Resources

Blog

Report: Vulnerability Risk Correlates to Exposure on Social Media

The type of coverage a vulnerability receives on social media often correlates to that threat’s level of risk, reveals a recent report. This is just one of the findings of the 2015 State of Vulnerability Risk Management, a study issued earlier this month by NopSec Labs, a data science and research company that specializes in analyzing malware,...
Blog

Security Slice: Fighting Security Stereotypes

The Telegraph recently published an article profiling six hacker “tribes”: secret agents, voyeurs, hacktivists, white hats, glory hunters, and cyber thieves. The article made some broad assumptions about cybercriminals that were not well-received by industry experts. As cybersecurity becomes a part of our daily lives, how can we talk about it...
Blog

Samsung announces fix for major Galaxy keyboard security flaw

There is good news today for many of the 600 million Samsung Galaxy users who have been put at risk by a security flaw in the pre-installed SwiftKey keyboard. Samsung is preparing a fix which will be rolled out as a security update. The problem was that Samsung Galaxy S phones, including the S4 Mini, S4, S5, and S6, failed to properly validate...
Blog

Infosec Influencers: An Interview with Graham Cluley – Part 2

I am pleased to present Part 2 of my recent interview with Graham Cluley, an award-winning security blogger on grahamcluley.com DB: How do you feel the security industry has changed since you first started in the 1990s? GC: The industry has grown up enormously. Originally, it was just a cottage industry made up of little – often one-person –...
Blog

Microsoft's Anti-Surveillance Website Allegedly Hacked

A website used by Microsoft to challenge the U.S. federal government's policies on matters of privacy and surveillance has allegedly been hacked. According to ZDNet, Digital Constitution appears to have been modified at 9:15 pm EDT on Wednesday, with casino-related text -- including keywords used to garner greater search engine hits, such as "casino...
Blog

Infosec Influencers: An Interview with Graham Cluley – Part 1

This week, I had the pleasure of sitting down with Graham Cluley, an award-winning security blogger on grahamcluley.com, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon’s. Graham has given talks about computer security...
Blog

Mobile App Data Flaw Places Users' Information at Risk

Security researchers have discovered a flaw in the way mobile apps store data online, which is jeopardizing users' sensitive information, including passwords, door codes, and location data. According to Reuters, a team of German researchers studied as many as ten thousand mobile applications, which included social networking, medical, and banking...
Blog

7 Development AppSec Tricks to Keep the Hackers Away – Part 1

The mammoth rise in cybercrime has made organizations revise their application security strategy and implement new techniques to safeguard their software. This is largely because traditional security methodologies, such as Manual Testing and Web Application Firewalls (WAF), have been rendered irrelevant due to evolving hacking techniques. Unlike old...
Blog

Taking a Look at the Real British Social Engineers

I have a love/hate affair with the term ‘Social Engineer.’ To me, this is the most professional and committed ‘job’ I have ever had. It has required training and endless education, and it has changed my life in nearly every aspect. But for some, the term is used for when a free warranty deal is obtained or a loved one is tricked into exposing a...
Blog

Could Emoji Passcodes be Safer for Online Bank Users?

What more can be done about passwords? We tell users to choose unique, complicated passwords that contain a gallimaufry of bizarre characters - and they tell us they're impossible to remember, especially when they need to remember different passwords for the many different websites out there. We tell computer users to get help with remembering their...
Blog

Belgium's Privacy Commission Sues Facebook

Belgian's national privacy watchdog is suing Facebook for allegedly breaching both Belgian and European privacy laws for the way that it tracks the behavior of both members and non-members. According to EUobserver, this is the first time a European privacy commission has sued Facebook for its non-compliance with regards to privacy laws. Earlier this...
Blog

DD4BC Group Targets Companies with Ransom-Driven DDoS Attacks

According to the 2015 Information Security Breaches Survey, a PwC study that I recently analyzed in an article for The State of Security, the number of denial of service (DoS) attacks has either dropped or remained stagnant for most UK corporations over the past year. Apparently, this decline has not stopped certain malicious actors from getting...
Blog

Germany Drops Merkel NSA Phone Tapping Probe

Germany has dropped an investigative probe into the alleged tapping of Angela Merkel's cellphone by the National Security Agency (NSA). According to BBC News, the office of federal prosecutor Harold Range said that not enough evidence had been obtained to justify legal action. Germany's decision to drop the probe marks the end of an incident that...
Blog

Data Location and Risk Haunt IT Pros' Dreams, Reveals Study

Today’s evolving online threat landscape is challenging enterprises to make changes that will enhance their security. The threat of a data breach, for instance, is leading many organizations to invest in measures that will help protect their data. Even so, what intelligence is guiding these decisions remains uncertain. It is therefore an opportune...
Blog

UK Surveillance Powers Need 'Clean Slate,' Says Reviewer

An independent reviewer in the United Kingdom has called for a new "comprehensive" law to help define security services' online surveillance powers. According to BBC News, David Anderson QC, an independent reviewer of terrorism legislation, stated that a "clean slate" is needed in the approach to surveillance powers used by security services to...
Blog

Why It’s Not Too Soon to Learn From The OPM Hack

Speculation is rife. The OPM hack will become a fascinating story if we ever actually learn the details – how exactly did attackers penetrate and exfiltrate millions of federal employee records? What weaknesses did they exploit, and how did they escalate access? More to the point, what protections could have or should have prevented the penetration...