In the last year, change management has been one of the top challenges customers want to solve. The problem is complex, and integration is essential to producing a sustainable solution. There are multiple drivers behind the challenge. First of all, there must a compliant change management process that produces supporting evidence. For high-impact...

A hacker has published the personal information of more than 9,000 employees at the Department of Homeland Security (DHS) ahead of a data dump involving 20,000 FBI officials. On Sunday, an account on Twitter posted the names, titles, email addresses, and phone numbers of 9,000 DHS employees. The...

Back in December, Heimdal Security spotted the Angler exploit kit leveraging drive-by campaigns to infect unsuspecting web users with Cryptowall 4.0 ransomware. The notorious malware has since been spotted in additional attack campaigns, leading Heimdal to wonder whether a newer version is on the horizon. Cryptowall's next installment will no doubt...

Google announced on Wednesday plans to expand its Safe Browsing initiative aimed to protect users against social engineering attacks, such as deceptive online ads that install unwanted software or reveal personal information. The Mountain View, California-based company said in a blog post it will begin to target embedded content on a web page that...

A former employee of the U.S. Department of Energy (DoE) has pleaded guilty to an attempted spear-phishing attack against government computers. On Tuesday, Charles Harvey Eccleston, 62, who also worked for the U.S. Nuclear Regulatory Commission (NRC) at one time, admitted his guilt in conspiring to cause damage to Department of Energy computers via...

It's one of Microsoft's best kept secrets. First released in 2009, the Enhanced Mitigation Experience Toolkit from Microsoft (EMET for short) has been helping companies reduce the risk of being exploited via unknown vulnerabilities in Windows and Windows applications. By detecting and preventing the buffer overflows and memory corruption...

This will not come as a surprise to many of you, but there’s a current shortage of cyber security experts out in the field, which is causing job vacancies all over the country. Over the years, we’ve seen the demand for cyber security professionals spike dramatically as organizations realize there’s a problem, and are actively looking to recruit...

A researcher has spotted a "massive" spam advertising campaign that threatens to install backdoors and constantly reinfect WordPress sites. Denis Sinegubko, a senior malware researcher at Sucuri Security, explains in a post published on the company's blog how he and Sucuri's research teams recently detected the advertising campaign: "This past...

I’ve had a lot of conversations with high school students and students in their initial years of university who don’t particularly know what they want to be when they grow up. Heck, I’m still trying to figure that out! The advice you hear from most guidance councilors and others who mean well is generally to find something you like to do, something...

Imagine we’re sitting at a Starbucks on a Friday afternoon. The coffee shop is pretty busy and full of aspiring hipsters sipping soy lattes and typing away at their MacBooks while loudly listening to Miles Davis. Suppose we really dislike Miles Davis for some reason, and we really want to turn that music off. We could connect to the open WiFi...

Last week, luxury retailer Neiman Marcus Group (NMG) notified some customers attackers had gained unauthorized access to their online accounts. According to the company, the incident dates back to on or around December 26, 2015, when intruders attempted various login and password combinations using automated attacks in an effort to access customers’...

Hit by ransomware and have no backup? Most of the time, regretfully, you have no chances to recover the encrypted data beyond paying the ransom to the extortionists. The crypto algorithms employed in these attacks cannot be cracked, and the private decryption key is kept on servers inaccessible to the victims. But let’s be positive. Quite a few...

An American man has received five years of probation for co-creating the BlackShades remote access trojan (RAT). On Friday, Michael Hogue, 25, of Arizona, who went by the name "xVisceral" online, received his sentence from U.S. District Judge Keven Castel in Manhattan after pleading guilty back in 2013 to distributing the malware and conspiring to...

There are several websites available that offer temporary and disposable email addresses, which have become quite popular among Internet users today, as they provide a quick alternative to anyone who wishes for their email address to remain private when sending and receiving emails. Temporary and Disposable Email/SMS - What you Need to Know Some...

Tripwire studied confidence vs. knowledge of financial services IT security pros on seven key security controls necessary to detect a data breach. For many controls IT pros believed they had the information necessary to detect a breach quickly but provided contradictory information about the specific data. ...

HSBC, one of the world’s largest banks, was targeted by distributed denial-of-service attacks (DDoS), causing its personal banking website and mobile services in the UK to shut down. According to reports, the attacks began Friday morning, which prevented customers from accessing online banking...

On Thursday, an activist posted online a data dump of private files belonging to the United States' largest police union. The Guardian reports that the Fraternal Order of Police (FOP), a union which represents 333,000 law American enforcement personnel, has contacted the Federal Bureau of Investigations and requested that it investigate how 2.5GB of...

It has been a busy couple of months for the web's most notorious exploit kits (EKs). Back in September, researchers detected a ransomware attack that leveraged outdated content management systems (CMS) in order to redirect user traffic to malicious domains infected with the Neutrino exploit kit and Teslacrypt ransomware. Another ransomware attack...

This is the conclusion to a three-part series of building a successful vulnerability management program. The first installment focused on Stage One, the vulnerability scanning progress. Without a foundation of people and process, the remaining stages are prone to failure. The second installment focused on Stage Two and Three, using a vulnerability...

For twenty years people have been running Java in their browsers. And for much of that time, malicious hackers have been exploiting vulnerabilities in the plugin to infect computers. Although the number of outbreaks caused by zero-day vulnerabilities found in the Java plugin has reduced in recent years, many users have found it hard to muster move...