A company is offering to pay 1.5 million USD to anyone who submits a remote jailbreak for Apple's iOS 10. On Tuesday, the exploit broker Zerodium made the announcement on Twitter: https://twitter.com/Zerodium/status/781516292901789696 Zerodium is well known for offering bug bounty rewards whose value dwarfs those offered by Apple, Google, and other...

Everyone hates scams. That's because everyone's a target. As we all know, social media websites like Facebook, Twitter and LinkedIn are rife with fraudsters. Most of those scammers just want a few hundred dollars or access to their target's account. But some want more. Some try to steal their victim's identity, while others attempt to exploit a...

A Syrian national affiliated with the notorious Syrian Electronic Army hacking group has pleaded guilty in a US court to charges of conspiring to hack into computers and extort money. 37-year-old Peter Romar, who was extradited to the United States from his home in Waltershausen, Germany, appears to have played an important role in the operations of...

In my last blog post, I discussed the five levels of preparedness for cybercrime and remarked on the sad fact that the majority of enterprises are at the reactive or compliant levels. I also discussed that reacting to cybercrime is driven by attempting to deliver security, which is predominantly built upon an over-reliance on prevention capabilities...

As the cyber security threats continue to evolve and expand upon both consumers and companies, we observe a shift from the traditional Trojans and Worms to more complex malware that can truly devastate a system. The contemporary viruses execute their payloads in stages and can dynamically affect different parts of the target system. The biggest...

A new report released by Europol's European Cybercrime Center (EC3) warns of the eight main cybercrime trends that investigators have seen impact a growing number of citizens and businesses this year. The 2016 Internet Organised Crime Threat Assessment (IOCTA) found that the volume, scope and...

In a previous blog post, ICS: Next Frontier For Cyber Attacks blog, I spoke about the cybersecurity posture of industrial control systems (ICS) and the enormous implications for such attacks. For industrial organizations, it means downtime and lost business. For individuals, it means potential safety issues and lost services. For society, it means...

Do you remember the .Zepto Ransomware? Of course, you do. Well, you can more or less put it in the rear-view mirror. However, there is very little in the way of actual reasons for celebration. A new threat is on the rise! It’s been tentatively called .Odin File Virus. It changes your files’ extensions to match the name of the one-eyed god from the...

Microsoft has announced the release of Project Springfield, a fuzzing tool which helps customers find security bugs in software before the hackers do. According to the Redmond-based company, the service is designed to help developers find security vulnerabilities proactively. As a result, they don't need to undertake the costly effort of releasing a...

A hacker will serve out 20 years in prison for providing the Islamic State of Iraq and Levant (ISIL) with data pertaining to members of the U.S. military. Ardit Ferizi (Source: McClatchyDC) On 22 September, U.S. District Judge Leonie M. Brinkema handed down the sentence to Ardit Ferizi, aka...

Cybersecurity has become a board level discussion, and worries about cybersecurity breaches are part of what keeps C-suite execs and BOD members up at night. So much so that many organizations have started to adopt the mentality that they’ve likely been breached already and they just don’t know it yet. It’s what’s known as the “assume breach”...

On April 7, 2014, the world first learned about the Heartbleed vulnerability. A small flaw in OpenSSL's implementation of the TLS/DTLS (transport layer security protocols) heartbeat extension (RFC6520), Heartbleed enables an attacker to unravel the encryption measures in systems protected by vulnerable OpenSSL software, which some at the time...

Yahoo says a state-sponsored actor stole the account information for at least 500 million of its users in a breach that occurred back in late-2014. On 22 September, Yahoo CISO Bob Lord confirmed that the hack might have compromised several pieces of its users' account information: "We have confirmed that a copy of certain user account information...

On June 7, 2016, the Angler exploit kit all of a sudden disappeared. It's unclear exactly what led to Angler's demise, but all reports indicate the exploit kit shut down after Russian authorities arrested 50 members of a hacker group that developed Lurk malware along with Angler. So, what did the exploit kit world do in response? It did what it always...

Technology analysts are divided on the notion of a "smart" city. On the one hand, proponents note that by creating "smart" systems to run public transportation, waste removal, traffic control, and the water system, cities can improve the efficiency of their municipal services. Such enhanced productivity would help urban centers better accommodate...

Dropbox relies on a defense in depth strategy consisting of multiple layers of hashing and encryption to protect its users' passwords. Devdatta Akhawe, a security engineer at the file storage service, says Dropbox went to all this trouble to prevent attackers not only from directly compromising members' plaintext passwords but also from accessing...

Money makes the world go around, and SWIFT - the worldwide inter-bank communication network - is the system that allows banks to send money to each other. So when online criminals find a way to exploit SWIFT, they can transfer huge amounts of money to bank accounts under their control. As we have...

Many people don’t understand how fraudulent charges range from as little as $7.19 from some odd electronics store to $655.38 at some store in Russia while you reside in North America. We tend to think that this may have happened because we used our cards to pay for parking at random locations or for public transportation. As it is easier and quicker...

James Bond always orders his martini prepared a special way: “Shaken, not stirred.” Being a teetotaler, I have always wondered what would happen if Bond – James Bond – was served a stirred martini. Would he be able to tell? Many of the more notable drink masters in the infosec community could probably educate me about the subtle differences between...

According to new data, the education sector now ranks as the most-targeted industry by ransomware attacks. In a recent report, security firm BitSight analyzed the growing ransomware threat across nearly 20,000 companies over the last 12 months. Researchers found that organizations in education had the highest rate of ransomware – with at least one...