Recently, I had the pleasure of working with Amrit Chana, a 15-year-old girl from Newlands Girl School in Maidenhead, UK, who completed a week's worth of work experience at Tripwire. Amrit helped with the content of this article, providing input on the areas we believe need to be addressed by every user of a computer system. One of the tasks Amrit...

Truth be told, I have two exercise addictions: yoga and lap swimming. Yoga provides strength and flexibility benefits, while lap swimming gives my cardiovascular system a stellar workout. As with most things in life, you can take lessons learned from one activity and apply them to others – so it is with yoga and cybersecurity. Let’s “dive” in ...

"I don't know if anyone in risk reads the PDF we send them. I mean, even we don't understand some of what we're reporting, so why should they?" "The CFO hates our risk management meetings. They look at these numbers we give them and have no idea if it means we're better or worse." “We have 217 metrics, but those metrics are changing week to week as...

The government of Australian has proposed legislation that would compel technology companies to decrypt users' messages for investigations. If passed, the new laws would function similarly to the United Kingdom's Investigatory Powers Act by requiring companies to cooperate with investigators. That could mean providing access to encrypted messages...

In the early 2010s, nearly half of smartphone owners valued the convenience of mobile shopping more than device security. Most smartphone users are even more attached to their devices today than they were years ago. Nevertheless, mobile security concerns have risen. This disquiet owes at least part of its growth to an increase in the number of...

As new technologies develop, it's worth reminding ourselves that just because we can do something doesn't mean that we should. Often a new technology can bring plenty of new opportunities to do amazing things, but that doesn't mean that it cannot also be ripe for abuse. That's certainly the case with facial recognition technology, where some law...

The University of Iowa Health Care (UIHC) has notified thousands of patients of a data breach that exposed their personal and medical information. On 22 June, UIHC sent out notification letters to 5,300 patients affected by the data breach. The University explains in these letters that it has not found any evidence suggesting bad actors misused...

Email is integrated into nearly every aspect of our lives, everything from business to banking to health and beyond. As such, our email accounts are some of the most precious digital assets we have. Currently, there are 4.9 billion email addresses worldwide. In just two years, there have been 6,789 email data breaches globally, according to Avatier...

A little over a year ago, a long-time colleague of mine, Professor Dirk Schaefer, and I started working on a book project. We set out on a new journey to produce an edited book for Springer International Publishing. Dirk and I have been conducting research together for about a decade, and our work has been mostly concerned with the intersection of...

A hacker took over a dark web hosting provider by exploiting a "major security vulnerability" and thereby accessing a server. On 8 July, an attacker calling themselves "Dhostpwned" set up a shared hosting account on the service offered by Deep Hosting. They used that account to upload two shells on their servers. One was written in PHP, whereas the...

The Phoenix Project was an easy and enjoyable read about Bill Palmer, a manager in the IT department who unexpectedly gets promoted to VP of IT Operations. To succeed in this new role, Bill had to expand his view from just his group to the organization as a whole in order to master the "Three Ways" for how to evolve from a dysfunctional group of...

They say you should never meet your heroes—often they will just disappoint you. But thankfully, there are also exceptions to this rule. In this five-part series, I will be introducing you to five of my key cyber security/infosec heroes. These individuals inspire me to continuously strive for more, with one even motivating me to move across the pond....

Today’s VERT Alert addresses the Microsoft July 2017 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-733 on Wednesday, July 12th. In-The-Wild & Disclosed CVEs CVE-2017-8584 In a Patch Tuesday first, we have a HoloLens code execution vulnerability. This vulnerability impacts Windows 10 and...

A hijacker has hit a radio station with a series of rogue broadcasts containing "The Winker's Song" by comedy band Ivor Biggun. Mansfield 103.2, an independent local radio station in Mansfield, Nottinghamshire, has suffered eight hijacking attacks since June 2017. In each of those offensives, the responsible party is believed to have used a mobile...

The Phoenix Project, A Novel about IT, DevOps, and Helping Your Business Win might seem like a “techies-only” read at first glance, but it’s really a story that all business leaders (yes, even the technology-challenged) should invest in. Bill Palmer plays the hero of this fictional (yet all too realistic) story about a business dangerously close to...

IRS scams and tech support scams are two of the most well-known fraud schemes preying on users today. In the former, bad actors cold-call unsuspecting individuals and tell them they'll go to prison and/or lose their assets unless they call back and agree to pay back taxes owed to the Internal Revenue Service (IRS). The latter leverages a fake...

Hard Rock Hotels & Casinos is, once again, warning customers of a data breach that may have compromised their payment card information. In a press release last week, the popular hotel, resort and casino franchise announced it was recently alerted of a security incident through its third-party hotel reservation system – Sabre Hospitality Solutions...

A fake Facebook message is urging users to not approve a friend request submitted by hacker who goes by the name Jayden K Smith. This hoax has many variants. All versions say the same thing: don't approve Jayden K Smith as friend or they'll hack a user's account, target their Facebook friends, and thereby spread their influence. Craig Charles of...

I’ve been studying the security designs of various embedded devices for the past couple of years. This research has led me to uncover dozens of critical flaws in internet-connected devices ranging from enterprise NAS devices and access points to countless consumer products like wireless routers, home automation controllers, security cameras and more...

A man has admitted that he committed fraud and money laundering as part of a phishing scheme to steal Bitcoins on dark web forums. On 27 June 2017, Michael Richo, 35, of Wallingford, Connecticut pleaded guilty in federal court to one count of access device fraud and one count of money laundering. The former offense carries a maximum sentence of 10...