The FBI can draw on upwards of 411 million photos as part of a facial recognition system to identify potential criminal suspects. The Government Accountability Office (GAO) explains in a report (PDF) that a facial recognition service, which is known as the Next Generation Identification-Interstate Photo System (NGI-IPS), became fully operational in...

In today’s world, where technology is becoming an ever greater part of our everyday lives, it appears we aren’t quite keeping up with it. Believe it or not, we still tend to underestimate the importance of cyber security, as a recent survey by Soha System’s Third Party Advisory Group has shown. According to the survey, less than two percent of IT...

In May 2016, security researchers discovered millions of user accounts from social networking sites like LinkedIn, MySpace and Tumblr for sale on the dark web. The victims' personal data came from multiple data breaches that are believed to have taken place between 2011 and 2013. Together, the breaches exposed over 642 million passwords. This could...

Hackers associated with the Russian government infiltrated the Democratic National Convention's computer network and stole opposition research on Republican presidential nominee Donald Trump. The DNC said no financial, donor, or personal information was compromised in the breach, reports The Washington Post. Instead the intrusion appears to be a...

Today’s VERT Alert addresses 16 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-675 on Wednesday, June 15th. Ease of Use (published exploits) to Risk Table Automated Exploit Easy ...

On Thursday, June 23, the United Kingdom will hold a referendum that will decide whether Britain will remain a member of the European Union. In the lead-up to this important vote, many are wondering how Britain's exit, or "Brexit," would affect the United Kingdom's national information security posture. Some are worried, for instance, that if...

Back in 2011, Facebook launched its bug bounty program in an effort to provide recognition and compensation to security researchers for practicing responsible disclosure. The program is not bound by a maximum bounty reward. Instead, it awards monetary rewards based on the severity of each disclosed vulnerability, with $500 USD serving as the minimum...

German engineering company Siemens has patched two vulnerabilities affecting some of its SIMATIC controllers. The first vulnerability (CVE-2016-3949) is a denial-of-service (DoS) bug that affects SIMATIC S7-300 CPU, a product which is used by companies worldwide to manage process control in various industrial environments including Chemical, Energy,...

This year’s Infosecurity Europe conference had so many great places to be and things to do that it was often hard to choose how best to spend one's limited time and harder still for many to identify a single highlight. For myself personally, however, it had to be the opportunity to hear one of my favourite writers for many years speaking on the...

PCI-DSS v3.2 will be in full-force this October. At that time, service providers will be required to complete penetration tests by an external third party twice a year. The term “service provider” leaves significant room for interpretation. Discuss PCI-DSS v3.2 with your QSA to determine how changes may impact your organization. Whether to be PCI...

A hacker has put up a dataset containing the personal details and driver's license information of 290,000 U.S. citizens for sale on the dark web. Softpedia reports that the hacker, who goes by the name "NSA," stole the information after breaching several organizations based in Louisiana. Once inside of the organizations' networks, NSA exfiltrated...

In a previous article, we discussed building a deeper understanding of distributed denial-of-service (DDoS) attacks, what they do, who’s behind them, and what they all come down to. To follow, here’s how to prepare your website for DDoS attack. According to the results of a study conducted by Kaspersky Lab and B2B International, a DDoS attack can...

Tattoos are a complex form of art in modern society. First of all, they are expressive. People can incorporate certain words and symbols into a tattoo so that its design communicates something personal about their lives. In that sense, tattoos are also free speech, a legal right which is protected under the U.S. Constitution. The fact that people...

2015 was a bad year for data security—it started and ended with a series of high-profile cybersecurity attacks. No industry was spared, from health-care disasters (think of the CareFirst BlueCross BlueShield breach in May 2015) to financial organizations, from higher-education entities and federal markets to even the security industry itself (with...

Global financial services firm Morgan Stanley has agreed to pay a $1 million penalty for failure to safeguard customer data, the U.S. Securities and Exchange Commission (SEC) said on Wednesday. According to a statement by the SEC, the Wall Street bank violated a federal regulation – known as the “Safeguards Rule” – by failing to adopt federally...

uTorrent is urging all forum users to change their passwords after an attacker gained access to one of its forum databases through its software vendor. Torrent client uTorrent was acquired by BitTorrent Inc. back in 2006. Its developer team operates an IP.Board forum where users can contact one another as well as read announcements. That forum runs...

Organizations are constantly looking to obtain a "big picture" view of information security so that they can better protect themselves against digital threats. To answer that call, a variety of companies regularly publish security trend reports in which they analyze how threats in the digital space are evolving. Some reports target specific kinds of...

The Retail Cyber Intelligence Sharing Center (R-CISC) hosted its inaugural summit this April – an event which brought together more than 200 information security leaders from some of the region’s largest retail and consumer services organizations. Throughout the two-day event in the “Windy City,” industry experts shared insights, advice and lessons...

A Canadian university has paid a ransom fee of $20,000 CDN following a ransomware attack against its computer systems. Linda Dalgetty, Vice-President of Finance and Services at the University of Calgary, announced the ransom payment on Tuesday in a statement posted to the school's website: "As part of efforts to maintain all options to address...

Think of a classic item in your life. Perhaps it is a song that defines your generation. Or maybe it is a life event that holds special meaning for you. We all have them. They are part of what makes life wonderful. Why do classics matter in a security blog? With the recent revelation that the LinkedIn breach was far worse than originally reported,...