News Flash: Your DNS might be broken, and you don’t even know it. But wait? How could I not know my DNS is broken? Well, the answer lies in the history of the DNS standards and what has become the cobbling together of features within authoritative and recursive DNS server software. It all started going south about 19 years ago with the introduction...

Researchers have observed a new threat using malicious memes posted on Twitter to receive command-and-control (C&C) instructions. Trend Micro observed that the malicious activity begins after a threat detected as "TROJAN.MSIL.BERBOMTHUM.AA" executes on an infected machine. As of this writing, the Japanese multinational digital security firm had not...

When evaluating enterprise security tools for their effectiveness, it can be challenging to find the right model for best calculating your Return on Security Investment (ROSI). Just a few years ago, the potential cost attributed to a security breach was likely to be primarily related in the assessed financial cost into a business’ reputation, with...

A new phishing attack is using fake non-delivery notifications in an attempt to steal users' Microsoft Office 365 credentials. SANS ISC Handler Xavier Mertens discovered the attack while reviewing data captured by his honeypots. The attack begins when a user receives a fake non-delivery notification from Microsoft such as the one shown below: ...

As a business owner, you’re no stranger to the myriad moving parts that keep the day-to-day business going. In all the bustle, it can be easy to overlook important tasks such as creating a privacy policy because you’re unsure where to start or which elements to include. Earlier this year, the EU’s GDPR—the General Data Protection Regulation—went...

Utilities can be a pricey monthly expense for many households and businesses, with the average cost for households in America coming in at over $420 every month. Getting on top of utility usage, especially electricity—which typically constitutes the largest part of that monthly expense—can help save money, but it can also help conserve resources and...

Scammers tricked Save the Children Federation, a well-known U.S. charity, into sending them approximately one million dollars. As reported by The Boston Globe, digital attackers compromised the email account of a Save the Children Federation employee sometime in 2017. They then abused that access to...

Holiday shopping is in full force – 'tis the season to be shopping, some would say. Unfortunately, during seasonal times such as Thanksgiving, Christmas and New Year’s Eve, while we are preparing to spend time with family and friends, we must be vigilant when shopping and doing holiday business online. Malicious cyber actors know that e-commerce...

Not everyone is a fan of it, but it's hard to argue convincingly that facial recognition isn't going to play a role in the future of technology. The newest Apple iPhones and Android smartphones have built-in facial recognition features that can unlock your device, but you would be wrong to think that the reliability and accuracy of the features is...

Recently, I had the privilege to be part of a four-person discussion panel at a security event in London where the topic was about incident response. The panel was hosted by another security professional, and over 50 professionals from the industry were present in the audience. I've worked in information security for 15 years, and I've played a part...

'Tis the season to be shopping, as some might say. Holiday seasons are very good for retail businesses, with increased traffic in both online and brick-and-mortar stores. Unfortunately, business is good for cybercriminals during these busing shopping times, too – and, as a result, retailers need to ensure that their physical and cyber resources are...

Italian oil and gas industry contractor Saipem has announced that it identified a digital attack against some of its servers. On 10 December, Saipem published a statement on its website in which it revealed the attack and said it was in the process of collecting information to determine the impact on...

Today’s VERT Alert addresses Microsoft’s December 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-809 on Wednesday, December 12th. In-The-Wild & Disclosed CVEs CVE-2018-8611 Microsoft is reporting that this Windows kernel privilege escalation vulnerability is seeing active...

A bug connected to a Google+ API potentially exposed the profile information belonging to 52.5 million users of Google's social network. According to David Thacker, VP of Product Management for G Suite, a software update in November introduced the weakness. This bug enabled apps that requested...

Digging through my cupboards recently, I came across my old collection of 3½ floppy disks. It’s been quite some time since I’ve had a need to plug in my trusty USB floppy drive, so upon making this great archaeology discovery, I was left simply to ponder about their content and whether I’d really intended to break the write protect notch to prevent...

Cybersecurity is a manpower constrained market – therefore, the opportunities for artificial intelligence (AI) automation are vast. Frequently, AI is used to make certain defensive aspects of cyber security more wide-reaching and effective. Combating spam and detecting malware are prime examples. On the opposite side, there are many incentives to...

I’m a red teamer. I do work similar to pentesting and use many of the same tools. This year, I’ve added several tools to my toolbox. I’ll introduce them to you below and hope you find them valuable, as well. DoubleTap (by @4lex) I <heart> password spraying attacks where you guess a few common...

Technology, IT and engineering are male-dominated industries. However, multiple companies and organizations are aiming to introduce more diversity by providing the education and training women need to enter these fields. Scholarships and grants can open doors typically closed to many women, especially with the rising costs of BA, Masters and Ph.D....

On Thursday 6th December, 2018, I realized how dependent I was on my mobile phone having an internet connection. That particular day, I was out and about away from Wi-Fi networks. The first time I noticed I had no connectivity was when I used my phone to check if my train was on time. As I got close to London, I realized I was not the only person who...

Digital attackers used new malware called "Linux Rabbit" and "Rabbot" to install cryptominers on targeted devices and servers. In August 2018, researchers at Anomali Labs came across a campaign where Linux Rabbit targeted Linux servers located in Russia, South Korea, the United Kingdom and the United States. The malware began by using Tor hidden...