Incorporating security activities into the natural workflow of productive tasks makes it easier for people to adopt new technologies and ways of working, but it’s not necessarily enough to guarantee that you’ll be able to solve a particular security-usability issue. The reason for this is that such problems can be categorised as wicked. Rittel and...

Eddie Bauer LLC, which manages the Eddie Bauer clothing line, is just the latest company to issue a notice warning customers of a data breach. On 5 July, 2016, infosec journalist Brian Krebs reached out to Eddie Bauer. Sources had told him about a pattern of fraud with customers who had used their...

Industrial control system (ICS) security is a growing concern for organizations around the world. On the one hand, research suggests that vulnerabilities and exposures are increasingly jeopardizing the security of ICS assets. In their report Overload: Critical Lessons from 15 Years of ICS Vulnerabilities, the FireEye iSIGHT threat intelligence team...

If you speak to most experts in the field, they'll agree on at least one thing: computer security isn't really a technological problem. Although the right software and hardware can help reduce the online threats your company might face, ultimately IT security is a human problem. And humans, as we all know from personal experience, aren't perfect and...

Cisco has confirmed the legitimacy of two exploits found in a data dump of code released by the Shadow Brokers hacker group. On 13 August, the mysterious hacking group announced an auction of files allegedly containing exploit code used by the Equation Group, a sophisticated threat actor which leverages unknown vulnerabilities in multiple vendor...

Nowadays, the word “hacker” carries an overwhelmingly negative connotation, conjuring up images of digital thieves intent on stealing identities and letting disruptive viruses loose into cyberspace. It wasn’t always that way. In fact, computer hackers were originally viewed by society as technology enthusiasts who wanted nothing more than to...

The United States Department of Energy (DOE) has awarded $34 million in funding for projects aimed to protect the U.S. power grid against digital attacks. The 12 projects are still waiting congressional approval. If given the green light, they will proceed across nine states through the Energy Reliability’s Cybersecurity of Energy Delivery Systems ...

An organization's computer network is never fixed. It is constantly changing. To illustrate, as a company continues to grow, it might adopt a different mission that requires the installation of new endpoints onto its network. Additionally, with the detection of new exposures, security teams will need to update all critical devices running the...

The High Court of Ireland has ordered the extradition of a former Silk Road site administrator named "Libertas" to the United States. Back in 2013, U.S. federal authorities put the kibosh on Silk Road, an underground web marketplace accessible only via the Tor anonymity network where members could purchase illegal drugs, fake IDs, and other stolen...

Many employees find information security secondary to their normal day-to-day work, often leaving their organisation vulnerable to cyber attacks, particularly if they are stressed or tired. When users perform tasks that comply with their own mental models (i.e. the way that they view the world and how they expect it to work), the activities present...

Germany has a message for terrorists who use the Internet to carry out their aims: "Your number is up." Thomas de Mazière On 11 August, Germany's federal interior minister Thomas de Mazière announced the creation of Zentrale Stelle für Informationstechnik im Sicherheitsbereich (ZITiS), or "Central...

Maintaining a secure company network can be a daunting task, and that’s putting it lightly. The number of cyber threats out there seem to be multiplying by the day, while the incidents of cyber attacks have become a common headline. Just ask Target or Sony about the damage that can come from infiltration by cyber criminals and hackers. And those...

Gone are the days when the only internet-connected devices we had were our phones and computers. With the passage of time, more and more home appliances and products are being added to the list of devices that are connected to the internet, or the so-called "Internet of Things" (IoT). The list includes but is not limited to smart thermostats,...

This morning, I checked my email and immediately spotted something suspicious in my inbox. I easily identified this email as a phishing attempt. It contained sparse wording, a link to a file, and the implication that it was sent to me from a safe place “securefileshares.com” (sounds trustworthy to me!) that I had never heard of before. I immediately...

It's just a week since Apple announced its first-ever bug bounty for researchers who find vulnerabilities in its widely-used software and hardware, in the hope that it can provide better security and privacy to its millions of customers. The Cupertino-based company made headlines for its belated entry into the bug bounty marketplace, offering up to ...

I was incredibly happy with the initial release of CVSSv3. While it wasn’t perfect, it was a huge improvement over CVSSv2 in that a couple of the weaknesses in v2 were removed. The first of two particularly great changes was the language related to the network attack vector in the specification document:A vulnerability exploitable with network access...

Authorities took Australia's census website offline following four digital attacks, a decision which prevented many Australians from filling out the survey. David Kalisch of the Australian Bureau of Statistics (ABS) explained the website came under attack four times on Tuesday and that authorities took the website down as a precaution after the...

In June this year, Fifth Domain ran a ten-day cyberwar course for 21 participants. The course provided participants with both red-team (offensive) and blue-team (defensive) cyber operations exercises. During the first eight days, participants learned a number of principles, frameworks and technical skills that were then put into practice during the...

To protect against evolving digital threats, more and more organizations are employing endpoint detection and response (EDR) systems on their computer networks. EDR consists of six crucial security controls. The first two, endpoint discovery and software discovery, facilitate the process of inventorying each device that is connected to the network...

Today’s VERT Alert addresses 9 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-684 on Wednesday, August 10th. EASE OF USE (PUBLISHED EXPLOITS) TO RISK TABLE Automated Exploit Easy ...