What is GDPR, when is it coming, and what steps should you take to comply?If you’ve been following the information security news or Twitter feeds, then you’ve no doubt seen the increase in traffic around the General Data Protection Regulation (GDPR). And there’s a good chance you’ve been ignoring it, as well. It’s time to pay attention, for GDPR is...

Scammers want nothing more than to steal our personal and/or financial information. Towards that end, they've come up numerous ways of tricking us into giving them our details. One particularly persistent method is the Grandma scam. Unlike email-based ploys, the Grandma scam centers around a fraudster who rings up an older individual. They pose as...

A Ukraine citizen will spend close to four years in prison for administering a fraud forum in addition to perpetrating other computer criminal activities. As reported by Brian Krebs, 29-year-old Sergey Vovnenko received a sentence of 41 months in prison on 16 February for wire fraud conspiracy and aggravated identity theft. ...

As the cloud continues to gain momentum, companies worldwide are increasing their spending towards the IT sector. Traditional IT systems are declining as modern digital technologies like AI and virtual reality are proving to be strong business driving forces. Indeed, the IT sector is being dominated by emerging cloud infrastructure, AI, VR,...

Canada is in the final stages of enacting legislation that will require all companies to report data breaches to the federal government. The Canadian government first passed the legislation back in 2015 as part of the Digital Privacy Act. Due to the need for "related regulations outlining specific requirements," government officials gave industry...

A hacker known as Rasputin used SQL injection (SQLi) to breach the databases of over 60 universities and government agencies. The threat actor, a Russian-speaking computer criminal who gained notoriety back in December 2016 for hacking the U.S. Election Assistance Commission (EAC), is targeting universities and government facilities based in the...

Yahoo is warning more of its users that their accounts might have been accessed by unauthorised parties. Yahoo believes that hackers managed to break into its internal systems, and used the proprietary code they accessed to forge cookies that would allow attackers to access accounts without needing a password. It goes without saying that the ability...

The perceived silver bullet of cyber insurance has existed since the 1990s, but companies were forced to consider coverage limitations when a New York Court ruled in February 2014 that Sony’s general liability policy would not cover the $2 billion in costs the company had incurred from the huge data breach in 2011 involving the online network for...

With such a lively 2016 ­for infosec – mega-breaches, new malware strains, inventive phishing techniques, and big debates between security and privacy – there’s plenty of reason to pause and consider what the security community should be most concerned about for 2017 and what they can do to prepare. http://www.slideshare.net/Tripwire/tripwire-survey...

Securing critical infrastructure is becoming a priority for the public and private sectors. Cyber professionals everywhere are rejoicing about the increasing investments in protecting the networks and systems that keep us safe at night. The Oval Office has even signaled its intentions to make security a priority. We welcome the new administration’s...

Phishing scams are a persistent threat to users' inboxes. But that's not all they target. Fraudsters have other ways of delivering their ploys to unsuspecting users. One of the more common techniques is known as smishing. It's when a scammer sends a phishing ploy containing a suspicious link via SMS text message to a user's phone. Despite this...

A new proof-of-concept ransomware is capable of targeting the programmable logic controllers (PLCs) that help manage critical infrastructure. Researchers at Georgia Institute of Technology designed a cross-vendor ransomware worm known as LogicLocker to specifically seek out vulnerable PLC computers that are exposed online. At they write in their...

In my ongoing blog series “Hacker Mindset,” I explore an attacker’s assumptions, methods, and theories, including how information security professionals can apply this knowledge to increase cybervigilance on the systems and networks they steward. In this article, I explore the intense debate surrounding encryption and what it means for policy makers...

Ever since the first large-scale ransomware attacks started targeting individual users, companies, and government institutions, we have witnessed that the primary malicious actor is usually a hacker or a hacker collective. More and more victims are now browsing the web looking for a way to get rid of the threat by not paying the ransom sum, a trend...

2016 saw a lot of different types of scams prey on unsuspecting users. Some achieved greater prevalence than others. One of those was the tech support scam, a ruse where a fraudster calls a victim while impersonating a customer support representative from a well-known technology company. They tell the victim their computer is infected with malware...

Arby's Restaurant Group, Inc., has confirmed that a breach affected payment systems at its corporate restaurant locations. Information security investigative journalist Brian Krebs first learned something was up when several banks and credit unions reached out to him inquiring if he had heard of an incident involving Arby's. He subsequently reached...

Modern technology has probably done more than its fair share to ignite illicit relationships, but it can also lead to a romantic affair's unravelling. But if your wife or husband becomes aware of an adulterous entanglement through a buggy app, do you blame yourself for having the affair in the first place, or do you blame the software that couldn't...

A federal grand jury has indicted a former National Security Agency (NSA) contractor for stealing national defense information over the past 20 years. The indictment (PDF) alleges that Harold Thomas Martin, 52, collected a number of government secrets while employed as a private contractor for various government agencies. He began lifting the...

The year of 2017 isn’t shaping up to be a game changer in combatting ransomware so far. On the contrary, crypto infections are becoming increasingly toxic in terms of their impact and attack surface. Online extortionists keep hitting police departments, healthcare organizations, public libraries, schools, hotels, and unprotected servers around the...

A memory-based malware is using PowerShell scripts within the Windows registry and penetration testing tools to evade detection. Security researchers at Kaspersky Lab came across the malware when they discovered code for Meterpreter, a post-exploitation tool of the Metasploit penetration testing software, inside the physical memory of a domain...