A security researcher has discovered a publicly-accessible database containing the details of millions of Instagram users, including their contact information. As TechCrunch reports, Anurag Sen discovered the database of more than 49 million records - exposed for anyone to access via the internet, no password required, on an unprotected Amazon Web...

A Windows laptop infected with six high-profile computer viruses has surpassed a value of one million dollars in public auction bids. For a project called "The Persistence of Chaos," contemporary internet artist Guo O. Dong and security firm Deep Instinct infected a Samsung NC10-14GB 10.2-Inch Blue Netbook (2008) running Windows XP SP3 with six...

A recent attack wave involving HawkEye malware sends data stolen from its victims to another keylogger provider's website. On 21 May, My Online Security came across a new sample of HawkEye. The actual delivery mechanism itself wasn't unique compared to previous attacks involving the malware. In this particular instance, the attack email used the...

Last time, I spoke with technology marketing communicator Stacey Holleran. Our work is similar but different. Plus, she warned me about what I might expect from the tech industry in a few years when I turn 40! For my last interview until fall/autumn, I had the pleasure of speaking with Yaz. She went from the military to a civilian career as a...

As recently as 2017, security and compliance professionals at many of Tripwire’s large enterprise and government customers were talking about migration to the cloud as a possibility to be considered and cautiously explored in the coming years. Within a year, the tone had changed. What used to be “we’re thinking about it” became “the CIO wants to see...

A company responsible for helping to operate LeakedSource.com has submitted a guilty plea following an investigation by the Royal Canadian Mounted Police (RCMP). On 17 May, Defiant Tech Inc. pleaded guilty to the charge of "trafficking in identity information and possession of property obtained by crime" in association with an investigation...

The notorious Magecart malware, that blights online stores by stealing payment card details from unsuspecting shoppers at checkout, has claimed another high profile victim. Security researcher Troy Mursch raised the alarm on Twitter that the Forbes magazine subscription website had been compromised with malicious code that was siphoning off...

It was only a few years back that cloud technology was in its infancy and used only by tech-savvy, forward-thinking organisations. Today, it is commonplace. More businesses than ever are making use of cloud services in one form another. And recent statistics suggest that cloud adoption has reached 88 percent. It seems that businesses now rely on the...

Perhaps it’s too melodramatic to claim that the debate over how to define a data breach "rages on" because we haven’t seen bodies flying out of windows yet, but it is a serious question with genuine financial ramifications now that the General Data Protection Regulation (GDPR) and its accompanying fines for mishandling data have arrived to save (and...

Magecart threat actors used the same skimmer against two web-based suppliers to try to steal users' payment card information. As discovered by security researcher Willem de Groot, the first attack occurred at 15:56:42 GMT on 10 May when bad actors injected the skimmer into the bottom of a script used by enterprise content management system CloudCMS....

Today’s VERT Alert addresses Microsoft’s May 2019 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-830 on Wednesday, May 15th. In-The-Wild & Disclosed CVEs CVE-2019-0863 Windows Error Reporting (WER) incorrectly handles certain files and, when exploited, could lead to the execution of code...

Researchers believe bad actors are using man-in-the-middle (MitM) attacks against ASUS software to distribute the Plead backdoor. Near the end of April 2019, researchers at ESET observed several attack attempts that both created and executed the Plead backdoor using "AsusWSPanel.exe," a legitimate process which belongs to the Windows client for the...

Cyber security assessment initiatives and frameworks abound in the US government, the most important being the Federal Information Systems Management Act (FISMA) passed in 2002. The law’s broad scope included a mandate to the US National Institute of Standards and Technology (NIST), charging it to create methods and standards to assess and optimize...

Last week I spoke with Trica Howard about social engineering attacks and user education. Considering how social engineering and poorly trained users are two of the most significant cybersecurity problems ever, it was a great conversation. This week I spoke with another security communications specialist, tech writer Stacey Holleran. We both write...

MITRE has released an April 2019 update to its ATT&CK framework. It’s been a year since the last major update featuring a new tactic. There are a number of changes for this year: the most major being the addition of a 12th Tactic, Impact, which contains 14 new Techniques. There are also seven new Techniques under existing Tactics, as well as a...

For the second time in a year, Baltimore city government computers have been infected by ransomware. Malicious hackers are demanding that a ransom is paid for the safe recovery of encrypted files on affected computers and servers. On Tuesday, Mayor Bernard C. “Jack” Young tweeted how the city had "shut down the majority of its servers" out of "an...

Verizon Enterprise has once again released its annual Data Breach Investigations Report (DBIR). The publication doesn’t disappoint in providing crucial insight into today’s digital threats. On the one hand, Verizon’s 2019 report captures how many forces in the threat landscape have remained the same since its previous report. The study observed how...

Every year, the Verizon Data Breach Investigations Report comes out, and there’s a mad scramble to inspect and interpret the data. The report is data-rich, as always, and already contains a bunch of analysis, so there are really only a few options for adding value to the conversation. Industry commentators can choose to disagree with the analysis,...