Cisco has patched a remote code execution (RCE) vulnerability bearing a "perfect" CVSS score of 10.0 that affects its Adaptive Security Appliance (ASA) software. On 29 January, the American multinational technology conglomerate publicly recognized the security issue (CVE-2018-0101) and revealed that it affects the ASA software found in the following...

Data breaches are common in the news lately, but a recent study by credential monitoring firm VeriClouds focuses specifically on the credentials of Fortune 500 employees found in account leaks posted online. Using a corpus of 8 billion stolen credentials gathered over three years, the total number of employees of each Fortune 500 company was compared...

Users of a fitness tracking app have inadvertently exposed the locations of military bases by publicly sharing their jogging/cycling routes. Many service people who use Strava, an app which allows them to record their exercise activity using GPS plotting, are sharing their data publicly. Their movements have ended up in Strava Labs' Global Heatmap...

There are many managerial and operational tasks required to successfully grow a startup business. One of the biggest mistakes startup businesses make is neglecting to safeguard their data from cyber threats. Some studies show that 200,000 new malware samples were discovered each day in 2016. Unfortunately, analysts expect this number to increase as...

Cloud computing is not a new name anymore, and its adoption is growing consistently across various industries. Public cloud is a disruptive technology, irresistible to the Financial Services Industry (FSI) due to its tremendous benefits, including agility, elasticity, time to market and on-demand provisioning, to name a few. However, there are genuine...

A single Monero cryptocurrency mining operation has used malware delivery techniques to affect at least 15 million people worldwide. The campaign, which has been active since at least October 2017, delivers its payload using one of 250 unique Microsoft Preinstallation Environment (PE) files like "File4org]_421064.exe" and "[Dropmefiles]_420549.exe."...

Reddit, the so-called "front page of the internet", has some important news for its 250 million registered users. You can now secure your Reddit account with two-factor authentication (2FA). The additional layer of security has been rolled out as an option to all users following months of beta-testing. To enable the feature, Reddit users must access...

Data Privacy Day began in the USA in 2008 as an extension of Data Protection Day in Europe. Since then, The National Cyber Security Alliance (NCSA) has led this international effort, which is held annually on January 28 to help create awareness about the importance of safeguarding data, respecting privacy, and enabling trust. In our efforts to help...

Phishing attacks continue to threaten organizations' digital security in droves. Kaspersky Lab prevented 46,557,343 phishing attempts in the second quarter of 2017 alone. Overall, close to one in ten (8.26%) of Kaspersky users encountered a phishing attack that quarter. Recognizing the prevalence of phishing, it's useful to examine the granular...

A popular WordPress plugin has fixed a vulnerability that allowed an unauthenticated user to download the subscriber lists for more than 100,000 websites. Email Subscribers & Newsletters incorporated the fix into version 3.4.8 on 19 January after working closely with Dominykas Gelucevicius from ThreatPress, a company which offers security products...

Especially in recent weeks and months, information security has become an issue of interest to a lot of different people. Over the last several years, more people have started paying attention to infosec issues, which means the audience of infosec communication has drastically grown and changed. Effective communication is audience-dependent. You have...

An engineering firm has paid attackers $1,300 after ransomware encrypted its servers along with its data backup system. The infection occurred when bad actors targeted DGH Engineering Ltd. with a malicious email. An employee at the firm clicked on a clink contained therein. This action paved the way for crypto-ransomware to encrypt the company's...

Uber is under fire for reportedly dismissing a security flaw that can allow hackers to bypass the app’s two-factor authentication (2FA) and gain unauthorized access to user accounts. A New Delhi-based security researcher, Karan Saini, discovered the flaw and filed a report with HackerOne, which...

Another hospital in Indiana has suffered a ransomware attack that affected some of its servers and prevented files from loading correctly. On 11 January, an employee of Adams Memorial Hospital of Decatur, Indiana notified administrators that some files didn't look correct. Susan Sefton, a spokesperson for the hospital, said the network went blank...

The cryptocurrency rush took the world by storm last year. This dynamic environment lured new players, including hungry investors, miners, enthusiasts, looking to their hand at innovative startups not to mention threat actors. We witnessed blockchain splits, a boom of Initial Coin Offerings (ICOs), regulatory attempts by governments, the granting of...

The healthcare industry is no stranger to data breaches. In 2017, SSM Health, the University of Iowa Health Care (UIHC), and Arkansas Oral & Facial Surgery Center all suffered security incidents where bad actors possibly exposed patients' medical data. No doubt there are also countless other healthcare organizations that have yet to detect an...

MailChimp has plugged a privacy issue that leaked users' email addresses when they responded to websites' newsletter campaigns. Self-proclaimed mobile enthusiast Terence Eden discovered what he calls an "annoying privacy violation" while viewing the referral logs for his website. Those logs help document "Referer Headers" (misspelling intended),...

Internet users are doomed. I don't mean you or me; the fact that we're reading this article on Tripwire's The State of Security blog means we at least have a passing interest in protecting ourselves online. No, I mean those folks who, like us, use the internet but don't take the steps necessary to put in place the most rudimentary defenses to...

The retail industry saw more than its fair share of data breaches in 2017, with security incidents impacting at American supermarket chain Whole Foods Market and clothing companies Brooks Brothers, The Buckle, and Forever 21, to name a few. At least some of those events likely resulted from retailers' poor data breach preparation. Consider the fact...