Back in June, Robert Hansen posted an interesting write-up[1] on his Smartphone Exec blog about outsourced web development that was returned with multiple embedded PHP backdoors. While this betrayal of trust by a freelance web developer shouldn’t have been surprising, it was, and it prompted Tripwire’s Vulnerability and Exposure Research Team (VERT)...

Japanese authorities arrested a 14-year-old teen on Monday for allegedly creating and spreading ransomware. According to reports, the third-year junior high school student is suspected of combining free encryption programs to create the malicious software. The teenager admitted to creating the malware on Jan. 6 and uploading it to a foreign website,...

With the British election this June, cryptography on the internet is a hot topic. This past March, British Home Secretary Amber Rudd criticized WhatsApp's implementation of encryption in the wake of a terrorist attack: "It is completely unacceptable. There should be no place for terrorists to hide. We need to make sure that organisations like...

May 2017 shaped up to be the busiest ransomware month to date. The bare statistics speak for themselves: a total of 79 new strains came out and 38 existing ones received updates. Extortion-based cybercrime is obviously more prolific and ubiquitous than ever. Last month, the world confronted the unprecedented WannaCry ransomware epidemic employing...

Two Bitcoin mining companies have received orders to each pay a $10 million penalty for conducting a Ponzi scheme orchestrated by their principal. On 2 June 2017, the U.S. District Court for the District of Connecticut issued its judgment against two Connecticut-based companies, GAW Miners, LLC and ZenMiner, LLC, that cooperated with their principal...

“Cyber talent crunch challenges CIOs,” says one headline. “Businesses vulnerable due to talent shortage,” screams another. Intel even published a report revealing, among other things, that 82% of IT professionals confirm there is a shortfall in information security talent. And yet, at every information security conference I attend, I find no...

When a layperson imagines someone who works in cybersecurity, or any area of tech, they probably picture a man. But I'm a female information security professional, and I've had a great time speaking to other women in my industry. Last time, I spoke to Sarah Aoun, who educates journalists and political activists on how to keep their data secure. This...

One of the most exciting aspects of working in technology is change, and security, in particular, requires an agile mind. People who are capable of rapidly acquiring knowledge and developing new skills – the proverbial 'quick studies' – fare best in this landscape. So, what's the best way to learn and grow? Successful on-the-job learning is highly...

In recent posts, The State of Security has interviewed teachers who are helping to bring cyber security education to Canada's schools. We would be remiss, however, if we didn't recognize others' efforts to bring these types of training programs online and to institutions located elsewhere around the world. To cover this broader trend, we'll now...

In the first part of this article, we discussed the popularity, average number and ratio of attacks on web applications. Let's now focus on some examples and sources. Examples of Attacks An example of detecting a Path Traversal attack The attacker intended to go to the root directory of the server and access the /etc/passwd file, which contains a...

Kmart is informing customers that their credit card details may have been stolen after learning of a security breach involving its payment processing systems. Sears Holdings, Kmart’s parent company, confirmed the incident on Wednesday, but did not disclose any information regarding the number of stores affected or when the incident occurred. The...

Identity and access management software vendor OneLogin has suffered a security incident that reportedly compromised customer data. On 31 May, the provider of identity-driven security solutions revealed that an unauthorized party had gained access to OneLogin data in the U.S. region. Alvaro Hoyos, chief information security officer at OneLogin,...

A group of hackers have leaked personal data and photos that belong to patients of a cosmetic surgery clinic based in Lithuania. On 30 May, the bad actors published online some 25,000 private photos, including nude images, from patients of the Grozio Chirurgija clinic. They also included personal information in their dump. Those details ranged from...

A law firm lost more than £100,000 to a business email compromise (BEC) scam around the same time that a serial fraudster received a prison sentence. The law firm in question helped orchestrate the sale of property owned by three individuals, who asked to receive their share of the sales money separately. On the date of sale, two of the entities...

Many businesses live in fear of having their systems hacked. After all, who wants their customers' data to spill out onto the internet or have their confidential plans and intellectual property stolen by online criminals? But more and more organizations like Google, Facebook, and Amazon are actually welcoming attempts to test their security in the...

Hundreds of millions of Americans rely on community water systems for their daily supply of water. But these public services aren't guaranteed. On the one hand, the United States' water infrastructure is in desperate need of an overhaul. In 2012, the American Water Works Association (AWWA) said it would cost over one trillion dollars over the next...

Women are doing very important work in the cybersecurity field, and I've really been enjoying talking to some of the brightest and most interesting minds in my field. In my last interview, I spoke to Kelly Shortridge. She went from a career in high finance to a security-related product manager role for BAE. This time, I get to talk to Sarah Aoun....

With the summer holiday and festival season getting into full swing, you’ll want to stay connected to convenient travel and social media apps more than ever. But it’s important to be hyper-aware that cyber thieves are on the prowl for your personal, financial and location information. When traveling, like many of us will be doing this Memorial Day,...

News of the Google Docs phishing scam is not the first time that shared cloud-based resources have hit the headlines for all the wrong reasons. Many popular collaboration and IT management tools, such as Teamviewer and Slack, have had their time in the spotlight for compromises and breaches. The truth is these systems unwittingly provide an easy...

It's imperative that organizations protect their industrial control systems (ICS) against intentional and accidental security threats. As I discussed in a previous article, that effort begins with understanding the potential threats confronting their network. Organizations can then leverage that information to create a digital security strategy, or...