Nearly one in five students at Ohio State University clicked on unverified links in emails sent to them as part of a phishing simulation. On 31 January, the IT risk management office at Ohio State University (OSU) initiated a phishing exercise against the university's student population. Its intention was to determine how many students would click...

Online travel services firm Orbitz has revealed that it has suffered a "data security incident" which may have compromised the sensitive information of hundreds of thousands of customers. According to Orbitz, which was acquired by Expedia in two years ago, hackers were able to infiltrate a legacy version of the company's travel booking platform...

Netflix has launched a public bug bounty program through which security researchers can receive rewards of up to $15,000. Announced on 21 March, the streaming service's new vulnerability responsible disclosure framework will award researchers upwards of thousands of dollars for reporting weaknesses discovered in Netflix's primary targets. In-scope...

BULLETIN CVE Browser CVE-2018-0942, CVE-2018-0929, CVE-2018-0927, CVE-2018-0932, CVE-2018-0879 Scripting Engine CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0934, CVE-2018-0933, CVE-2018-0936, CVE-2018-0937, CVE-2018-0930, CVE-2018-0931, CVE-2018-0939, CVE-2018-0891, CVE-2018-0876, CVE-2018-0889, CVE...

Industrial control systems (referred to as ICS) have faced an ever-growing volume of threats over the past few years. From 2015 to 2016, IBM Managed Security Services reported a 110 percent increase in ICS cybersecurity attacks. The US accounted for most of these incidents, given it has the most Internet-connected ICS networks on the planet, but the...

The oil and gas sector in the Middle East has become a top target for cybercriminals, enduring 50 percent of all cyber-attacks in the region, revealed a new report. The study, conducted by industrial giant Siemens and the Ponemon Institute, polled around 200 individuals in the Middle East responsible for securing or overseeing cyber risk in oil and...

In my previous post, I took deep dive into AWS S3 permissions to outline the myriad of ways someone could expose their AWS S3 buckets and objects to everyone on the Internet. As I discussed there, the complexity of the S3 permission system is very powerful and provides users with a lot of flexibility; however, it also makes it very easy to...

Microsoft has launched a limited-time bug bounty program to help discover and address vulnerabilities similar to Spectre and Meltdown. On 14 March, the Redmond-based tech giant announced a framework for speculative execution side channel vulnerabilities. The program encourages researchers to submit their discoveries of hardware design weaknesses on...

On average, UK businesses lose around £30 billion every year as a result of cyber crime. Unfortunately, the risks are only getting greater and more prominent. Now is the time for you to act. Here are four vital tips for securing your SME in an online world. Identify All Threats “Cyber Risk Reviews must consider your IT in your facilities such as...

The digital revolution is here. With technology playing an increasingly significant role in everyday life, the world becomes more and more connected through, and dependent upon, computers. Mobile technology, the Internet of Things, machine learning and the cloud, just to name a few, all mean opportunity and possibility for businesses, professionals...

For the first time on record, the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) publicly blamed Russia for attempting to hack U.S. energy infrastructure. On 15 March, DHS and FBI published a joint Technical Alert (TA) via the United States Computer Emergency Readiness Team (US-CERT). In it, officials say Russian...

DNS or the Domain Name System is the connection between a device and the internet. It essentially works as the directory for the internet. The web address entered by a user is sent to the DNS server, which converts it into the IP address format. For instance, you enter a URL (www.example.com); your browser will then send the request to DNS server...

A US-based power company has agreed to pay a $2.7 million penalty after inadvertently exposing sensitive data online and violating energy industry cybersecurity standards. According to an electronic filing by the North American Electric Reliability Corporation (NERC) on Feb. 28, the unnamed utility reached the settlement with power regulators...

If you're responsible for your company network there's a strong possibility that you aren't keen on users installing BitTorrent clients. Not only might they be gobbling up vast amounts of bandwidth, but they could also be downloading pirated content or malware that could create headaches for your organisation. But in the case of the popular Russian...

A new family of point-of-sale malware called "PinkKite" uses a unique method to exfiltrate consumers' stolen payment card information. Bromiley and Dayter presenting on PinkKite at Kaspersky's Security Analyst Summit. (Source: Threatpost) Kroll Inc. researchers Matt Bromiley and Courtney Dayter...

In today’s world of the Internet of Things and connected devices, it is now more critical than ever to be aware of how cybercriminals target personal information and take steps to combat them whether at work, at home, or on vacation. This March and April, many families will be heading out of town for spring break. If it's any indication for this...

Hackers all have different intentions. Some work to making computer networks more secure, while others develop malware and exploit software vulnerabilities. Of the latter group, there is a special subclass of criminals: those who make the FBI’s Cyber’s Most Wanted list. These individuals give a whole new meaning to black-hat hacking. The nature of...

Public Key Infrastructure (PKI) is the glue that holds the internet together. As the internet has developed into a multi-faceted ecosystem with every single ‘thing’ now considered an internet-connected endpoint, PKI has also had to develop quickly in order to meet the demands of the market. Back in the early 2000s, there weren’t many regulations out...

A SIEM or Security Information and Event Management is only as good as its logs. People can think of logs as the fuel for the engine. Without logs (log management), the SIEM will never be useful. Selecting the right types of logs to ingest in your SIEM is a complex undertaking. On one hand, it is easy to say “Log it all!” but you will inevitably...

Today’s VERT Alert addresses Microsoft’s March 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-769 on Wednesday, March 14th. In-The-Wild & Disclosed CVEs CVE-2018-0808 This publicly disclosed CVE could lead to a successful denial of service against ASP.NET Core web applications due to...