Joomla arrived on the scene in 2005 as a fork of the Mambo content management system (CMS). Downloaded over 91 million times, it has since eclipsed Mambo to become a ubiquitous platform for websites of all sizes. According to last year's Hacked Website Report from Sucuri, which used insights from over 36,000 compromised sites, Joomla is the second...

In my last interview, I spoke with Jen Fox. She’s a Senior Security Consultant who specializes in compliance. This time, I had the pleasure of speaking with Valerie Thomas. She has a lot of expertise in both penetration testing and industrial cybersecurity. Kim Crawley: Please tell me about your cybersecurity role and how you got there. Valerie...

Romania has extradited two of its citizens to the United States for a phishing scheme they allegedly used to rob Americans of over $18 million. Byung J. “BJay” Pak (Source: U.S. Department of Justice) On 4 May, the U.S. Attorney's Office for the Northern District of Georgia announced the extradition...

Software development has changed significantly in recent years. This transformation is, in part, a response to challenges resulting from the traditional waterfall software development model. Under the old process, a software company receives a deadline for creating a product that's ready to roll out to customers. The firm activates its team of...

Twitter is asking its more than 330 million users to change their passwords after it discovered a bug within one of its internal logs. On 3 May, CTO Parag Agrawal announced the discovery of a weakness that had undermined Twitter's secure storage of users' passwords. He explained that Twitter uses the bcrypt cryptographic hashing algorithm to convert...

Websites running vulnerable versions of the Drupal content management system are being targeted by the latest incarnation of the Kitty malware family. Security researchers at Incapsula report that Kitty is attempting to hijack servers using the highly critical Drupalgeddon 2.0 remote code execution exploit (CVE-2018-7600), which was made public at...

Phishers are using scam emails that leverage the European Union's General Data Protection Regulation (GDPR) as a theme in an attempt to steal users' information, a security firm found. Researchers at managed threat detection solutions provider RedScan came across one such phishing message that appeared to originate from Airbnb. The scam email, which...

The FBI's 10 most-wanted black-hat hackers countdown continues this week with No. 7 and No. 6: the co-conspirators Bjorn Daniel Sundin and Shaileshkumar “Sam” P. Jain. On 26 May 2010, the U.S. District Court of Northern Illinois indicted Sundin, Jain and a third suspect for one count of conspiracy to commit computer fraud, one count of computer...

If there is one thing that executives and managers never want to disrupt it would be productivity. As most managers know, productivity is the ability to make use of resources while producing profitable goods and services. Put another way that means, are you producing enough profitable outputs given your resource inputs? The measure of productivity...

A 20-year-old man has pleaded guilty to targeting more than a thousand members of streaming video platform Twitch with an army of spambots. On 1 May, Brandan Lukas Apple confessed to a charge of "mischief in relation to computer data" before a Port Coquitlam provincial court judge. The court responded by handing down a four-month conditional...

In a previous article, I noted that organizations are witnessing a surge in integrity-based attacks targeting their networks. Enterprises can defend themselves against these types of threats by turning to the National Institute of Standards and Technology (NIST) Cybersecurity Framework. They can then pair the risk-based approach with NIST SP 800-53...

A school district located in Massachusetts paid attackers $10,000 after they infected its computer network with crypto-ransomware. Officials at Leominster Public Schools decided to meet the demand after the district suffered a ransomware attack on 14 April. It's unclear what types of files the...

Last time, I got to speak with Leanne Williams. As a pen testing professional, she knows there’s a lot more to penetration testing than pointing a network vulnerability scanner at an IP address. This time I had the pleasure of chatting with Jen Fox. She’s all about cybersecurity in the very challenging compliance space. Kim Crawley: Tell me a bit...

A lending website ceased all operations over concerns with the European Union's General Data Protection Regulation (GDPR). Chris Beach, the founder of Streetlend.com, decided to shut down the service after five years of operation due to uncertainty and risk created by the GDPR. He explained in a message posted to the site that the penalties...

Organizations face a number of security challenges when migrating to the cloud from on-premise data centers. Their work isn't done once they've completed the move, either. At that stage, enterprises must decide on the best approach to fulfill their end of the Shared Responsibility Model and ensure "security in the cloud" with respect to protecting...

Cyber security is a field both deep and broad with a large number of complicated facets. As no one can be an expert in all things, it can sometimes be difficult even for experienced security professionals to know where vulnerabilities are in the system. That’s where risk assessments come in; they can help you identify problems that need to be...

The government of Canada has unveiled new regulations that specify how organizations must report and respond to a data breach. The Canadian Parliament in Ottawa, Canada. (Source: Wikipedia) On 18 April, the Governor General of Canada released the Breach of Security Safeguards Regulations (SOR/2018-64...

In 2017, an independent security researcher discovered that a vulnerability had been exploited in the Kennesaw State University Election Center. The researcher responsibly reported the breach to authorities. In response, the Georgia Attorney General’s office requested that a bill be drafted to criminalize any unauthorized access to any computer or...

What's happened? Security researchers at F-Secure have discovered a flaw that could allow millions of hotel rooms around the world to be accessed by unauthorised parties, without leaving a trace. A design flaw in the widely-used Vision by VingCard electronic lock software could have been exploited by intelligence agencies, thieves, and other...

Last week, I had the pleasure of talking to Tripwire’s own marketing specialist, Cindy Valladares. Marketing fits a valuable and overlooked need in the cybersecurity field. Cindy’s creative talent for bringing out the best in people helps Tripwire shine in this industry. This time, I got to chat with pen testing whiz Leanne Williams. Enjoy! Kim...