Researchers have found a new Android spyware program that's using command and control (C&C) servers previously ran by Hacking Team. Team Red Naga came into contact with the spyware after someone contacted them about "advanced malware" that had infected one of their co-workers. Early on in their analysis, Team Red Naga didn't find anything...

Facebook founder Mark Zuckerberg has had extraordinary success at building a social network that has attracted over a billion users. But that's not to say that he's had such luck in every other area of IT. Take securing his online accounts from attack, for instance. To misquote Oscar Wilde's "The Importance of being Earnest": "To lose control of...

This is a more technology-based continuation of KGW Portland's story that it published discussing what 86 convicted burglars looked for in target selection. My aim is to add aspects of both Social Engineering and Open Source Intelligence (OSINT) into this to attempt to help raise awareness. The purpose behind the anonymous questionnaire, which was...

Women are vital to the information security field, but there are relatively few of us. Speaking to women in our industry gleams insights about how we've ended up in that male dominated field and perhaps how to attract more of us. I first interviewed Tiberius Hefflin, a Scottish security analyst who's working in the United States. Then I spoke to...

Adobe Systems has been ordered to pay a fine of $1 million as a result of a data breach that exposed the personal information of millions of users back in 2013. According to reports, the fine will be payable to 15 U.S. states that investigated the computer software company over the breach. “Under a multistate agreement today, Adobe will pay $1...

A new ransomware called "CryptoLuck" is infecting victims via a legitimate, code-signed program from Google known as "GoogleUpdate.exe." Security researcher Kafeine spotted the RIG-E (Empire) exploit kit distributing CryptoLuck via malvertising. It's not the first time they've detected an exploit kit campaign distributing ransomware. In this...

Preparing for challenges associated with any technology central to your workflow is an important part of a comprehensive security and risk management strategy for organizations concerned with the integrity of their system. Inevitably, regardless of the steps you take to prevent problems associated with things like viruses, hardware failures, data...

2016 will forever be remembered for all the "mega-breaches" that exposed users' personal information. Most of those larger-than-life security incidents dated back several years, with some breaches having made a larger splash in the security community than others. LinkedIn and Tumblr certainly stood out. But all other events paled in comparison to...

WhatsApp has announced its plans to make a new two-step verification (2SV) feature available to all of its more than one billion active monthly users. 2SV is an optional security mechanism that adds another step (not factor) to a web service's login process beyond entering in a username and password. As a result, the feature helps to protect users'...

Recently, I had the personal thrill of directly seeing the influence I've had on my friends and family's cybersecurity knowledge and perspectives. I have long been “tech support” for my family and friends. In late 2013, when data breaches started making national news, I also became the “cyber security tech support” go-to person. Four different...

What has happened? The AdultFriendFinder website appears to have been hacked, exposing the personal information of hundreds of millions of user accounts. What is AdultFriendFinder? I don't want to be indelicate, so I'll just tell you it's strapline: "Hookup, Find Sex or Meet Someone Hot Now". Oh! So like Ashley Madison? Yes, very much so. And we all...

The United States military has announced it will be launching its inaugural bug bounty program called "Hack the Army" in November 2016. Outgoing secretary of the Army Eric Fanning made the announcement in a press conference. He said the program will help the Army keep up with the latest digital threats. As quoted by WIRED: "We’re not agile enough...

Today's industrial control systems (ICS) face an array of digital threats. Two in particular stand out. On the one hand, digital attackers are increasingly targeting and succeeding in gaining unauthorized access to industrial organizations. Some actors use malware, while others resort to spear-phishing (or whaling) and other social engineering...

At least five of Russia's largest banks were hit with prolonged distributed denial of service (DDoS) attacks earlier this week. Beginning on Tuesday afternoon, the attacks continued intermittently for two days, targeting the online services of Sberbank, Alfabank and several other financial...

Casino Rama Resort says hackers stole information pertaining to its customers, employees, and vendors in a digital attack. On 4 November, the casino based in Rama, Ontario first learned of a security incident that affected one of its networks. Its internal teams began working with digital security experts to figure out what happened. Following their...

Security has always been the matter of heated debates between staunch adherents and implacable adversaries of both Android and iOS. With the advent of Google’s new phone, Pixel, the heat hasn’t subsided. On the contrary, it rose to a whole new level. Right now, Pixel is under close scrutiny of active web surfers and online security gurus as per...

At some point in our lives, we have all experienced a time when we had something break, quit working, or at the very least not work the way we expected. After exhausting our personal skills in trying to figure out how to fix the problem, we end up calling the repairman – the expert that will help us get back on track. In the IT Ops and IT Security...

Business email compromise (BEC) scammers are now focusing on building rapport with victims to increase their chances of success. Just as a little background, a BEC scam begins with an actor launching spear-phishing or whaling attacks against a senior, C-level executive. If the attack proves successful, the actor spends some time researching how the...

Women in information security, being a minority, deserve a spotlight. Previously, I've interviewed Tiberius Hefflin, a Scottish security analyst who is currently working in the United States, and Tracy Maleeff, a woman who went from library sciences to infosec, who's now a host of the PVCSec podcast, and who runs her own infosec business. Recent...

In February of 2015, researchers at Kaspersky Lab disclosed the existence of a sophisticated cyber-attack group that's been in operation since early 2001, and targeted almost every industry and foreign countries with its zero-day malware. Kaspersky called this threat actor the Equation Group because of its love for encryption algorithms and the...