The cybersecurity space is in dire straits. Hackers are getting smarter and more sophisticated...and the availability of skilled men and women to combat them has never been lower. It’s an issue that’s been slowly growing worse year over year, yet there’s no clear solution in sight. What’s a business leader to do? The good news is that there’s never...

Mozilla has announced that it will disable support for the Adobe Flash Player plugin by default in version 69 of its Firefox web browser. On 11 January, Mozilla senior software engineer Jim Mathies opened a Bugzilla ticket announcing his employer's plan to "disable Flash by default in Nightly 69 and...

With the majority of people using smartphones these days, texting is all but a given when trying to communicate with your friends or family. But what about your doctor? A recent study determined that 96 percent of physicians use text messaging for coordinating patient care. This can raise eyebrows and red flags. Anyone with a cheap scanner, which...

A researcher has created a free decryption tool which victims of the PyLocky ransomware family can use to recover their affected files. Mike Bautista, a security researcher at the Cisco Talos Intelligence Group, is responsible for developing the tool. Cisco Talos has made this utility freely available for download on GitHub. First reported on by...

A large number of Reddit users are being told that they will have to reset their passwords in order to regain access to their accounts following what the site is calling a "security concern." The lockout occurred as Reddit's security team investigates what appears to have been an attempt to log into many users' accounts through a credential-stuffing...

Neiman Marcus Group, Inc. has agreed to pay $1.5 million as part of a settlement for an earlier data breach that exposed customers' information. Ken Paxton, Attorney General of Texas, announced on 8 January that he and his fellow Attorneys General from 42 other states will enter into the $1.5 million...

This article covers the main techniques cybercriminals use at the initial stage of attacks against enterprise networks. There are several dangerous phases of cyberattacks targeting the corporate segment. The first one encountered by businesses boils down to getting initial access into their systems. The malefactor’s goal at this point is to deposit...

Today’s VERT Alert addresses Microsoft’s January 2019 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-812 on Wednesday, January 9th. In-The-Wild & Disclosed CVEs CVE-2019-0579 The Windows Jet Database Engine improperly handles objects in memory and, if an attacker can convince a victim to...

An unknown individual compromised an alert service and abused their access to send out a spam message to some of the service's customers. The Australian Early Warning Network (EWN) alert service disclosed first in a Facebook post and later on its website that the compromise took place near the beginning of the year: At around 930pm EDT 5th January,...

Many organizations have DevOps on their mind going into 2019. This is a global movement. In fact, Puppet and Splunk received responses for their 2018 State of DevOps Report from organizations on every continent except Antarctica. Those organizations varied in their industry, size and level of DevOps maturity, but they were all interested in learning...

The elephant in the room is the viability and sustainability of blockchain technology. Cryptocurrency mining, for instance, requires specialized rigs that consume electricity. In certain estimates, at the time of writing, the bitcoin network's energy consumption came in at 41 globally if it was a country. This means the bitcoin blockchain consumes...

The website of Luas, the tram system operating in Ireland's capital city of Dublin, has been taken offline this morning after hackers defaced the site and demanded a ransom be paid within five days. Early morning visitors to the website were greeted with a message from the hackers, claiming that data had been stolen from operator Transdev Ireland,...

There’s nothing more impactful than a proactive cybersecurity strategy. What’s your preferred scenario: the one where you’re reeling from a lethal data breach with thousands of customer profiles compromised, or, the one where your team identified and diffused a problem before it had time to wreak havoc? The key difference between a company that...

As discussed before, the blockchain-based solution is built to provide strong integrity and independent verifiability. An exception to the independent verifiability is private blockchain solutions. In this part, we discuss both of these technological dimensions and detail their applicability and limitations. Public distributed blockchain provides...

It's been a fantastic year on The State of Security blog. We've seen a real plethora of high-quality articles and here are my 10 favorites! A Google Cloud Platform Primer with Security Fundamentals | By Ben Layer Though less well-known than Microsoft Azure and Amazon Web Services, Google Cloud Platform currently makes up five percent of the cloud...

A lot has been going on with autonomous vehicles these days. Almost every famous car manufacturer seems to be in a rush to master the perfected version of self-driving cars. While most people believe that fully autonomous vehicles are still in their infancy stage, manufacturers think that they will dominate the roads by 2020. The problem with...

Doxxing means publishing private information about someone online to harass or intimidate them. It has ruined reputations and caused untold distress to hundreds of people. On occasion, doxxing has resulted in injury or even death. Being doxxed can have serious consequences for your safety and privacy. How can you prevent it? Doxxing and...

If you own a WordPress site, then you should be careful about your website security. To successfully run a blog, business or online store, you need to make sure your website is totally safe. Customers visit your website, purchase products and pass sensitive information like passwords, credit card details etc. If there is a place to infiltrate to...