A criminal who infected the computer systems of Mecklenburg County with ransomware has demanded a ransom payment of $23,000 for the decryption key. On 5 December, the government for Mecklenburg County, North Carolina informed its Twitter followers that it was "experiencing a computer-system outage." https://twitter.com/MeckCounty/status...

With more than 174 million Americans shopping over the Thanksgiving holiday weekend, it’s looking to be a busy holiday season for retailers this year. As shoppers continue hunting for the perfect gift over the next couple weeks, it’s important to remember that cyber criminals will likely be on the hunt as well. How prepared are retailers to deal...

Enterprise access point maker Ruckus once again patched up command injection vectors that could completely compromise both the ZoneDirector controller, as well as the Unleashed AP. One of the vulnerabilities is in fact strikingly similar to an issue in another Ruckus Web-GUI I disclosed last year. While vulnerability is essentially an inevitable...

A hacker commandeered a tourism agency's Facebook page and abused that unauthorized access to make a series of bizarre postings. Early in the morning on 4 December, the Facebook page for Explore Minnesota Tourism began publishing some unusual content. The stories consisted of fake news items with headlines such as "Detroit woman gives birth to her...

We're all hopefully familiar with the notion that criminals can phish details from unsuspecting computer users by creating copycat websites. To make a phishing page appear more legitimate a scammer might create a domain with a similar looking URL - for instance, appIe.com rather than apple.com (hint: if you didn't notice, the first "appIe" had a...

Last year, I wrote a short blog post about tools I had added to my pentesting toolbox. I’ve decided to make this type of article a yearly tradition. In this post, I highlight some of the useful tools I’ve started to use this past year. Domain Password Audit Tool First, I will shamefully promote a tool I wrote myself that will generate password...

Last time, I got to speak with Claudia Johnson. She's been in the tech industry for a long time, and she got into security the same way Brian Krebs did – by being attacked. Now I got to talk to Kristen Kozinski. She knows about secure code and web vulnerabilities. She also maintains a pretty nifty website for educating end users about security. Kim...

Scammers are pushing out fake PayPal emails that use the premise of an unverified transaction to phish for customers' personal and financial information. The attack emails lure in users with subject lines stating how PayPal couldn't verify their transactions or complete their most recent payments. Here's one example: ...

The holiday season is upon us, and nearly every day, my wife asks me what I want for Christmas. As a pop culture geek with interests in most fandoms, I have dozens of items that I could ask for, but the ultimate question is what do I really want to ask her to spend money on. In a perfect and very geeky world, I would likely come up with a method of...

I recently introduced a three-part series about injecting security hygiene into the container environment. For the first installment, I provided some background information on what containers are and how the container pipeline works. Let's now discuss how we can incorporate security into the pipeline. Assessing s Before Production To secure the...

Looking for a scalable solution and not sure what to ask? The best way to start off is to get an understanding of what scalability means because it can vary depending on the problem(s) that are trying to be solved, the company, and who you are talking to. According to Merriam-Webster, scalability is “capable of being easily expanded or upgraded on...

On September 24, 2017, two men pulled up alongside a home in Elmdon in the county of West Midlands, England. One of the men walked up to the house while the other approached a Mercedes parked outside. The former waved a box in front of the victim's house. Seconds later, the latter opened the driver's door of the victim's car, got in, and drove away...

BULLETIN CVE Microsoft Browser - IE and Edge CVE-2017-11848, CVE-2017-11856, CVE-2017-11855, CVE-2017-11827, CVE-2017-11833, CVE-2017-11803, CVE-2017-11844, CVE-2017-11845, CVE-2017-11874, CVE-2017-11872, CVE-2017-11863 Microsoft Browser - Scripting engine CVE-2017-11834, CVE-2017-11791, CVE...

With the cloud rapidly becoming the principal source of computing and data storage resources for organizations of all sizes, new types of exposures and attack paths have emerged. Earlier in the year, security researchers made a series of discoveries around organizations misconfiguring their AWS S3 buckets that allowed public access to the data...

A backdoor known as Tizi installs spyware onto Android devices in an effort to steal data from their owners' social media profiles. The Google Play Protect security team first detected the digital threat in September 2017 when they found an app with rooting capabilities. Since then, they've come across other apps that exhibit the same malicious...

As we introduced in part 1 of this “word crimes” series, cybersecurity terminology is important. Cybersecurity, IT professionals and legal professionals routinely abuse the terms “policy” and “standard” as if these words were synonymous. In reality, these terms have quite different implications, and those differences should be kept in mind since the...

Last time, I had fun speaking with Beth Cornils. She has a pretty cool job that involves testing IoT cars. This time, I spoke with Claudia Johnson. A cyber attack got her into the industry, and now she helps answer people's questions about cybersecurity. Kim Crawley: Please tell me about what you do. Claudia Johnson: In my current, as well as,...

An elite club in the United Kingdom has announced a data security incident where someone stole data pertaining to 5,000 of its members. Oxford and Cambridge Club. (Source: Wikipedia) The theft occurred when someone stole a backup computer drive for the Oxford and Cambridge Club out of a locked room...