Resources

Blog

Developer Shares Tips on How to Nab Facebook Bug Bounty Rewards

Back in 2011, Facebook launched its bug bounty program in an effort to provide recognition and compensation to security researchers for practicing responsible disclosure. The program is not bound by a maximum bounty reward. Instead, it awards monetary rewards based on the severity of each disclosed vulnerability, with $500 USD serving as the minimum...
Blog

Siemens Patches Two Vulnerabilities in SIMATIC Controllers

German engineering company Siemens has patched two vulnerabilities affecting some of its SIMATIC controllers. The first vulnerability (CVE-2016-3949) is a denial-of-service (DoS) bug that affects SIMATIC S7-300 CPU, a product which is used by companies worldwide to manage process control in various industrial environments including Chemical, Energy,...
Blog

Bruce Schneier at Infosecurity Europe 2016

This year’s Infosecurity Europe conference had so many great places to be and things to do that it was often hard to choose how best to spend one's limited time and harder still for many to identify a single highlight. For myself personally, however, it had to be the opportunity to hear one of my favourite writers for many years speaking on the...
Blog

Hacker Puts Up 290,000 U.S. Drivers' Records for Sale on Dark Web

A hacker has put up a dataset containing the personal details and driver's license information of 290,000 U.S. citizens for sale on the dark web. Softpedia reports that the hacker, who goes by the name "NSA," stole the information after breaching several organizations based in Louisiana. Once inside of the organizations' networks, NSA exfiltrated...
Blog

How To Prepare Your Website For A DDoS Attack

In a previous article, we discussed building a deeper understanding of distributed denial-of-service (DDoS) attacks, what they do, who’s behind them, and what they all come down to. To follow, here’s how to prepare your website for DDoS attack. According to the results of a study conducted by Kaspersky Lab and B2B International, a DDoS attack can...
Blog

Tattoo Recognition Technology Raises Privacy, Legal Concerns

Tattoos are a complex form of art in modern society. First of all, they are expressive. People can incorporate certain words and symbols into a tattoo so that its design communicates something personal about their lives. In that sense, tattoos are also free speech, a legal right which is protected under the U.S. Constitution. The fact that people...
Blog

uTorrent Forums Users Urged to Change Passwords After Breach

uTorrent is urging all forum users to change their passwords after an attacker gained access to one of its forum databases through its software vendor. Torrent client uTorrent was acquired by BitTorrent Inc. back in 2006. Its developer team operates an IP.Board forum where users can contact one another as well as read announcements. That forum runs...
Blog

Almost Half of Bug Disclosures Rated 'Highly Severe,' Says Microsoft

Organizations are constantly looking to obtain a "big picture" view of information security so that they can better protect themselves against digital threats. To answer that call, a variety of companies regularly publish security trend reports in which they analyze how threats in the digital space are evolving. Some reports target specific kinds of...
Blog

12 Top Talks from the 2016 Retail Cyber Intelligence Summit

The Retail Cyber Intelligence Sharing Center (R-CISC) hosted its inaugural summit this April – an event which brought together more than 200 information security leaders from some of the region’s largest retail and consumer services organizations. Throughout the two-day event in the “Windy City,” industry experts shared insights, advice and lessons...
Blog

University Pays $20K Ransom Following Ransomware Attack

A Canadian university has paid a ransom fee of $20,000 CDN following a ransomware attack against its computer systems. Linda Dalgetty, Vice-President of Finance and Services at the University of Calgary, announced the ransom payment on Tuesday in a statement posted to the school's website: "As part of efforts to maintain all options to address...
Blog

Don’t Make Your Password a Classic

Think of a classic item in your life. Perhaps it is a song that defines your generation. Or maybe it is a life event that holds special meaning for you. We all have them. They are part of what makes life wonderful. Why do classics matter in a security blog? With the recent revelation that the LinkedIn breach was far worse than originally reported,...
Blog

May 2016: The Month in Ransomware 

In May, ransomware was in full bloom. Over sixteen new ransom Trojans surfaced, plus one Ransomware-as-a-Service (RaaS) and plenty of updates to existing ransomware. The good news is that at least six new decryptors were released. The database of ransom infections has been extended, with a novel specimen that targets websites rather than computers...
Blog

Checkmate – There Is No Rematch

When playing chess, you need to consider not only your next three to five moves but also the next several moves of your opponent. In our case, the security of an organization's data and infrastructure is open to an abundance of moves by hackers and malicious insiders. Regardless of which defensive pieces you have in place – knights, bishops, pawns...
Blog

FBI Warns of Surge in Email Extortion Schemes Tied to Recent Breaches

The FBI’s Internet Crime Complaint Center (IC3) has issued an alert, warning users of a spike in reported extortion email attempts connected to recent high-profile data breaches. According to the advisory, targeted individuals are told that their personal information—such as their name, phone number, address, credit card information, and other...
Blog

TeamViewer denies hack, as users claim computers remotely hijacked

In the last day or two, there have been a spate of posts by TeamViewer users claiming that their computers have been hijacked by malicious hackers, their PayPal and other banking accounts emptied, their webmail accessed, and malicious software installed. And the victims seem to believe the attacks are linked to their use of TeamViewer. ...
Blog

The 4 Commandments of Endpoint Detection and Response (EDR)

Now that you know how to plan for, select and deploy an endpoint detection and response (EDR) solution, there are just a few things you need to remember about EDR going forward. These are as follows: 1. Discovery and Inventory of Endpoints Are Key To effectively secure your organization's endpoints, you need to understand the contextual details of...