Grammarly has fixed a vulnerability that exposes users' documents created and saved within the platform's Editor interface. Tavis Ormandy, a Google computer security researcher who discovered a memory disclosure bug in CloudFlare’s reverse-proxy systems in February 2017, wrote up a security advisory about the Grammarly flaw on 2 February. In it, the...

Some of the most common phrases that come out of information security professional mouths include: “Well, that did not work” and “The project fell apart, and I don't know what I could have done better.” The pain of not knowing what security best practices your team can/should implement can cost the company time and money. It could also end up...

A UK court of appeals has ruled that Lauri Love will not be extradited to the United States to face trial for his alleged hacking crimes. Lauri Love. (Source: Wikimedia) The lord chief justice, Lord Burnett of Maldon, and Mr. Justice Ouseley handed down their judgment at the Royal Courts of Justice...

We live in a world where connectivity is key. It’s brought conveniences to our personal lives, and organizations are adopting it into the industrial world to boost productivity. Industrial control systems (ICS), which manage utilities like water, gas, and electricity, are one such example of this ongoing trend. Organizations are putting ICS systems...

The WannaCry and NotPetya outbreaks were by far among the most significant digital attack campaigns that took place in 2017. Together, the crypto-ransomware and wiper malware affected hundreds of thousands of computers all over the world. They achieved this reach by abusing EternalBlue. Allegedly developed by the U.S. National Security Agency (NSA)...

Scammers are impersonating the FBI's Internet Crime Complaint Center (IC3) in order to infect users with malware and/or steal their personally identifiable information (PII). On 1 February, the real IC3 issued a public service announcement warning users of three scams that are impersonating the multi-agency task force. Here's the FBI on the first...

BULLETIN CVE Browser - Edge CVE-2018-0803,CVE-2018-0766 Scripting Engine CVE-2018-0780,CVE-2018-0800,CVE-2018-0767,CVE-2018-0781,CVE-2018-0769,CVE-2018-0768,CVE-2018-0778,CVE-2018-0777,CVE-2018-0758,CVE-2018-0773,CVE-2018-0770,CVE-2018-0776,CVE-2018-0774,CVE-2018-0775,CVE-2018-0772,CVE-2018...

Why go to all the bother of writing ransomware that demands victims pay a Bitcoin ransom? If all you want is cryptocurrency, why not use the infected computers to mine the crypto coins themselves? That way you don't have to rely on a human victim buying some Bitcoin, and nervously making their way onto the dark web to make their ransom payment....

Thursday is "Change Your Password Day," a national observance of password security and best practices. Passwords are often the first line of defense protecting users from criminals with the malicious intent of invading systems and stealing data, a threat which emphasizes the importance for people to use strong and diverse passwords. Unfortunately,...

The European Union's General Data Protection Regulation (GDPR) goes into effect this May, and lawmakers in the U.S. are proposing stricter data breach legislation. With the pressure on to better protect data and improve notification procedures in the event of a data breach, Tripwire surveyed 406 cybersecurity professionals to see how prepared...

Security breaches are becoming more common. They occur most often in the United States (followed by the UK), exposing businesses and their customers to significant risks. Most recently, in December 2017, Kromtech uncovered a breach at Ai.Type with 577GB of data stolen. It's possible the incident exposed the information of 31 million customers. And...

Australian law enforcement officers have arrested a man for allegedly hacking the company database of a car-sharing service. On 30 January, investigators of Strike Force Artsy, a division of the State Crime Command’s Cybercrime Squad, executed a search warrant at a home in Penrose. Officers arrested a 37-year-old man and charged him with two counts...

The second half of 2017 was busy in terms of digital security events. In September, consumer reporting agency Equifax announced a breach that potentially compromised the Social Security Numbers and other personal information of 143 million U.S. consumers. Less than two months later, organizations in Russia and Ukraine suffered infections at the...

A recent article in the New York Times postulated America may choose to respond to a devastating cyberattack with a nuclear response. In November of 2017, a widely viewed social media video entitled Slaughterbots suggested “swarms of AI-controlled drones [could] carry out strikes on thousands of unprepared victims with targeted precision.” Both of...

Cisco has patched a remote code execution (RCE) vulnerability bearing a "perfect" CVSS score of 10.0 that affects its Adaptive Security Appliance (ASA) software. On 29 January, the American multinational technology conglomerate publicly recognized the security issue (CVE-2018-0101) and revealed that it affects the ASA software found in the following...

Data breaches are common in the news lately, but a recent study by credential monitoring firm VeriClouds focuses specifically on the credentials of Fortune 500 employees found in account leaks posted online. Using a corpus of 8 billion stolen credentials gathered over three years, the total number of employees of each Fortune 500 company was...

Users of a fitness tracking app have inadvertently exposed the locations of military bases by publicly sharing their jogging/cycling routes. Many service people who use Strava, an app which allows them to record their exercise activity using GPS plotting, are sharing their data publicly. Their movements have ended up in Strava Labs' Global Heatmap...

There are many managerial and operational tasks required to successfully grow a startup business. One of the biggest mistakes startup businesses make is neglecting to safeguard their data from cyber threats. Some studies show that 200,000 new malware samples were discovered each day in 2016. Unfortunately, analysts expect this number to increase as...

Cloud computing is not a new name anymore, and its adoption is growing consistently across various industries. Public cloud is a disruptive technology, irresistible to the Financial Services Industry (FSI) due to its tremendous benefits, including agility, elasticity, time to market and on-demand provisioning, to name a few. However, there are...

A single Monero cryptocurrency mining operation has used malware delivery techniques to affect at least 15 million people worldwide. The campaign, which has been active since at least October 2017, delivers its payload using one of 250 unique Microsoft Preinstallation Environment (PE) files like "File4org]_421064.exe" and "[Dropmefiles]_420549.exe."...