Malware is one of the most dangerous classes of computer threats facing users today, and as a risk category, it is growing in sophistication. First, malware is now more difficult to detect. In an effort to stay one step ahead of security researchers, authors of malicious software are integrating evasion techniques, including environmental awareness...

Fiat Chrysler and Harman International, the maker of the Uconnect dashboard computer, have been slammed with a class-action lawsuit after two security researchers successfully exploited a vulnerability in uConnect to hijack a 2014 Jeep. As reported in The State of Security's July 24th security roundup, researchers Chris Valasek and Charlie Miller...

RFID is one of those ubiquitous technologies showing up everywhere from contactless payment cards to the neighborhood swimming pool. Some of these technologies offer appropriate security controls but many applications still use legacy technology that is easily subverted by an attacker. Back in 2013, data from HID Global indicated that 70-80% of...

This year’s BSides in sunny Las Vegas, Nevada, is off to an amazing start, with an overwhelming crowd and a great lineup of presentations from some of the industry’s brightest – and most inspiring – professionals. In the biggest BSides LV event yet, hundreds of attendees gathered at the Tuscany bright and early – eagerly waiting to hear from experts...

A true zero day, such as the recent vulnerability affecting Apple’s DYLD_PRINT_TO_FILE variable that an adware installer is said to be exploiting in the wild, is called that because it comes without warning, because by the time you know about it, you have already been compromised. They're expensive; they are the domain of nation states and the most...

A security researcher has found the first known exploit of a zero-day vulnerability affecting Apple's DYLD_PRINT_TO_FILE variable in the wild. The vulnerability, which was first found by researcher Stefan Esser in July, involves the addition of DYLD_PRINT_TO_FILE as a new environment variable to the dynamic linker dyld. As of this writing, this...

To quote Lewis Carrol, from Alice's Adventures in Wonderland: 'Would you tell me, please, which way I ought to go from here?' 'That depends a good deal on where you want to get to,' said the Cat. 'I don't much care where —' said Alice. 'Then it doesn't matter which way you go,' said the Cat It might sound like a relaxing way to go through life,...

There is a horrible prank that has been in circulation for the last few years whereby a person calls a local police department and reports a terrible crime in progress at a remote address, usually the address of an enemy. Using telephone number spoofing techniques, the call appears to originate from the home of the pranking victim. The police often...

Our new weekly security roundup series covers the week’s trending topics in the world of information security. In this compilation, we’ll let you know of the latest announcements, reports and controversies that the industry has been talking about recently. Here’s what you don’t want to miss from the week of July 27, 2015: A major password-reset...

Black Hat USA – one of the most anticipated security events of the year, and recently ranked among our top information security conferences – returns to Las Vegas this August for its 18th year. With an expected 9,000 attendees, this year's conference will offer over 100 briefings on the latest and most innovative security research from industry...

"Honey... Did you make sure you locked the basement door and activated the security system? I can't wait to get to the Big Rock Campground, the kids are going to love the waterslide..." Sound familiar? The majority of new homes today have some sort of physical security system protecting the property while the family is away, but are these security...

Yahoo announced that it has paid security researchers one million dollars as part of its bug bounty program. According to a post written by Ramses Martinez, Senior Director and Interim CISO at Yahoo, the company's bug bounty program, which The State of Security named one of our 11 Essential Bug Bounty Programs in 2015, has shown significant growth...

The hardware used in both the Internet of Things (IoT) and Industrial Control Systems (ICS) have many similarities; both often involve older systems incapable of running detection tools or monitoring agents due to outdated operating systems, resource limitations, proprietary systems and odd protocols such as Modbus and DNP3, amongst other...

The Domain Name System (DNS) is a hierarchical system that assigns names to computers, resources and services connected to the web. It is responsible for relating information associated with each Internet-based entity to a domain name. As such, DNS is an essential tool for organizing the web. In the wrong hands, however, it can be used to create...

Apple has patched an application-side input validation web vulnerability in iTunes and the App Store that allowed attackers to inject malicious code into user invoices. The vulnerability received a 'High' severity level and a CVSS rating of 5.8. It allows for session hijacking, persistent phishing attacks, and other malicious activities. Benjamin...

In Part 1, I discussed several important elements to landing a hands-on security gig, including passion and having the skills to pay the bills. Now, I’ll continue to guide you through various other essentials that could impact your career. Tools vs. Knowledge A good security analyst understands how various tools work, along with how to run the...

We all know that there's a problem with passwords. Most internet users are careless when choosing passwords - either re-using the same passwords they've used elsewhere or making them too easy to crack. And if they're not guilty of that mistake, there's always the chance that their computers are infected with spyware watching their keystrokes and...

Darkode, one of approximately 800 underground web forums, has resurfaced just two weeks after international law enforcement shut the site down. The takedown, known as "Operation Shrouded Horizon," began two years ago under the auspices of the Federal Bureau of Investigation's office in Pittsburgh, Pennsylvania. It eventually expanded to include...

A politically motivated hacking group who calls themselves 3301, appears to have compromised the website of Planned Parenthood. The politically motivated attack appears to have taken advantage of a vulnerability in an outdated version the Concrete5 website content management system. The group was not able to access the file system and the compromise...

I have been involved in the hiring process for our Security Operations Center (SOC) for about a year and a half. Throughout this time, I have reviewed resumes, conducted phone screens, and participated in the technical interviewing process. I have been both dumbfounded by the audacity of some individuals and amazed by the sheer awesomeness of rising...