WHY IT MATTERS: Digital Transformation

How to get off of people search sites like Pipl, Spokeo, and WhitePages.

Market Guide for Security Threat Intelligence Products and Services. Key Findings:
- The term “threat intelligence” covers a diverse set of capabilities.
Client interest in industry-led government and commercial TI has increased significantly during the past two years. There are still large numbers of providers in this market, with startups also entering.
- The number and diversity of TI services, as well as expertise, have created an environment in which purchasers often struggle to compare services, and there’s still no single provider to address all of them. Many vendors can provide access to information; fewer provide truly anticipatory content or curation based on customized intelligence.
- The value of these services is sometimes constrained by the customer’s ability to afford, absorb, contextualize and, especially, use the information provided by the services.

We’re rolling out two new features, Password Checkup and Cross Account Protection, to keep your information safe beyond Google’s sites and apps.

Phishing attacks are increasingly using impersonation to bypass traditional defense mechanisms. Weak sender identification will continue to present opportunities for creative attacks. Security and risk management leaders should use this research to adjust their strategy and business processes.
Key Challenges
Phishing attacks are still increasing as a targeting method of attackers. Phishing attacks targeting credentials will continue to escalate as applications and data migrate to better-protected cloud providers.
Email is not designed to truly authenticate sender identity. Efforts like DMARC to authenticate domains are not granular enough to authenticate users and do not address all attack types.
Most implemented secure email gateways (SEGs) are not designed with post-delivery detection and remediation techniques, costing incident responder and email admin time and reducing the feedback loop from end users.
User phishing education is a good start toward people-centric security, but current email security does not provide users with any indicators of the trust they can put in emails or the proper workflow for dealing with suspect emails.
Recommendations
Security and risk management leaders responsible for endpoint and mobile security should:
Upgrade secure email gateway solutions to cloud versions that include phishing protection, particularly for impostor or business email compromise (BEC) protection.
Integrate employees into the solution and build capabilities to detect and respond to suspect attacks.
Work with business managers to develop standard operating procedures for handling sensitive data and financial transactions.
Strategic Planning Assumptions
By 2023, sender identity verification will be a common critical component on secure email gateways and other anti-phishing solutions.
By 2023, anti-phishing education will be a critical part of the feedback loop between end users and email security solutions.
Through 2023, business compromise attacks will be persistent and evasive, leading to large financial fraud losses for enterprises and data breaches for healthcare and government organizations.

Passwords are awful. The software security industry expects us to remember 100+ passwords, that are complex (variations of upper & lowercase, numbers and special characters), that are supposed to be changed every 3 months, with each one being unique. Obviously this is impossible for most people, and for those whom it is possible, why would they want to waste all of that brain power on something that is, essentially, meaningless?

*** This article is for beginners in security or other IT folk, not experts.

Have your accounts been leaked or stolen in a data breach? Find out at Firefox Monitor. Search our database and sign up for alerts.

Edward Snowden, the former National Security Agency contractor and notorious whistleblower, just launched a new app, Haven.

A periodic table of cybersecurity to navigate the key players in the space, including startups, industry categories, investors, and exits.

These are the steps you can take and the tools you'll need to remain anonymous and hidden online. Tor, VPN, burner emails, encryption, bitcoin, etc.

The short version: I'm loading over 1 billion breached accounts into HIBP. These are from 2 different "combo lists", collections of email addresses and passwords from all sorts of different locations. I've verified their accuracy (including my own record in one of them) and many hundreds of millions of the

Worried about new ransomware attacks infecting your systems? Learn how ransomware works + get tips to block ransomware and deal with ransomware recovery.

Floodwatch is a Chrome extension that tracks the ads you see as you browse the internet. It offers tools to help you understand both the volume and the types of ads you’re being served during the course of normal browsing, with the goal of increasing awareness of how advertisers track your browsing behavior, build their version of your online identity, and target their ads to you as an individual. We want to assemble the largest amount of advertising data we can— and then not give it to the advertisers.

For publishers and advertisers, Internet ad blockers are a scourge. But the blockers also have to pay the bills.

When it comes to the myriad risks companies face across digital channels — social, mobile, and web — security and risk (S&R) pros track a much smaller portion of their environment than they realize. Without comprehensively and persistently monitoring risk in digital channels, companies remain susceptible to a wide variety of brand, cyber, and physical risk events. Despite the high stakes, many organizations struggle to improve digital risk visibility and mitigate related risks.

A while ago, all it took to be a great password manager was to keep your passwords in an encrypted vault. Now the best password managers give you the option to sync or keep them local only, change web passwords with a click, log in to sites for you, and more. This week, we're looking at five of the best options.

Open Source Biometric Recognition

A communal biometrics framework supporting the development of open algorithms and reproducible evaluations.

List of sites with Two Factor Auth support which includes SMS, email, phone calls, hardware, and software.