In today's ever-evolving world, the PC is no longer the sole endpoint found on organizations' networks. It is joined by the likes of servers and point-of-sale terminals (PoS), endpoint devices which are contributing to a growing complexity of modern IT environments. Such change demands that IT professionals rethink their organizations' endpoint...

Sometimes things would be better if people didn't keep their word. Take hackers, for instance. Hackers using the online handle "DotGovs" published information about 9,000 Department of Homeland Security (DHS) workers earlier this week after stealing it from the Department of Justice's intranet. Many of us probably hoped that DotGovs couldn't be...

Another change of the seasons is upon us. An interesting correlation is that these quarterly seasonal changes also follow the password change schedule in use in many organizations. If you work in an office, you probably receive a notice to change your password every 90 days. The odd correlation of requiring a password change every 90 days in a...

Security incidents pose a real threat to industrial networks. In 2014 alone, organizations in the energy, utilities, industrial, and oil and gas sectors encountered 245 unique industrial control system (ICS) incidents, with more than 800 security advisories published that same year. To make matters even more daunting, only a fraction of those events...

Week after week and year after year penetration tests are performed against companies and we continue to find the same things. Do you really want to hire that pentest company to come in and tell you the obvious? You could get better value from your tester if you take some simple steps to prepare before they start their assessment, not to mention you...

Today’s VERT Alert addresses 13 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-656 on Wednesday, February 10th. Ease of Use (published exploits) to Risk Table Automated Exploit ...

The Obama administration has announced its intention to appoint the United States' first ever federal chief information security officer (CISO). On Tuesday, the President is expected to roll out a budget of $19 billion for federal information security spending. That budget, which marks a 35 percent increase over last year's allotment of $14 billion,...

In the last year, change management has been one of the top challenges customers want to solve. The problem is complex, and integration is essential to producing a sustainable solution. There are multiple drivers behind the challenge. First of all, there must a compliant change management process that produces supporting evidence. For high-impact...

A hacker has published the personal information of more than 9,000 employees at the Department of Homeland Security (DHS) ahead of a data dump involving 20,000 FBI officials. On Sunday, an account on Twitter posted the names, titles, email addresses, and phone numbers of 9,000 DHS employees. The...

Back in December, Heimdal Security spotted the Angler exploit kit leveraging drive-by campaigns to infect unsuspecting web users with Cryptowall 4.0 ransomware. The notorious malware has since been spotted in additional attack campaigns, leading Heimdal to wonder whether a newer version is on the horizon. Cryptowall's next installment will no doubt...

Google announced on Wednesday plans to expand its Safe Browsing initiative aimed to protect users against social engineering attacks, such as deceptive online ads that install unwanted software or reveal personal information. The Mountain View, California-based company said in a blog post it will begin to target embedded content on a web page that...

A former employee of the U.S. Department of Energy (DoE) has pleaded guilty to an attempted spear-phishing attack against government computers. On Tuesday, Charles Harvey Eccleston, 62, who also worked for the U.S. Nuclear Regulatory Commission (NRC) at one time, admitted his guilt in conspiring to cause damage to Department of Energy computers via...

It's one of Microsoft's best kept secrets. First released in 2009, the Enhanced Mitigation Experience Toolkit from Microsoft (EMET for short) has been helping companies reduce the risk of being exploited via unknown vulnerabilities in Windows and Windows applications. By detecting and preventing the buffer overflows and memory corruption...

This will not come as a surprise to many of you, but there’s a current shortage of cyber security experts out in the field, which is causing job vacancies all over the country. Over the years, we’ve seen the demand for cyber security professionals spike dramatically as organizations realize there’s a problem, and are actively looking to recruit...

A researcher has spotted a "massive" spam advertising campaign that threatens to install backdoors and constantly reinfect WordPress sites. Denis Sinegubko, a senior malware researcher at Sucuri Security, explains in a post published on the company's blog how he and Sucuri's research teams recently detected the advertising campaign: "This past...

I’ve had a lot of conversations with high school students and students in their initial years of university who don’t particularly know what they want to be when they grow up. Heck, I’m still trying to figure that out! The advice you hear from most guidance councilors and others who mean well is generally to find something you like to do, something...

Imagine we’re sitting at a Starbucks on a Friday afternoon. The coffee shop is pretty busy and full of aspiring hipsters sipping soy lattes and typing away at their MacBooks while loudly listening to Miles Davis. Suppose we really dislike Miles Davis for some reason, and we really want to turn that music off. We could connect to the open WiFi...

Last week, luxury retailer Neiman Marcus Group (NMG) notified some customers attackers had gained unauthorized access to their online accounts. According to the company, the incident dates back to on or around December 26, 2015, when intruders attempted various login and password combinations using automated attacks in an effort to access customers’...

Hit by ransomware and have no backup? Most of the time, regretfully, you have no chances to recover the encrypted data beyond paying the ransom to the extortionists. The crypto algorithms employed in these attacks cannot be cracked, and the private decryption key is kept on servers inaccessible to the victims. But let’s be positive. Quite a few...

An American man has received five years of probation for co-creating the BlackShades remote access trojan (RAT). On Friday, Michael Hogue, 25, of Arizona, who went by the name "xVisceral" online, received his sentence from U.S. District Judge Keven Castel in Manhattan after pleading guilty back in 2013 to distributing the malware and conspiring to...