A politically motivated hacking group who calls themselves 3301, appears to have compromised the website of Planned Parenthood. The politically motivated attack appears to have taken advantage of a vulnerability in an outdated version the Concrete5 website content management system. The group was not able to access the file system and the compromise...

I have been involved in the hiring process for our Security Operations Center (SOC) for about a year and a half. Throughout this time, I have reviewed resumes, conducted phone screens, and participated in the technical interviewing process. I have been both dumbfounded by the audacity of some individuals and amazed by the sheer awesomeness of rising...

The security breach that hit the U.S. Office of Personnel Management (OPM) has many people demanding answers as to how something so egregious could happen at such an important office. Some reports indicate that as many as 35 million federal employees’ records were exposed in the cyber attack, with some of the data coming from as far back as 35 years...

The Internet of Things is gradually but very surely creeping in to impact every sphere of modern life. And that goes as much for people as for business, as much for new industries as for incumbent sectors. This network of physical objects has the ability to play havoc with security and is significantly increasing the challenge of securing Industrial...

Welcome to our new blog series, covering the week’s trending topics in the world of information security. In this quick news roundup, we’ll let you know of the latest research, reports and discussions that the industry has been talking about recently. Here’s what you don't want to miss from the week of July 24, 2015: Adultery website...

While the national transition to Europay, MasterCard and Visa, known as EMV or “Chip and PIN,” is well underway, a recent study found that as many as 42 percent of companies have either taken no steps or are unaware of any progress being made to meet the October 1, 2015, deadline. The EMV readiness study conducted by Randstad Technologies, which...

419 scams are one of the oldest and most common tricks used by fraudsters to extort money from online users. These schemes promise victims a large sum of money in exchange for a small upfront payment. In this sense, ploys, such as the Nigerian Prince scam, resemble social engineering attacks to the extent that they rely less on the expertise of the...

In September of 2014, private photos of a number of celebrities, including Kate Upton and Jennifer Lawrence, were leaked onto the image-based bulletin board 4chan. It was soon discovered that this leak occurred as a result of a brute force attack against Apple's iCloud, which until then had not limited the number of login attempts for each user...

In the financial industry, business success and sustainability depends on the health of information systems. Damage to a firm’s information systems can tarnish its reputation, compromise its data, as well as result in legal fines and penalties. Large firms often depend on thousands of such systems interconnected via the internet, which raises a...

Democratic Senators Ed Markey and Richard Blumenthal introduced on Tuesday new legislation, which would require automakers to adhere to certain standards of protection against privacy and hacking. The new bill, entitled the SPY Car Act, would call on the Federal Trade Commission (FTC) and the National Highway Traffic Safety Administration (NHTSA) to...

I am honored to be presenting at DEF CON 23 this August in Las Vegas where I will be presenting a session titled “Confessions of a Professional Cyber Stalker." In my talk, I will be discussing various technologies and methods I developed and used to track criminals leading to at least two dozen convictions. Many times in the process of recovering...

Following from a recent post on ‘Escalation of Commitment’, a topic studied by both Economists and Psychologist, I could not resist writing a follow-up to explore the consequences for third parties that do not have the preparation and/or resources of the parties involved in scenarios of escalation of commitment in the IT security field. In the...

Late last week, UCLA Health – the Californian university’s hospital – announced it had suffered a cyber attack on its network, potentially exposing the personal and medical information of nearly 5 million patients. In a statement, the hospital said it had determined the attacker had accessed parts of...

Today’s VERT Alert addresses one new Out of Band Microsoft Security Bulletin. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-624 on Tuesday, July 21st. MS15-078 OpenType Font Driver Vulnerability CVE-2015-2426 MS15-078 Microsoft has released an...

Source: Krebs on Security A recent hack at Ashley Madison, an online cheating website, could expose the personal information of 37 million users. According to Brian Krebs, who broke the story on his blog, a group of hackers known as The Impact Team have all ready released some sensitive internal data...

Back in April, the London-based insurance market Lloyd's reported a 50 percent increase in the number of data breach insurance submissions filed in the first three months of 2015 as compared to last year. This development challenges some of the arguments offered by leading experts in the field of information security that seek to explain why more...

This week, as part of our new "Infosec Influencer" series, I had the pleasure of sitting down with Bruce Schneier, an internationally renowned security technologist and one of The State of Security's Top Influencers in Security You Should Be Following in 2015. He has written 12 books, including Liars and Outliers: Enabling the Trust Society Needs to...

For just over a week, government departments, research institutes and other high-value targets have been on the sharp end of a sophisticated attack, where fake voicemails are being used to create a diversion while malware infects computer systems. As security researchers at Palo Alto Networks's Unit 42 division detail, it is believed the attack is...

Two Belgian security researchers have developed a method that allows an attacker to exploit weaknesses found in the RC4 encryption algorithm and subsequently expose information that was once thought to be encrypted. According to a blog post written by Mathy Vanhoef and and Frank Piessens of the University of Leuven, their RC4 NOMORE attack...