Python is a great development language for so many reasons. Its developers enjoy huge library support. Do you want to deploy a simple web server or implement a RESTful API? There are modules for that. Capture, analyze, and visualize network traffic flow? There are simple and free modules for all of that, too. Developers using Python can create a...

Since 2004, merchant companies that handle branded credit cards have worked to maintain compliance with the Payment Card Industry Data Security Standards (PCI DSS). These regulations, which consist of six fundamental control objectives and 12 core requirements, aim to protect payment card data for customers. They also help card issuers and banks...

Today, I came across a blog post that once again showcases the importance of properly managing DNS through its entire lifecycle. The article entitled “Respect My Authority – Hijacking Broken Nameservers to Compromise Your Target” (sic) was written by Matthew Bryant (@IAmMandatory). It can be found here. It’s a bit of long read but serves as a great...

One of the biggest complaints from company owners I hear from time and time again is as follows: "We need candidates that have experience to hit the ground running." On the flip side, candidates often issue the following complaint: "We need to have and/or gain experience to get jobs." The industry can see this and knows this. However, it...

A recent report released by Shodan found that as of January 22, 2017, nearly 200,000 publicly accessible internet devices were vulnerable to Heartbleed. The detailed report gives some insight into those who continue to be exposed to this vulnerability. It's no surprise that the majority of these systems are HTTPS pages hosted by Apache and running...

Lloyds Banking Group was reportedly hit by a massive distributed denial of service (DDoS) attack lasting two days, significantly disrupting its online banking services. According to reports, the British financial institution was one of several UK banks targeted by the cyber attacks, which ran from...

My boyfriend works a demanding day job at a major Canadian big box furniture and appliance retailing chain. Knowing that I write about information security for a living, he had an interesting story to tell me: "An LG Smart TV was returned to us by the customer, and it had their credit card credentials in it! Why didn't they do a factory reset first...

There are numerous ways to redirect a user to an exploit kit. Some of these methods are quite sophisticated. Take pseudo-Darkleech, for instance. This attack campaign injects malicious code into WordPress core files. That code creates a malicious iframe that redirects the user to a landing page for an exploit kit. In so doing, the campaign builds...

A new ransomware-as-a-service (RaaS) called Satan is attracting amateur computer criminals on the dark web with free licenses. Once a user creates an account for Satan and logs in, they can use the provided affiliate console to customize their ransomware campaign. The criminal can use the "Malwares" page, for instance, to specify Satan's ransom...

Some digital threats are more serious than others but when it comes to unpatched software, nothing's worse than an exploit kit. These software packages come preprogrammed with the ability to exploit active security issues on vulnerable computers. If they find one such hole agape, they'll use their exploit code to download ransomware and other...

According to new research, three in four (76 percent) organizations report being victims of phishing attacks. The findings indicate a 10 percent decrease from 2015. The third annual State of Phish report by Wombat Security analyzed data from tens of millions of simulated phishing emails over 12 months, in addition to 500 survey responses from...

Supercell, a mobile game development company, has urged users to reset their passwords following a breach that affected its forum. An administrator for the firm, which has produced popular multiplayer games like Clash of Clans and Clash Royale, announced the incident on 17 January: "We're currently looking into report that a vulnerability allowed...

Adobe is no stranger to finding itself in the security headlines for all the wrong reasons, and it seems that things may not be changing as we enter 2017. There was controversy earlier this month when news broke about how Adobe took the opportunity on Patch Tuesday of using its regular security updates to force Adobe Acrobat DC users into silently...

In the course of working with our clients to improve their security posture, I have come across several common factors that often limit a business's ability to assess and mitigate cyber security risk. Last month, we looked at a few of these themes and some real-world examples of how they apply. Let's now take a look at a few more. You can't secure...

In modern times, it is possible for an attacker to persistently and repeatedly hijack a victim's bank account at most major US banks through the victim visiting a web page. This is done without browser exploits or any visible warning. For a criminal, these attacks are cheap and highly successful. The attack that I am talking about is DNS hijacking....

A fired IT employee demanded his former employer pay him 200,000 USD in exchange for the return of its sensitive information. Triano Williams hired attorney Calvita J. Frederick to represent him in a dispute involving the American College of Education, an Indianapolis-based online provider of Master's and Doctorate degrees in teaching at which he...

15 January 2017 was yet another treat for me. I watched the most excellent Benedict Cumberbatch playing the part of the brilliant yet crazed Sherlock Holmes. Granted, this is an imaginative and fictitious portrayal of the character created by Arthur Conan Doyle. But I am wondering, if you also watched it, did you note the crossover from fiction to...

It’s January again, and as usual, various media outlets are busy reporting on vulnerability statistics from the previous year. As usual, the CVE Details folks have worked up a lot of hype based on CVE counts, and once again, the media has taken the bait with sensational headlines about Google’s Android being the most vulnerable product of 2016. For...

Back in the spring of 2015, I wrote about five types of social engineering attacks against which users should protect themselves. One of the techniques I discussed is called pretexting. It's when an attacker creates a pretext, or a fabricated scenario, to trick a target. Attackers will assume any pretense to achieve their nefarious ends. Some of...

A Dutch website builder leveraged a secret script to steal 20,000 users' login credentials, hack their accounts, and commit payment fraud. On 17 January, police in the northern Netherlands announced they're contacting 20,000 users with the advice that they change their passwords as soon as possible. This move comes several months after the world...