In the first part of this series, we have learned about the imminent risks with the IoT / IoE world and that we need to do something about it; introduced the typical C-I-A triple; as well as the concept of “openness.” Now, we continue to add several key points for the secure system design and development concepts: Secure System | Software...

Today’s VERT Alert addresses 11 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-680 on Wednesday, July 13th. Ease of Use (published exploits) to Risk Table Automated Exploit Easy ...

Organized cybercrime is a business just like any other legitimate business; they want to have low-risk and efficient operations in order to maximize their profits. The main caveat for criminals is that pesky problem of getting caught and spending the rest of your life in jail. Data is the currency of the 21st century – historically, cyber criminals...

WordPress (WP) is the most popular and widely used blogging platform. It supports every kind of website, from a simple blog to a full-featured business website. Twenty-six percent of all websites globally use WordPress. As a result of this popularity, hackers and spammers have taken keen interest in breaking the security of WP-operated sites. In this...

An infected Android version of the Pokémon GO app is infecting unsuspecting users with the malicious remote access tool DroidJack. First released in the United States on July 6, Pokémon GO is a mobile game available for Android and iPhone. It leverages Niantic’s Real World Gaming Platform to help players find and catch Pokémon as they explore real...

One thing is clear in information security: defending against digital threats today is more challenging than ever. Part of the problem has to do with an increase in the number of threats. For example, the United States Internal Revenue Service in January 2016 received 1,026 reports of tax-related phishing and malware attacks – a 400 percent increase...

Last month, we covered ransomware in the month of May. Now, we will provide you with a roundup on the state of the ransomware industry as of June 2016. The article contains reports on all the new ransomware samples, the updates made to existing crypto threats, and free decryption solutions created by security enthusiasts.CryptXXX Becomes...

According to a new survey, 80 percent of IT security professionals believe that their organization will be threatened with a DDoS ransom attack in the next 12 months. Conducted by Corero Network Security, the research includes the responses of 100 security professionals at the Infosecurity Europe conference in London earlier this year. Even more...

A security researcher has disclosed two zero-day vulnerabilities in the online service web applications of the German luxury automobile company BMW. The first issue exists in the web application for BMW ConnectedDrive, a suite of services which includes real-time traffic updates, on-board app connectivity, and other functions built into each...

I recently read an article in HealthIT Security that analyzed the breaches reported to the Department of Health and Human Services Office of Civil Rights between January 1, 2016, and June 1, 2016. According to the article: "There have been 114 incidents reported to OCR between Jan. 1, 2016 and June 1, 2016. Of those, 47 (41%) were classified as...

Quick question - are you right or left handed? That's a harmless enough question, but here's the follow-up: do you wear a smartwatch or fitness tracker on that same wrist? If you do, then you may want to rethink whether that was a sensible choice after you've read about some fascinating research done by a group of scientists from Binghamton...

An new exploit kit campaign is targeting websites running on out-of-date versions of the Joomla! and WordPress content management system (CMS). Researchers at Sucuri have been tracking the campaign for the past several weeks. They've codenamed it "Realstatistics" because it injects fake analytics code for "realstatistics[.]info" or "realstatistics[....

Given the recent debate and increased attention on the subject, I’d like to make a couple of points for the (hopefully) greater good of the security community. Currently, most experts envision the Internet of Things (IoT) / Industrial Internet / Machine-to-Machine / Internet of Everything (IoE) as the next big wave that will come and connect...

The Internet as we know it is only possible thanks to cryptography and specifically TLS (formerly known as SSL). Without this crucial technology providing a means for private online communications, e-commerce would quite simply not be a thing, and the Internet would likely be little more than a world-wide party line for sharing bad jokes. Despite...

In the world of information security, port scanning is a vital part. Enterprises, organizations or regular users use port scans to probe systems for open ports and their respective services. If you think of a computer as a hallway of doors, port scanning can be compared with walking through the hallway looking for open doors. Penetration testers...

Researchers have created a decryption tool for MIRCOP ransomware that demands 30,000 USD in ransom from its victims. Trend Micro explains the ransomware is currently being delivered via malicious macros as part of a spam campaign. Users open what appears to be a Thai customs document for importing and exporting goods. But when they click to enable...

As is often the case in cybersecurity, just when you think you are writing or talking about the "issue of the day" (most recently ransomware), some other issue comes up that makes you shake your head and wonder why each of us is working so hard to secure our networks when it appears so easy for attackers to steal important data or money. That is...

The Android malware "Hummer" is now the number one mobile trojan in the world, finds researchers. Threat analysts at Cheetah Mobile Security Research Lab reveal in a blog post the extent to which Hummer malware infections took off in 2016: "During the first half of 2016, the Hummer trojan infected nearly 1.4 million devices daily at its peak. In...

If there’s one thing I’ve come to know about the tech crowd, it’s this: we all want free Wi-Fi connections everywhere we go, and we want them now. Now finding that free Wi-Fi is great, and we’ll look at how to find some anywhere you go, but we’ll also look at staying safe on that free Wi-Fi. There are many risks lurking around public Wi-Fi, and it...

A court has bailed the alleged hacker Lauri Love, 31, and temporarily adjourned his case following a two-day extradition hearing. On Wednesday, District Judge Nina Tempia at Westminster Magistrates' Court in London adjourned the case until a later time when attorneys for the prosecution and defense will make their final arguments regarding Love's...