Four years after the initial iteration was released, the National Institute of Standards and Technology (NIST) released version 1.1 of the Framework for Improving Critical Infrastructure Cybersecurity. The framework was initially developed to be a voluntary, risk-based framework to improve cybersecurity for critical infrastructure in the United...

A German social media provider received an order to pay a €20,000 fine for a data breach that occurred in the summer of 2018. Knuddels.de (Source: Spiegel Online) On 22 November, the regional data protection watchdog LfDI Baden-Württemberg announced that it had imposed the fine on a local "social...

The term “cyber hygiene” pops up frequently in articles, blogs and discussions about cybersecurity. But what does it really mean? Some say it is an ill-defined set of practices for individuals to follow (or ignore). Others say it is a measure of an organization’s overall commitment to security. Still others – and I am among them – think of “cyber...

San Francisco resident Robert Ross first realised something odd was going on when his iPhone lost its signal on 26th October. But his cellphone signal wasn't all that Ross had lost. Within minutes he had also lost his entire $1 million life savings, including the money he had stashed away for his two daughters' college education. According to media...

I am neither a political scientist nor a historian. However, I am conscious of some certain past events in human history which had political impacts and also influenced the course of history as we know it. Some say such events occurred on the basis of social, political and historical backgrounds and factors, whilst others pointed out to the certain...

Two young men received prison sentences for helping to perpetrate a data breach at the UK telecommunications provider TalkTalk. On 19 November, Judge Anuja Dhir QC at the Old Bailey sentenced Matthew Hanley, 23, to 12 months in prison. She handed down a slightly lighter sentence of eight months in jail to Connor Allsopp, 21. Judge Dhir explained...

A few weeks ago, I had the opportunity to speak at SecTor on a topic that I’ve been interested in bringing attention to for a while, the shifting IoT market. You can view the entire presentation online; however, I was asked if the checklist that I present was available via any other means. The following is the IoT Purchasing Checklist that I...

PHP is probably the single most prevalent server-side scripting language on the web. PHP has been the de facto choice for popular blog platforms like WordPress, Joomla and Drupal, which makes it a very attractive target for a wide range of attackers. It is also a very ideal system for demonstrating the power of American Fuzzy Lop (AFL) to identify...

Fraudsters are targeting UK university students with fake tax refund emails designed to steal their personal and/or banking information. According to BBC News, Her Majesty's Revenue and Customs (HRMC) received reports of scammers targeting thousands of students at educational institutions across the...

Time to dispel with a myth: quantum computing is still just a theory. It’s not. If you don’t believe us, read here. And because it’s past the theoretical stage, commercialization is not far away, even as there is also an open source push for the technology. Over 100 applications can run on quantum computers. and they are being used to simulate...

As noted previously—and as we all know—an organization cannot be secure until the entire workforce is engaged in reducing cyber risks. Each member of the group has the power to harm or to help, since each one has access to information systems, handles sensitive data and makes decisions every day which maintain, erode or strengthen the human “attack...

Malaysia's largest media company allegedly suffered a ransomware attack that affected its ability to use its in-house email system. Anonymous sources told The Edge Financial Daily that ransomware attackers struck Media Prima Berhad, a media giant which operates businesses in television, print, radio,...

Flaws in code lines, file system and data input methods make up the core security vulnerability of any application. This is what we address through secure coding practices. Secure coding guidelines stand out as the last battling army before the enemy line of security risks and threats. Basically, secure coding practices will make developers more...

MageCart, the notorious malware that has been haunting online stores by stealing payment card details from online shoppers at checkout, is reinfecting the same websites time and time again. Dutch security consultant Willem de Groot, who has been tracking MageCart and similar threats since 2015 and has come across over 40,000 compromised stores, says...

Researchers discovered 14 malware families targeting dozens of e-commerce brands just over one week before Black Friday. Kaspersky Lab observed the threats targeting 67 e-commerce brands including 33 consumer apparel sites, eight consumer electronic outlets and three online retail platforms. Banking trojans made up more than half of the malware...

Be organized and efficient. It’s a simple rule of life that makes things run a whole lot smoother. This is something especially important when running your vulnerability management program. There are only so many hours in a day, rather, there are only so many hours in a down cycle where the business will let you scan their environment for...

Today’s VERT Alert addresses Microsoft’s November 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-805 on Wednesday, November 14th. In-The-Wild & Disclosed CVEs CVE-2018-8589 This vulnerability was reported to Microsoft by Kaspersky Labs, who discovered it being exploited by multiple...

In 1998, Congress unanimously passed the Digital Millennium Copyright Act (“DMCA”) to implement two international copyright treaties. Among other provisions, the DMCA addresses the use of technical measures (digital rights management or DRM) that control access to copyrighted works. The new provisions impose fines and criminal penalties for: ...

A data breach involving luxury retailer Nordstrom has potentially exposed the personal information of thousands of its employees. The Seattle-based company said the compromised data included employee names, Social Security numbers, dates of birth, checking account and routing numbers, salaries, and more. According to reports, employees received an...

Last time, I had the opportunity to talk with software tester Claire Reckless. Testing an application’s security and functionality is a vital cybersecurity role that people often don’t think about. This time, I had the honor of speaking with Chrissy Morgan. Chrissy is a protector of the protectors by day and a crazy scientist by night! Kim Crawley:...