Identity theft protection firm LifeLock — a company that’s built a name for itself based on the promise of helping consumers protect their identities online — may have actually exposed customers to additional attacks from ID thieves and phishers.
Source: LifeLock Bug Exposed Millions of Customer Email Addresses
The US Government is warning of continuous intrusions in National critical infrastructure and it is blaming the Kremlin for the cyber attacks. According to the US Department of Homeland Security, Russia’s APT groups have already penetrated America’s critical infrastructure, especially power utilities, and are still targeting them.
Source: DHS – Russian APT groups are inside US critical infrastructure
The 1Password password manager has just introduced “travel mode,” which allows you to delete your stored passwords when you’re in other countries or crossing borders: Your vaults aren’t just hidden; they’re completely removed from your devices as long as Travel Mode is on .
Source: 1Password’s Travel Mode
As of today, Google begins shipping Chrome 68 which flags all sites served over the HTTP scheme as being “not secure”. This is because the connection is, well, not secure so it seems like a fairly reasonable thing to say! We’ve known this has been coming for a long time now both through observing the changes in the industry and Google specifically saying “this is coming”. Yet somehow, we’ve arrived at today with a sizable chunk of the web still serving traffic insecurely .
Source: Why No HTTPS? Here’s the World’s Largest Websites Not Redirecting Insecure Requests to HTTPS
Google has not had any of its 85,000+ employees successfully phished on their work-related accounts since early 2017, when it began requiring all employees to use physical Security Keys in place of passwords and one-time codes, the company told KrebsOnSecurity.
