On June 7-9, information security professionals from all over the world gathered together at Infosecurity Europe 2016, one of The State of Security‘s top 11 conferences in information security. Anyone who’s attended Infosecurity Europe knows how difficult it is to choose which presentations they’d like to see. It’s simply impossible to attend all of...

Attackers leveraged a botnet consisting of thousands of closed-circuit television (CCTV) devices to launch distributed denial-of-service (DDoS) attacks. Daniel Cid, CTO of Sucuri Security, explains that a small jewelry shop recently signed up with his company. At the time, the new customer was experiencing a DDoS attack that had knocked it offline...

I'm pleased to say someone very close to me was recently nabbed by a phish. The phish came into her email looking important and innocuous, so she opened it (and the attachment) and was immediately presented with a message that read, "Your corporate IT security team is conducting phishing training. You just opened what could have been a malicious...

A Filipino man has been charged with running a large-scale identity theft scheme targeting numerous celebrities and other high-profile victims, reported Reuters. Last week, federal prosecutors in the District of New Jersey, charged Peter Locsin, 35, of Talisay City, Philippines, with one count of bank fraud conspiracy and two counts of aggravated...

A hacker who goes by the name "TheDarkOverlord" is selling more than 650,000 patients' healthcare records on the dark web. Motherboard reports that TheDarkOverlord obtained access to three separate databases containing the records by first exploiting an unknown vulnerability in how certain companies implement remote desktop protocol (RDP), which...

Security products are not simple e-commerce websites. They are enterprise software products that enable pivotal business goals for customers. Yet as complexity grows, ease of use and other aspects of user experience (UX) can be overlooked and de-prioritized to make way for more features. But as Haroon Meer of Thinkst was quoted in CSO Online: "It...

Online backup service Carbonite is requiring all users to change their passwords after it observed password reuse attacks targeting their accounts. On Tuesday, the company announced the password reset in a statement posted to its website: "As part of our ongoing security monitoring, we recently became aware of unauthorized attempts to access a...

Earlier in June, I attended the Gartner Security Summit in National Harbor Maryland, where I had a chance speak to many great CISOs and security experts. Together, we shared and learned a lot of information. The conference focused on seven key principles that are integral to building trust and resilience: Business Outcomes Facilitator Detect &...

Researchers have identified an ongoing campaign that has infected over 200 point-of-sale terminals leveraging ‘PunkeyPOS’ – a malware variant first uncovered in April 2015. According to security experts at PandaLabs, the malware sample has been predominantly targeting US businesses – more specifically, restaurants. In a blog post, researchers...

Researchers have called for users to patch and upgrade their vulnerable software as soon as possible after three severe vulnerabilities were found in libarchive, a widely-used open source compression library. The libarchive programming library was originally developed for the FreeBSD project but is now used by software coders around the world to...

Looking back now, it’s all a bit of a blur but what a wild ride it’s been! https://twitter.com/5683Monkey/status/608293161455206400 It was early spring 2015. I was fully immersed in the Cisco Networking Academy program at Red River College. As I spent my days deep in technology running my own small MSP, the future possibilities seemed endless as...

It’s safe to say that cybersecurity is a common issue for all industries. But what is the cybersecurity state of affairs for Industrial Control Systems (ICS), and why should we care? ICS monitor and control industrial and physical infrastructure processes that are crucial for industries like manufacturing, transportation, energy, oil and gas, and...

On a day-to-day basis, we hear about new digital security threats that are growing in frequency and in sophistication. Responding to this ever-increasing number of challenges makes a career in information security challenging. But it's not all bad. Infosec is also profoundly rewarding to the extent that security personnel help protect businesses',...

Researchers have spotted a new crypto-ransomware called "RAA" that is written entirely in the JScript scripting language. Originally detected by security researchers Benkow and JamesWT, RAA is distributed to users as an attached JS file. When a user clicks on the attachment, the file displays what appears to be a corrupted Word document, which allows...

We sold our house and moved to an apartment in January, waiting for our new home to get built. Cleaning up the house for a move is a big chore, and one of my tasks for a weekend before the sale was cleaning up a big pile of post-it notes left in a box. I chanced upon a post-it note with a 1-888 number that was an AT&T teleconferencing line. I had...

Just as having a larger family inevitably results in more children forgotten at swim practice, the bigger your software project, the harder it becomes to find every bug, security vulnerability and logic flaw. In-house enterprise developer teams can become overwhelmed by the number of branches in a project and bugs can go unnoticed until the worst...

Just as every king ascends the throne, so too must they in time forfeit their rule. That fateful day came on Monday for Sanford "Spam King" Wallace, 47, of Las Vegas, who was sentenced to two and a half years in prison as a result of his spamming activities against Facebook users. According to a statement published by the U.S. Attorney's Office in...

Companies have handed over more than three billion dollars to fraudsters as a result of business email compromise (BEC) scams, reports the FBI. In a public service announcement published on Tuesday, the FBI warns companies of a growth of BEC scams, sophisticated ploys where fraudsters attempt to use social engineering techniques such as phishing or...

Our story begins when Xu Jiaqiang, 29, decided to resign from his employer. Xu began working as a developer for a United States company in November 2010. During that time, he enjoyed access to the company's proprietary software, a clustered file system which enhanced computer performance by coordinating tasks across multiple servers. The developer...

Users of popular online forums are being advised to change their passwords following the leak of some 45 million credentials. As LeakedSource reports, millions of user credentials from over 1,100 websites and communities - including techsupportforum.com, autoguide.com, petsguide.com and motorcycle.com - have been exposed after parent company...