With the summer holiday and festival season getting into full swing, you’ll want to stay connected to convenient travel and social media apps more than ever. But it’s important to be hyper-aware that cyber thieves are on the prowl for your personal, financial and location information. When traveling, like many of us will be doing this Memorial Day,...

News of the Google Docs phishing scam is not the first time that shared cloud-based resources have hit the headlines for all the wrong reasons. Many popular collaboration and IT management tools, such as Teamviewer and Slack, have had their time in the spotlight for compromises and breaches. The truth is these systems unwittingly provide an easy...

It's imperative that organizations protect their industrial control systems (ICS) against intentional and accidental security threats. As I discussed in a previous article, that effort begins with understanding the potential threats confronting their network. Organizations can then leverage that information to create a digital security strategy, or...

Five hospitals in the Australian state of Queensland have suffered IT outages after a botched attempt to patch their systems against ransomware. On 25 May, Queensland Health Minister Cameron Dick provided some details to The Courier-Mail about the failures: "Over the course of that weekend as part of protecting our systems from cyber-attack, a...

Tripwire Enterprise can gather any number of different kinds of information from a monitored system, such as file and folder changes, registry changes, policy changes, etc. However, cast the net too wide and you can potentially end up with more information coming in than you can react to. This will lead to important changes (the signal) being lost...

InfoSecurity Europe is one of the largest and most respected security events held in Europe. Every year, tens of thousands of students, professionals and experts in information security flock to London's Olympia for this free conference. In 2014, 11,500 visitors from over 70 countries registered for InfoSecurity Europe. The number of attendees...

An updated variant of Jaff ransomware boasts a more professional design and now encrypts victims' data with the WLU extension. On 23 May, Internet Storm Center (ISC) handler Brad Duncan collected 20 malspam emails that all used a fake invoice theme and a spoofed email address. The emails also came with a PDF attachment containing an embedded Word...

Public web applications are an attractive target for hackers. Attacks on web applications open up wide opportunities, including access to internal resources of the company, sensitive information, disruption of the application, and circumvention of business logic. Virtually any attack can bring financial benefits to the attacker and losses, both...

Understandably, a few eyebrows raise up when I suggest today’s cybersecurity challenges started nearly 370 years ago, some 300 years before the invention of ENIAC (the world’s first digital computer). But I stand by this observation because of the unintended clash of two systems: the nation-state and the Internet. Many of the institutions, social...

The Russian Interior Ministry has announced the arrest of 20 individuals who helped develop and perpetrate a mobile malware campaign known as "Cron." On 22 May, Russian Interior Ministry representative Rina Wolf disclosed a joint effort with Russian IT security firm Group-IB designed to bring down the malware group. The collaboration culminated in a...

Cybersecurity isn't just for guys! It's crucial to highlight the important work that women and non-males are doing in the information security field. Previously I spoke with Thais, a Brazillian woman in Germany who's doing some intriguing malware research. This time, I've had the honor of speaking to Kelly Shortridge. She went from high finance to...

According to the Oxford Dictionary, net neutrality is "the principle that internet service providers should enable access to all content and applications regardless of the source, and without favoring or blocking particular products or websites." Simply put, net neutrality ensures that service providers don't give preferential treatment to websites...

A hacker compromised more than 600,000 users' accounts when they stole a database operated by the font sharing site DaFont. In early May 2017, the currently unnamed hacker stole a site database containing 699,464 usernames, email addresses, and hashed passwords after hearing of other attacks launched against it. As they told ZDNet in an interview: ...

The summer of 2016 was a tumultuous ride for those of us in the security community. Less than a year ago, nobody had ever heard of The Shadow Brokers or Anna-Senpai but the same month (August 2016), these two – as yet unidentified persons or groups – made it clear that we are in the midst of a massive paradigm shift regarding threats to our society....

According to a recent survey, about 1 in 10 PC users (9.8 percent) in the US ran unpatched Windows operating systems in the first quarter of 2017 – up from 6.8 percent the previous year. The findings come from Flexera Software’s latest Personal Software Inspector Country Report, which aims to highlight the state of security among PC users in the US...

A new variant of Loki Bot is capable of stealing credentials from over 100 software tools assuming they are installed on an infected machine. The malware's updated form leverages social engineering techniques to trick a user into running it. Specifically, it masquerades as a PDF sample that Dropbox couldn't successfully open. A user who clicks on...

Restaurant search website Zomato has announced that it has suffered a major security breach, resulting in the theft of a user database containing 17 million users' names, email addresses and passwords. The news comes as it is reported that a hacker calling themselves "nclay" is claiming to offer the database for sale on the dark web. ...

Social engineering is the exploitation of human error to deceive end users. Ransomware is a type of malware (malicious software) often used in social engineering attacks. When attacked with ransomware, businesses are literally held for ransom while being denied the ability to carry out their usual business operations. The UK Government has recently...

This post was updated on May 17, 2017, at 12:20 PM PDT. Over the past few days, there has been a lot of buzz around the WannaCry ransomware campaign. For those in the trenches dealing with how to address wave after wave of attacks, it's not as simple as the unhelpful motto of "patch your systems." Most medium and enterprise businesses cannot trust...

The past few months have accelerated the struggle between cybercriminals and those that defend against them. It seems that once again we are back on the defensive—as fast as law enforcement can arrest the bad guys, more and increasingly vicious cyber-attacks are unleashed. It’s been ugly, heartbreaking, and in some cases demoralizing. Even though...