A hacker compromised more than 600,000 users' accounts when they stole a database operated by the font sharing site DaFont. In early May 2017, the currently unnamed hacker stole a site database containing 699,464 usernames, email addresses, and hashed passwords after hearing of other attacks launched against it. As they told ZDNet in an interview: ...

The summer of 2016 was a tumultuous ride for those of us in the security community. Less than a year ago, nobody had ever heard of The Shadow Brokers or Anna-Senpai but the same month (August 2016), these two – as yet unidentified persons or groups – made it clear that we are in the midst of a massive paradigm shift regarding threats to our society....

According to a recent survey, about 1 in 10 PC users (9.8 percent) in the US ran unpatched Windows operating systems in the first quarter of 2017 – up from 6.8 percent the previous year. The findings come from Flexera Software’s latest Personal Software Inspector Country Report, which aims to highlight the state of security among PC users in the US...

A new variant of Loki Bot is capable of stealing credentials from over 100 software tools assuming they are installed on an infected machine. The malware's updated form leverages social engineering techniques to trick a user into running it. Specifically, it masquerades as a PDF sample that Dropbox couldn't successfully open. A user who clicks on...

Restaurant search website Zomato has announced that it has suffered a major security breach, resulting in the theft of a user database containing 17 million users' names, email addresses and passwords. The news comes as it is reported that a hacker calling themselves "nclay" is claiming to offer the database for sale on the dark web. ...

Social engineering is the exploitation of human error to deceive end users. Ransomware is a type of malware (malicious software) often used in social engineering attacks. When attacked with ransomware, businesses are literally held for ransom while being denied the ability to carry out their usual business operations. The UK Government has recently...

This post was updated on May 17, 2017, at 12:20 PM PDT. Over the past few days, there has been a lot of buzz around the WannaCry ransomware campaign. For those in the trenches dealing with how to address wave after wave of attacks, it's not as simple as the unhelpful motto of "patch your systems." Most medium and enterprise businesses cannot trust...

The past few months have accelerated the struggle between cybercriminals and those that defend against them. It seems that once again we are back on the defensive—as fast as law enforcement can arrest the bad guys, more and increasingly vicious cyber-attacks are unleashed. It’s been ugly, heartbreaking, and in some cases demoralizing. Even though...

When I started at Tripwire just over five months ago, I never really thought about compliance and why it’s critical. To me, it was something that companies went through and dare I say it, it seemed a bit boring. But the more time I spend at Tripwire, the more I understand why business compliance requirements are so important and how they help us as...

Brooks Brothers announced on Friday that it recently learned of a potential credit card breach, affecting customers who shopped in-store over the past year. In a press release, the men’s clothing retailer – which operates more than 400 stores worldwide – said potentially compromised information included cardholder names, account numbers, card...

Patients turned away. Ambulances diverted. Doctors and nurses locked out of patient files and unable to deliver care. On Friday, 45 National Health Service (NHS) organizations in the UK and Scotland and over 200,000 other victims in 150 countries fell prey to the WannaCry ransomware. The threat spread quickly, infecting vulnerable Microsoft systems...

DocuSign is warning customers and users to be on the lookout for targeted emails containing malware after a data breach affected one of its systems. On 15 May, the provider of electronic signature technology disclosed the security incident in an update posted to its website: "...[T]oday we confirmed that a malicious third party had gained temporary...

If you’ve been infected with WannaCry, you're probably not getting your files back if you pay. About three days ago, a ransomware campaign named “Wannacry” began. If you looked only at what mainstream media is telling you, this was malware written by genius programmers who know what they are doing and is one of the most sophisticated and profitable...

As a woman who works in cybersecurity, I know that there are many amazing women in my field. Last time, I had the pleasure of speaking with Cheryl Biswas, who works as a corporate cybersecurity consultant. This time, I spoke to Thaís. She's been educated on two different continents in both physics and computer science! Now she's doing some pretty...

While May 11 saw the release of the long-awaited Trump Administration Cybersecurity Executive Order, Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, May 1 saw the less public release of an important companion document called Establishment of the American Technology Council. Focused on IT modernization and the upgrade...

Fraudsters have launched a new scam campaign where they offer WhatsApp users one year of free membership access to Netflix. An attack begins when a user receives a message about gaining free access to the streaming service from one of their WhatsApp contacts. The message appears to come from the Netflix domain. But careful inspection of the...

Each year, the United Nations observes the International Day of Families on May 15. It's a day that focuses on the role families play in cultivating education and lifelong learning. By emphasizing the importance of caregivers, the International Day of Families encourages parents to teach their children about sustainable development, human rights,...

The college year is rapidly coming to a close, and for many students who are in their early college years, an internship is usually part of the summer plans. With the growing interest in cyber security and infosec, as well as the increased availability of cyber security programs in many higher education establishments, some students are entering the...

On Friday May 12th, the headlines were all about how the NHS UK trusts had been impacted by a severe cyber-attack. The attack was related to a strain of ransomware called “Wana Decrypt0r 2.0”, also known as Wannacryptor, WannaCry or wncry. As the news unfolded, reports revealed the NHS had not been the victim - other organizations around the world...

Within a matter of hours, an updated version of WannaCryptor ransomware struck hospitals belonging to the National Health Service (NHS), Telefonica, and several other high-profile targets. News of the attacks first broke on the morning of 12 May, when a doctor operating under the pseudonym "B" broke posted the following message on Twitter: https:/...