If you have contracts with the United States Department of Defense (DoD) or are a subcontractor to a prime contractor with DoD contracts, your organization has until December 31, 2017, to implement NIST SP 800-171. This is a requirement that is stipulated in the Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012. In the context...

A data breach might have exposed personal information belonging to 5,400 customers of the French life insurance agency AXA. The firm began sending out e-mails notifying affected customers of the incident on 7 September. AXA expects it will send out the last of these alerts by the end of the day on 8 September. As quoted by The Straits Times, here's...

Equifax, one of the largest credit reporting firms in the nation, announced on Thursday that a recent "cybersecurity incident" may have affected 143 million U.S. consumers. The information compromised includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. Credit card numbers for...

Chinese security researchers have discovered a way to send secret, inaudible commands to speech recognition systems such as Siri, Amazon Alexa, and Google Home using ultrasound. A team from China's Zhejiang University devised the technique, which they have dubbed "DolphinAttack". Now, it's important to stress that this is a *potential* problem....

As I write this blog post, it’s nine months to the day until the General Data Protection Regulation (GDPR) comes into force in the UK on 25th May 2018. The title of this article works if you know the pop single “Murder on the Dance Floor”! It struck me as surprising when earlier this month, a hard working diligent European (mainland) colleague who...

An attack campaign known as Dragonfly 2.0 is currently targeting Western energy companies with a variety of infection vectors. The series of attacks constitutes the latest push from Dragonfly, a threat actor which has been around since at least 2011 but then reemerged in 2014. Available evidence suggests the Dragonfly 2.0 attack campaign has been...

The digital security skills gap poses a challenge to organizations and their defense strategies in every economic sector. Even so, there's little consensus on how enterprises should address this shortage of skilled security talent. Some say organizations place too little emphasis on the value of a classical engineering-focused education and that...

Anti-malware providers see a lot of spam and phishing attempts through their users' experiences. For its part, Kaspersky Lab understands how these encounters reveal the ever-evolving toolset of bad actors and their efforts to prey upon unsuspecting users. But it also knows users and security professionals alike can leverage information of these...

Social networking platform Taringa! has confirmed a data breach that exposed nearly every record in its 28 million registered user base. On 4 September, data breach notification LeakBase disclosed a hack where attackers allegedly stole the records for 28,722,877 registered users of Taringa!, a popular Latin American social media site. The Hacker...

Although the ransomware industry has resumed growth after July’s decline, nothing game-changing happened in the online extortion ecosystem last month. There was an influx of new GlobeImposter ransomware variants and real-life spinoffs of the Hidden Tear proof-of-concept. The Locky strain geared up for another rise with its Lukitus persona. And a...

Keeping up with advances in technology is like being a hamster on a wheel: the race never ends. But that drive is ultimately what yields innovative advances in IT – for both hackers and cyber professionals alike. We need to understand that we cannot control this evolution – neither its speed nor progress – but we can implement standards and best...

Over the past few months, the security industry has witnessed several major cloud data breaches. The Deep Root Analytics leak sent shockwaves across the cybersecurity community in June, as sensitive information on 197 million American voters was exposed. A few weeks later, data on six million Verizon users was exposed by Nice systems, a third-party...

In 2015, The State of Security published a list of 11 essential bug bounty frameworks. Numerous organizations and even some government entities have launched their own vulnerability reward programs (VRPs) since then. With that in mind, I think it's time for an updated list. Here are 10 essential bug bounty programs for 2017. 1. Apple Website:...

A cancer treatment center has notified more than 19,000 patients of a ransomware attack that might have affected their personal and medical information. Medical Oncology Hematology Consultants, P.A. ("the Practice), which is located in the Helen F. Graham Cancer Center & Research Institute, detected the infection on 7 July 2017. Its analysis reveals...

Responsible disclosure is the gold standard for fixing security vulnerabilities. But as we all know, sometimes at least one stakeholder doesn't hold up their end of the agreement. Parties violate a responsible disclosure timeline for many reasons. Take the Zero Day Initiative, for instance. One of its security researchers discovered a vulnerability...

Nearly half of organizations that store, process or transmit card data are still failing to maintain PCI DSS compliance from year to year, reveal new statistics. According to the 2017 Verizon Payment Security Report, the number of enterprises becoming fully compliant is on an upward trend—growing almost five-fold since 2012. Last year, 55.4 percent...

A trojan is leveraging infected USB flash disks to help spread fileless malware that abuses legitimate functions on a compromised system. The baddy, which Trend Micro detects as "TROJ_ANDROM.SVN," conceals itself within two malicious files on an infected USB. These files are called "addddddadadaaddaaddaaaadadddddaddadaaaaadaddaa...

According to media reports, a malware attack has managed to disrupt the operations of parliamentary business in the German federal state of Saxony-Anhalt. The problem at the Saxony-Anhalt Landtag appears to have started after a state parliament employee opened a malicious email attachment on Wednesday that proceeded to infect their PC. The computer...

10 years ago, people used to enter a bank physically to complete any kind of transaction. The situation has changed a lot today. With the introduction of online banking, people are able to make all types of transactions with the click or touch of a button. Last year, a survey from Bank of America revealed that 62 percent of Americans now utilize...

The damage wrought by the WannaCry and NotPetya malware outbreaks highlights the importance of organizations taking steps to strengthen their digital security defenses. But in the shadow of such high-profile attacks, the state of organizations' security postures remains unclear. Do most companies understand the importance of their information and...