A new family of point-of-sale malware called "PinkKite" uses a unique method to exfiltrate consumers' stolen payment card information. Bromiley and Dayter presenting on PinkKite at Kaspersky's Security Analyst Summit. (Source: Threatpost) Kroll Inc. researchers Matt Bromiley and Courtney Dayter...

In today’s world of the Internet of Things and connected devices, it is now more critical than ever to be aware of how cybercriminals target personal information and take steps to combat them whether at work, at home, or on vacation. This March and April, many families will be heading out of town for spring break. If it's any indication for this...

Hackers all have different intentions. Some work to making computer networks more secure, while others develop malware and exploit software vulnerabilities. Of the latter group, there is a special subclass of criminals: those who make the FBI’s Cyber’s Most Wanted list. These individuals give a whole new meaning to black-hat hacking. The nature of...

Public Key Infrastructure (PKI) is the glue that holds the internet together. As the internet has developed into a multi-faceted ecosystem with every single ‘thing’ now considered an internet-connected endpoint, PKI has also had to develop quickly in order to meet the demands of the market. Back in the early 2000s, there weren’t many regulations out...

A SIEM or Security Information and Event Management is only as good as its logs. People can think of logs as the fuel for the engine. Without logs (log management), the SIEM will never be useful. Selecting the right types of logs to ingest in your SIEM is a complex undertaking. On one hand, it is easy to say “Log it all!” but you will inevitably...

Today’s VERT Alert addresses Microsoft’s March 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-769 on Wednesday, March 14th. In-The-Wild & Disclosed CVEs CVE-2018-0808 This publicly disclosed CVE could lead to a successful denial of service against ASP.NET Core web applications due to...

A hacking attack at a New York-based outpatient center might have breached the medical records of approximately 135,000 patients. St. Peter's Ambulatory Surgery Center The incident occurred on 8 January 2018 when St. Peter’s Surgery & Endoscopy Center (the “Center”) discovered that an unauthorized...

As certain as the changing of the seasons, the drive toward autonomous cars is gaining pace. Changes in the car industry clearly demonstrate that the way we use our vehicles is evolving. In an increasingly connected world, our cars are becoming an important part of our lifestyle. But a question mark keeps hanging over the process. Are we, and the...

This article is part 3 of 3 in the “Insider Enterprise Threats” series, outlining effective policies and practices for combating insider cyber security threats (human behavior) to the modern enterprise. Over the course of this series, we’ve broadly examined the dangerous but highly-overlooked cybersecurity threat of malicious insiders. As...

Digital threat detection isn't as easy as it was more than a decade ago. The threat landscape no longer evolves slowly in pace with signature-based malware. It moves quickly and thereby complements the rate at which new software flaws are discovered and computer criminals exploit those weaknesses to compromise vulnerable systems. At the same time,...

Yahoo has agreed to pay $80 million to settle a federal securities class action lawsuit following the massive data breaches that compromised the personal information of three billion users. The suit was filed by several shareholders in January 2017, alleging the web services provider intentionally misled them about its cybersecurity practices, in...

Bitcoin is so far the most successful cryptocurrency. Nevertheless, just like other cryptocurrencies, Bitcoin has seen prices drop dramatically for the past few months. Price volatility remains one of the most significant challenges facing all cryptocurrencies, as they try to navigate a tricky ecosystem towards being recognized as a world currency....

Android P, the next generation of Google's operating system, may not be due for release until sometime later this year - but that doesn't mean we don't already know some of the features it has in store for us. That's because the Android P is now available as a developer preview. That means this first preview of Android P is intended for developers...

A cryptocurrency exchange says a large-scale phishing campaign was behind abnormal trading activity that affected some of its users. The trouble started on 7 March when some Binance users posted to Reddit about problems involving their accounts' alternative coin amounts. Here's what one person said: Binance just sold all my alts at market rate and...

Cloud computing has revolutionized the way businesses operate, and it is growing exponentially. The main advantages provided by this technology include cost optimization where there is no need for a capital expenditure upfront anymore and costs being further reduced by using economies of scale where a large number of organizations are sharing...

At least 400,000 servers are thought to be running a vulnerable program that can be tricked by a remote hacker into running malicious code. The problem is in versions of the open-source Exim message transfer agent (MTA). Exim, which was initially developed at the University of Cambridge, may not be a program familiar to the average computer user,...

A video game developer gave customers a $5.00 discount off their next purchase after discovering a data breach that affected two of its online stores. Nippon Ichi Software, a Japanese developer and publisher of video games, claims in an email sent out to customers that it identified the breach on 26 February. The incident involved the addition of a ...

On January 12, 2018, GSA (General Services Administration) posted a request for public comment regarding updates to the General Services Administration Acquisition Regulation that will include new cybersecurity compliance and reporting requirements for federal contractors that access data on unclassified systems. Two regulations in particular will...

It's confirmed that some locations of the Applebee's restaurant chain suffered a point-of-sale (POS) breach involving customers' payment card data. On 2 March, RMH Franchise Holdings (RMH) issued a notice of data incident on its website. The statement explains how RMH, a franchisee of Applebee's...