I’ve been enjoying Bob Covello’s recent posts on passwords and password managers – A LastPass Hack with a Happy Ending shows how idiot simple it can be to find someone’s “hidden” password list. A surprising interchange on passwords came up in November, during a Chertoff Group Security Series panel entitled “Enough with Getting Pwned Through...

There was an interesting court case that took place back in 2010. The case involved an employee who was injured on the job and sued the employer. A few years later, the employer wanted to see how the employee’s quality of life was affected, and they requested access to the employee’s social media pages. The employee objected, asserting the right to...

Federal authorities have confirmed that Roger Thomas Clark, the alleged mentor of Silk Road mastermind Ross Ulbricht, has been arrested in Thailand. A press release issued by the Department of Justice reveals that Clark, who went by the names "Variety Jones," "VJ," "Cimon," and "Plural of Mongoose," regularly advised Ulbricht on the ongoing...

Despite the huge rise in media reporting of cyber insecurity, organisational and individual behaviours are still demonstrating a lack of information security awareness and basic good security practices. The TalkTalk attack demonstrates the extent to which organisations are failing to establish basic security on their websites and the woeful...

Earlier this fall, researchers struck a significant blow against the Angler Exploit Kit. Security blogger Graham Cluley explains in a blog post how analysts with Cisco’s Talos Security Intelligence and Research Group analyzed the exploit kit and traced one of the primary locations for its proxy servers back to Limestone Networks located in Dallas,...

A malicious hacker that successfully breached the IT systems of a large bank in the United Arab Emirates (UAE) demanded nearly $3 million worth of cryptocurrency or the financial information of hundreds of its customers would be leaked online. The hacker – who goes by the alias ‘Hacker Buba’ – reportedly gained access to the bank’s systems last...

Approximately 657,000 customers have had their personal information compromised in a hack against UK pub chain JD Wetherspoon. According to The Guardian, the names, dates of birth, email addresses, and mobile phone numbers of 656,723 customers were affected by the incident, which is believed to have occurred between June 15 and June 17 of this year...

This summer, a hacker known as "PhineasFisher" infiltrated the private Italian spyware firm Hacking Team, exfiltrated approximately 400GB of data from the company's servers and subsequently published the compromised information online via a torrent. One of the most stirring revelations from the leaks was the FBI's purchase of a "Remote Control...

There are often (quite rightly) concerns raised about operating system vulnerabilities on smartphones, and the need for users to patch their devices with the latest software. But the truth is that probably a bigger risk to the typical mobile user are the actual apps that they choose to run on them. Have they been coded reliably, are they taking...

The Internet of Things (IoT) is one of the most significant trends in technology today. A melding of innovations in the fields of computing and communication, IoT and its "smart" devices are poised to revolutionize not only user-machine interaction but also the way in which machines engage with one another. Already we are beginning to see the...

China has been accused of conducting a "massive" hack against a supercomputer owned by Australia's Bureau of Meteorology (BoM). Source: Security Affairs The BoM supercomputer is the largest of its kind in Australia and passes information to several different agencies, including the Department of...

The NERC Critical Infrastructure Protection standards are the most effective tools for securing the electrical supply today. If you think that's a controversial statement, let me explain why I make it. Cybersecurity in the context of the electrical supply is synonymous with reliability. The cyber-risks to electric utilities are ultimately risks to...

With so many disparate offerings and so much pressure to be ‘conducting’ threat intelligence, companies today risk investing a lot of time and money with little positive effect on security. Threat intelligence is the process of moving topics from ‘unknown’ to ‘known unknowns’ by discovering the existence of threats within your environment and moving...

The scope of the FBI's national security letters (NSL) has been revealed by a lifted gag order on a man who fought against compliance for 11 years. On Monday, the United States District Court - Southern District of New York permitted the filing of a NSL received by Nicholas Merrill, founder of Calyx Internet Access, back in 2004. He has refused to...

I recently attended a conference for security professionals at which a number of experienced (sounds better than seasoned) CISOs and SOs were presenting their insights into the challenges of cyber attacks and cyber crime faced by their organisations. Almost without exclusion, each presenter used the term CIA when discussing methodologies and...

I have been in the field of security for over two decades. During this time, I have seen solution providers deliver increasingly feature-rich and sophisticated products, solutions and services, enabling organizations to be more secure. Furthermore, I’ve seen many companies change their entire approach to cyber security – companies that, for the most...

Europol, the European Union’s law enforcement agency, has seized nearly 1,000 websites illegally selling counterfeit merchandise to online consumers, authorities reported. In a press release, the agency said its international operation – known as In-Our-Sites (IOS) VI – tackled the sale of counterfeit...

A Swedish court has ruled that copyright holders cannot force internet service providers (ISPs) into blocking their customers from accessing the popular torrent website The Pirate Bay. According to a report by TheLocal.se, a Swedish newspaper, the District Court of Stockholm has ruled that Swedish ISP Bredbandsbolaget's operations do not constitute...

A transformative event is occurring where countless industrial devices, both old and new, are beginning to use Internet Protocol communication technologies. We refer to these collections of IP-enabled industrial devices and associated networks as the Industrial Internet of Things (IIoT). The Industrial IoT is at the very core of disruptive visions,...

In the spring of 2014, researchers at the Center for Strategic and International Studies identified a powerful strain of banking malware whose code functions similarly to that of ZeuS. The malicious software, now formally known as Dyreza, hooks into Internet Explorer, Chrome and Firefox, at which point in time it harvests sensitive data whenever...