The Information Commissioner's Office (ICO) of the United Kingdom announced it will fine Equifax £500,000 for a data breach that occurred in 2017. In a monetary penalty notice filed on 19 September, the ICO revealed its decision to impose the maximum fine specified in section 55A of the Data...

Three men who operated and controlled the notorious Mirai botnet have been sentenced to five years of probation. The Mirai botnet notoriously launched a massive distributed denial-of-service (DDoS) attack on DNS service company Dyn in October 2016 and made it impossible for many users to reach popular sites such as Amazon, Reddit, Netflix, Twitter,...

With individuals, businesses and critical infrastructure increasingly becoming the target of cyber-attacks, cybersecurity today is a multifaceted challenge. As the saying goes, “There’s more than one way to skin a cat.” And if the cat equates to preventing, detecting or discovering disruptive data breaches and determining the root cause, the vendor...

Over the past several months, increased attention has been paid to U.S. federal government policies surrounding internal use of IoT devices. In January 2018, researchers discovered they could track the movements of fitness tracker-wearing military personnel over the Internet. In July, a similar revelation occurred with fitness app Polar, which was...

Cyberattacks hit record highs last year, with nearly 160,000 cyber incidents reported and seven billion records exposed in the first three quarters of 2017, according to Online Trust Alliance’s Cyber Incidents and Breaches Trends Report. With the ubiquity of cyberattacks comes a need for more professionals. However, skilled individuals who are not...

A ransomware attack prevented an English airport from using its flight information screens to assist passengers in their travels. On 13 September, Bristol Airport tweeted out that its flight information systems were experiencing technical difficulties. https://twitter.com/BristolAirport/status/1040427309306662912 For the two days that followed, the...

Governments, businesses and societies as a whole benefit enormously from Artificial Intelligence (AI). AI assists organisations in reducing operational costs, boosting user experience, elevating efficiency and cultivating revenue. But it also creates a number of security challenges for personal data and forms many ethical dilemmas for organisations....

The cyber security field is booming, with demand for cyber security professionals far outpacing supply. This talent shortage has created an industry where pay is high and the options for job seekers are plentiful. Yet there is also a shortage of cyber talent caused by a confluence of factors, including employers demanding too many required skills...

A man who spent years on the run from the FBI for his part in a lucrative criminal operation that spread scareware via the Minnesota Star Tribune website has finally been sent to prison. Twenty-nine-year-old Peteris Sahurovs (also known as "Piotrek" and "Sagade") was sentenced this week by a U.S. court to 33 months in prison for conspiracy to commit...

The OilRig group conducted at least one attack campaign containing an updated variant of the BONDUPDATER trojan as its final payload. In August 2018, Palo Alto Networks' Unit 42 threat research team detected an OilRig campaign targeting a high-ranking government organization in the Middle East. The email campaign leveraged spear-phishing, one of the...

Vulnerability management (VM) programs are the meat and potatoes of every comprehensive information security program. They are not optional anymore. In fact, many information security compliance, audit and risk management frameworks require organizations to maintain a vulnerability management program. If you don’t have vulnerability management tools...

Bolting on security after the fact. It’s been a common approach to software security for decades. We architect, build code, deploy it and then figure out how to secure it. From the parade of application-related breaches and data thefts over the last few years, we pretty much know this approach does not work. Fortunately, the evolution of continuous...

It shouldn’t come as a surprise to anyone reading this article that there has been a major shift towards businesses hosting their critical applications in the cloud. Software-as-a-Service (SaaS), as well as cloud-based servers from Amazon or Microsoft, have changed the way we build networked business systems for any size organization. Cloud-hosted...

The concept of configuration hardening has nice imagery to it. When we use it to describe battle-hardened soldiers who have been tested in combat, a grim, determined image invariably leaps to mind. The same thing happens when we speak of hardened steel that’s been repeatedly quenched and tempered or of hardened fortifications and bunkers. What Are...

“Worldwide spending on information security products and services will reach more than $114 billion in 2018, an increase of 12.4 percent from last year, according to the latest forecast from Gartner, Inc. In 2019, the market is forecast to grow 8.7 percent to $124 billion.” That’s good, right? Well maybe-not-so-much. The current dystopian cyber...

Today’s VERT Alert addresses Microsoft’s September 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-796 on Wednesday, September 12th. In-The-Wild & Disclosed CVEs CVE-2018-8440 This vulnerability was disclosed on Twitter on August 27th, and a high level analysis was published on...

Security professionals are warning users who are or soon will be engaged in real estate transactions to watch out for the "homeless homebuyer" scam. On 10 September, Verdict built upon its coverage of account takeover attacks found in its threat insight magazine Verdict Encrypt to discuss this...

The U.S. Government is constantly working to improve its ability to respond to the growing threat of cyber-attacks facing the national power grid. Towards that end, the Federal Energy Regulatory Commission (FERC) approved the revised critical infrastructure protection reliability standards for cybersecurity management controls on April 19, 2018. The...

Apple has removed "Adware Doctor" from the macOS App Store amid claims that the program was uploading browser histories to China. Adware Doctor, which sold for $4.99 and was listed last week among the highest grossing apps in the "Paid Utilities" category of the macOS App Store, promised it would "keep your Mac safe", "get rid of annoying pop-up ads...

When we think of industrialization and the industrial revolution, images of smoke stacks, purpose-built machinery, and automation come to mind. Some examples are the Jacquard Machine, as pictured below. This machine simplified the process of manufacturing textiles in the early 1800s, and some consider it an early example of computer punch cards and...