In June 2016, researchers at Sucuri Security tracked a distributed denial-of-service (DDoS) attack against one its customers. The campaign consisted of a layer 7 attack (HTTP Flood) that generated 50,000 requests per second (RPS) for several days. Such intensity is not by itself unusual. What made this campaign stand out, however, was the attackers'...

A teenager who launched distributed denial-of-service (DDoS) attacks against government websites and the SeaWorld theme park has received no prison time for his crimes. According to prosecutors, the teenager from Plymouth in Devon conducted a three-month attack spree from late-2014 to early-2015. During that time, the teen--who was 14 years old at...

At Infosecurity Europe 2016, Tripwire conducted a two-part survey involving 400 security professionals in attendance at the conference. In the first part, Tripwire requested that respondents reflect on the evolving ransomware threat. 93 percent of security professionals said crypto-malware attacks will continue to escalate, while 56 percent of...

I am a penetration tester by trade. What does that mean I do in my day-to-day? Well, that depends on whom you ask, as it is open to interpretation. Penetration testing means different things to different people. What it meant a decade ago is different from what it means today, and that will be different from what it means a decade from now. So,...

A new report from the Office for National Statistics (ONS) states that cybercrime is on the raise in England and Wales. According to the report, adults aged 16 and over experienced an estimated 5.8 million incidents in the past 12 months, with 3.8 million of those classified as fraud and another 2 million as computer misuse incidents. Regarding...

One of the world's largest BitTorrent distribution sites Kickass Torrents (KAT) has gone offline following the arrest of its alleged owner. On July 20, kat.cr, which is the current domain for the website, appeared to be offline, reports Gizmodo. Those loading issues surfaced the same day U.S. authorities arrested Artem Vaulin, 30, of Kharkiv,...

Are you a fan of Warframe? Is so, Digital Extremes, the company behind the popular online game for the XBox One, Playstation 4 and PC, has some bad news for you. Last week we were made aware of a potential web server breach that occurred in November 2014. At the time, we believed this to be a phishing scam as our account server was secure. After a...

In the first and second part of this series, we introduced the risks of the IoT / IoE world and addressed the mandatory security design considerations around the C-I-A triplet; the concepts of “openness;” the secure system and SDLC; the 4 “A”s; as well as the term “non-repudiation.” To continue with our overview, we will describe the important...

Cicis Pizza, a casual fast food restaurant chain, has acknowledged it suffered a payment card breach at more than 130 locations. On July 19, the restaurant chain informed its customers of the breach: "Cicis values its customers and respects the privacy of your information. As a precautionary measure, we want to inform you that your personal...

One of the dominant tech stories of the year has been the Netflix crackdown on VPN users, and six months in, the story continues to rumble on. Despite widespread criticism, Netflix is still attempting to, slowly but surely, block access to its service from each and every VPN. To look at some of the media coverage of their activities, it would be...

In today's digital threat environment, the common computer criminal wants two things: money and safety. They want to get a high return on investment for their efforts, but they don't want to get caught. By meeting those two demands, a criminal ensures they have the resources and freedom necessary to plan out future attacks. These bad actors get what...

A security audit evaluating many best-selling fitness trackers and wearable devices, including the Apple Watch, revealed that some manufacturers are continuing to make blatant security errors. Conducted by AV-TEST, the new study found several security flaws in Android-powered fitness trackers. The organization tested the following devices: Basis...

Breaches involving stolen credentials don’t surprise anyone these days. Those of us in infosec know too well that it’s a thousand times easier for the bad guys to gain access to a network and fly under the radar with a stolen login—often obtained through social engineering—than it is to get through cyber defenses. From the bad actors’ perspective,...

A security breach at Ubuntu Forums exposed the information of as many as two million users. Jane Silber, CEO of Canonical, which is the company that produces the Debian-based Linux operating system Ubuntu, published a statement about the hack on Friday: "At 20:33 UTC on 14th July 2016, Canonical’s IS team were notified by a member of the Ubuntu...

You’ve managed fine on your own for years, but suddenly there’s a new security data scientist in your life. You’re excited at the possibilities, but can you really make it work? Here are five sure-fire ways to turn that initial buzz into a perfect partnership, so that your data scientist can deliver the insights you’re looking for. Together, you can...

It has been eight months since the Court of Justice for the European Union struck down the 15-year-old Safe Harbor arrangement between the EU and US. At the time, there was a good deal of consternation over the future of EU-US data exchange and just how businesses would continue to operate. Despite several fits and starts, parties on both sides of...

A man has received prison time for his role in doxxing and swatting 50 people including politicians, celebrities, and infosec journalist Brian Krebs. Mir Islam (Source: Krebs on Security) On July 11, the United States District Court for the District of Columbia sentenced Mir Islam, 22, to two years...

In May 2016, the Federal Bureau of Investigations issued an alert warning hospitals, state and local governments, law enforcement, small businesses, and individuals to be on the lookout for a rise in ransomware attacks. The FBI acknowledges in its letter that in the absence of data backups, victims of a ransomware attack have no option but to pay...

A good definition of Internet of Things (“IoT”) found in Wikipedia is “the network of physical devices, vehicles, buildings and other items—embedded with electronics, software, sensors, and network connectivity that enables these objects to collect and exchange data.” Although this is a very broad definition, it is important to understand the...

Fiat Chrysler Automobiles (FCA) announced on Wednesday the launch of its own bug bounty program, rewarding researchers for disclosing security vulnerabilities in its connected cars. As the seventh-largest automaker in the world, Fiat Chrysler is among the first major vehicle manufacturers to offer ...