Gift cards have caused quite a headache for retailers in the last month, exposing another way that fraudulent activity can eat into razor-thin profit margins. Gift card fraud can range from physical theft to cloning to exploiting programming errors on the merchant side. The methods of attack are very similar to what is seen with credit card fraud,...

In the beginning, there were stack buffer overflows everywhere. Overflowing data on the stack made for a quick and easy way to subvert a program to run code provided by an attacker. Initially, this meant simply overwriting the saved return address on the stack with the location of shellcode typically on the stack and perhaps prefaced by a NOP sled,...

Most of us in the cybersecurity industry are familiar with a recent “tweet heard around the world.” Yes, I’m referring to the infamous tweet that caused Chris Roberts to be removed from a United Airlines flight. This incident has undoubtedly generated much criticism aimed at both Roberts and the airline industry. I am not writing this article to...

A security researcher has demonstrated a method of attack that allows malicious actors to steal laptop encryption keys using a gadget small enough to fit inside some pita bread. Developed by Daniel Genkin and his colleagues at Tel Aviv University, the attack makes use of radio signals given off by laptops when their CPUs are busy crunching data. ...

The issue of cybersecurity has finally gained the attention of top company decision-makers in light of the ongoing large-scale breaches that continue to jeopardize company assets and customers’ privacy. However, as executives and board members become more aware of the impact of cyber attacks on the business, is awareness enough to allow them to...

Windows Server 2003 (WS2003) is one of the most widely used server platforms in Microsoft’s history, with 27.8 million licenses sold worldwide between 2003 and 2013, and a conservative estimate of nearly 8 million licenses still in active use. When Microsoft ends support for this popular operating...

eBay has patched three vulnerabilities found in its Magento shopping platform that could have allowed for hijacking sessions and man-in-the-middle (MitM) attacks. Hadji Samir, a penetration tester with Vulnerability Labs, released technical descriptions of a persistent input validation web vulnerabiility, a cross-site scripting (XSS) hole, and a...

The type of coverage a vulnerability receives on social media often correlates to that threat’s level of risk, reveals a recent report. This is just one of the findings of the 2015 State of Vulnerability Risk Management, a study issued earlier this month by NopSec Labs, a data science and research company that specializes in analyzing malware,...

The Telegraph recently published an article profiling six hacker “tribes”: secret agents, voyeurs, hacktivists, white hats, glory hunters, and cyber thieves. The article made some broad assumptions about cybercriminals that were not well-received by industry experts. As cybersecurity becomes a part of our daily lives, how can we talk about it...

There is good news today for many of the 600 million Samsung Galaxy users who have been put at risk by a security flaw in the pre-installed SwiftKey keyboard. Samsung is preparing a fix which will be rolled out as a security update. The problem was that Samsung Galaxy S phones, including the S4 Mini, S4, S5, and S6, failed to properly validate...

I am pleased to present Part 2 of my recent interview with Graham Cluley, an award-winning security blogger on grahamcluley.com DB: How do you feel the security industry has changed since you first started in the 1990s? GC: The industry has grown up enormously. Originally, it was just a cottage industry made up of little – often one-person – companies...

A website used by Microsoft to challenge the U.S. federal government's policies on matters of privacy and surveillance has allegedly been hacked. According to ZDNet, Digital Constitution appears to have been modified at 9:15 pm EDT on Wednesday, with casino-related text -- including keywords used to garner greater search engine hits, such as "casino...

This week, I had the pleasure of sitting down with Graham Cluley, an award-winning security blogger on grahamcluley.com, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon’s. Graham has given talks about computer security...

Several of Canada’s federal government websites were momentarily taken down Wednesday afternoon after reportedly being hit by a massive cyber attack. Canada's Treasury Board President Tony Clement later took to Twitter his confirmation that the government servers had experienced denial of service attacks, affecting Canada.ca, sencanada.ca, CSIS, and...

Security researchers have discovered a flaw in the way mobile apps store data online, which is jeopardizing users' sensitive information, including passwords, door codes, and location data. According to Reuters, a team of German researchers studied as many as ten thousand mobile applications, which included social networking, medical, and banking...

The mammoth rise in cybercrime has made organizations revise their application security strategy and implement new techniques to safeguard their software. This is largely because traditional security methodologies, such as Manual Testing and Web Application Firewalls (WAF), have been rendered irrelevant due to evolving hacking techniques. Unlike old...

The St. Louis Cardinals are facing an FBI investigation after team officials allegedly hacked into the computer systems of its rival – the Houston Astros. According to a report by The New York Times, the compromised internal network contained information of player personnel, including trade...

I have a love/hate affair with the term ‘Social Engineer.’ To me, this is the most professional and committed ‘job’ I have ever had. It has required training and endless education, and it has changed my life in nearly every aspect. But for some, the term is used for when a free warranty deal is obtained or a loved one is tricked into exposing a...

On Monday, online password manager LastPass announced it discovered “suspicious activity” on its network, leading to the compromise of users' email addresses, password reminders, server per user salts, and authentication hashes. The popular program alerted users in a blog post, stating that it had...

What more can be done about passwords? We tell users to choose unique, complicated passwords that contain a gallimaufry of bizarre characters - and they tell us they're impossible to remember, especially when they need to remember different passwords for the many different websites out there. We tell computer users to get help with remembering their...