Imagine we’re sitting at a Starbucks on a Friday afternoon. The coffee shop is pretty busy and full of aspiring hipsters sipping soy lattes and typing away at their MacBooks while loudly listening to Miles Davis. Suppose we really dislike Miles Davis for some reason, and we really want to turn that music off. We could connect to the open WiFi...

Last week, luxury retailer Neiman Marcus Group (NMG) notified some customers attackers had gained unauthorized access to their online accounts. According to the company, the incident dates back to on or around December 26, 2015, when intruders attempted various login and password combinations using automated attacks in an effort to access customers’...

Hit by ransomware and have no backup? Most of the time, regretfully, you have no chances to recover the encrypted data beyond paying the ransom to the extortionists. The crypto algorithms employed in these attacks cannot be cracked, and the private decryption key is kept on servers inaccessible to the victims. But let’s be positive. Quite a few...

An American man has received five years of probation for co-creating the BlackShades remote access trojan (RAT). On Friday, Michael Hogue, 25, of Arizona, who went by the name "xVisceral" online, received his sentence from U.S. District Judge Keven Castel in Manhattan after pleading guilty back in 2013 to distributing the malware and conspiring to...

There are several websites available that offer temporary and disposable email addresses, which have become quite popular among Internet users today, as they provide a quick alternative to anyone who wishes for their email address to remain private when sending and receiving emails. Temporary and Disposable Email/SMS - What you Need to Know Some...

Tripwire studied confidence vs. knowledge of financial services IT security pros on seven key security controls necessary to detect a data breach. For many controls IT pros believed they had the information necessary to detect a breach quickly but provided contradictory information about the specific data. ...

HSBC, one of the world’s largest banks, was targeted by distributed denial-of-service attacks (DDoS), causing its personal banking website and mobile services in the UK to shut down. According to reports, the attacks began Friday morning, which prevented customers from accessing online banking...

On Thursday, an activist posted online a data dump of private files belonging to the United States' largest police union. The Guardian reports that the Fraternal Order of Police (FOP), a union which represents 333,000 law American enforcement personnel, has contacted the Federal Bureau of Investigations and requested that it investigate how 2.5GB of...

It has been a busy couple of months for the web's most notorious exploit kits (EKs). Back in September, researchers detected a ransomware attack that leveraged outdated content management systems (CMS) in order to redirect user traffic to malicious domains infected with the Neutrino exploit kit and Teslacrypt ransomware. Another ransomware attack...

This is the conclusion to a three-part series of building a successful vulnerability management program. The first installment focused on Stage One, the vulnerability scanning progress. Without a foundation of people and process, the remaining stages are prone to failure. The second installment focused on Stage Two and Three, using a vulnerability...

For twenty years people have been running Java in their browsers. And for much of that time, malicious hackers have been exploiting vulnerabilities in the plugin to infect computers. Although the number of outbreaks caused by zero-day vulnerabilities found in the Java plugin has reduced in recent years, many users have found it hard to muster move...

Today, the modern IT environment has evolved beyond personal computers to include servers, workstations and point-of-sale (PoS) terminals. This complexity is forcing admins and security personnel everywhere to rethink how to protect all of their new endpoints. Eric Ogren, Senior Security Analyst at 451 Research, in particular sees that a new era in...

Critical infrastructure is under attack with disastrous implications that could alter our environment, such as disrupting service or even threatening public safety. The Ukraine attack resulting in six hours of loss of power for more than 80,000 customers is a recent reminder. According to an October 2015 report in CyberWarNews, “every bit of U.S....

In January, I discussed how scammers commonly use money-based schemes, bot spam, pay-per-follower ploys, illegitimate direct messages (DMs), and worms to harass Twitter users. These malicious actors are in it for the money and/or for unauthorized access. They do not care where or how they need to compromise someone in order to obtain what they want,...

The nationwide fast-food chain Wendy’s is reportedly investigating claims of a potential credit card breach at some of its restaurant locations. According to independent security journalist Brian Krebs, multiple sources in the banking industry found a pattern of fraud on payment cards that had all...

Centene Corporation has begun the process of notifying 950,000 members who may have been affected by a possible data breach. On Monday, the multi-line healthcare enterprise announced that it was launching a search for six hard drives that are currently unaccounted for among its information technology assets: "Centene takes the privacy and security...

We left 2015 talking about exponential increases in ransomware attempts on a quarter over quarter basis. No surprise that we begin 2016 talking ransomware and its many variants, as this threat vector has been a financial bonanza for cyber criminals and cyber attackers having extorted tens of millions of dollars over the past 18 months from victims....

In the 21st century, we can expect information technology to play a major role in international espionage and conflict. We hear constant news reports of data theft. Accusations made by world powers of online tampering or detrimental hacking are a common occurrence. Many of these accusations go unfounded, but they prove that the internet is...

There’s an old principle in tabletop RPG (Role Playing Games) circles that goes something like this: If you find yourself in the company of a halfling and an ill-tempered dragon, remember that you do not have to outrun the dragon; you simply have to outrun the halfling. In the context of security and specifically password creation, this principle...

It’s not much of a stretch these days to say that technology is becoming essential to our daily lives. We trust so much to our technology, from our bank accounts and financial statements to sensitive medical records and even (potentially) embarrassing personal information. We have complex interactions with non-human entities in which we share...