WeLiveSecurity

Only 11 percent of all enterprise accounts have multi-factor authentication enabled

The post Microsoft: 99.9 percent of hacked accounts didn’t use MFA appeared first on WeLiveSecurity

ESET research into the Guildma banking trojan – What can you do to stay safe from online fraud – Why become a cybersecurity professional

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

The misconfigured database was accessed by an unauthorized party on at least one occasion

The post Virgin Media data leak exposes details of almost 1 million people appeared first on WeLiveSecurity

The fourth installment of our occasional series demystifying Latin American banking trojans

The post Guildma: The Devil drives electric appeared first on WeLiveSecurity

ESET Chief Security Evangelist Tony Anscombe sat down with us to share his insights on how to avoid falling prey to online fraud

The post Fraud Prevention Month: How to protect yourself from scams appeared first on WeLiveSecurity

With access to text messages and the ability to make fraudulent phone calls, attackers could wreak more damage than you'd think

The post Voice assistants can be hacked with ultrasonic waves appeared first on WeLiveSecurity

By contrast, two other web browsers share identifiers that are tied to the device hardware and so persist even across fresh installs

The post Brave comes out on top in browser privacy study appeared first on WeLiveSecurity

From competitive salaries to ever-evolving job descriptions, there are myriad reasons why a cybersecurity career could be right for you

The post 5 reasons to consider a career in cybersecurity appeared first on WeLiveSecurity

And how would you know if the algorithm was tampered with?

The post RSA 2020 – Is your machine learning/quantum computer lying to you? appeared first on WeLiveSecurity

ESET research uncovers a vulnerability in Wi-Fi chips – How to protect yourself against tax refund fraud – Clearview AI suffers a data breach

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

People in other parts of the world also have the option to flip on DNS encryption

The post Firefox turns on DNS over HTTPS by default for US users appeared first on WeLiveSecurity

The digital age has added a whole new dimension to hurtful behavior, and we look at some of the key features that set in-person and online bullying apart

The post Cyberbullying: How is it different from face‑to‑face bullying? appeared first on WeLiveSecurity

The startup came under scrutiny after it emerged that it had amassed 3 billion photos from social media for its facial recognition software

The post Facial recognition company Clearview AI hit by data theft appeared first on WeLiveSecurity

What the human battle against biological viruses can teach us about fighting computer infections – and vice versa

The post RSA 2020 – Hacking humans appeared first on WeLiveSecurity

With tax season – and tax scams – in full swing, here’s how fraudsters can steal your tax refund, and how you can avoid becoming a victim

The post Did someone file your taxes before you? appeared first on WeLiveSecurity