Twitter is asking its more than 330 million users to change their passwords after it discovered a bug within one of its internal logs. On 3 May, CTO Parag Agrawal announced the discovery of a weakness that had undermined Twitter's secure storage of users' passwords. He explained that Twitter uses the bcrypt cryptographic hashing algorithm to convert...

Websites running vulnerable versions of the Drupal content management system are being targeted by the latest incarnation of the Kitty malware family. Security researchers at Incapsula report that Kitty is attempting to hijack servers using the highly critical Drupalgeddon 2.0 remote code execution exploit (CVE-2018-7600), which was made public at...

Phishers are using scam emails that leverage the European Union's General Data Protection Regulation (GDPR) as a theme in an attempt to steal users' information, a security firm found. Researchers at managed threat detection solutions provider RedScan came across one such phishing message that appeared to originate from Airbnb. The scam email, which...

The FBI's 10 most-wanted black-hat hackers countdown continues this week with No. 7 and No. 6: the co-conspirators Bjorn Daniel Sundin and Shaileshkumar “Sam” P. Jain. On 26 May 2010, the U.S. District Court of Northern Illinois indicted Sundin, Jain and a third suspect for one count of conspiracy to commit computer fraud, one count of computer...

If there is one thing that executives and managers never want to disrupt it would be productivity. As most managers know, productivity is the ability to make use of resources while producing profitable goods and services. Put another way that means, are you producing enough profitable outputs given your resource inputs? The measure of productivity...

A 20-year-old man has pleaded guilty to targeting more than a thousand members of streaming video platform Twitch with an army of spambots. On 1 May, Brandan Lukas Apple confessed to a charge of "mischief in relation to computer data" before a Port Coquitlam provincial court judge. The court responded by handing down a four-month conditional...

In a previous article, I noted that organizations are witnessing a surge in integrity-based attacks targeting their networks. Enterprises can defend themselves against these types of threats by turning to the National Institute of Standards and Technology (NIST) Cybersecurity Framework. They can then pair the risk-based approach with NIST SP 800-53...

A school district located in Massachusetts paid attackers $10,000 after they infected its computer network with crypto-ransomware. Officials at Leominster Public Schools decided to meet the demand after the district suffered a ransomware attack on 14 April. It's unclear what types of files the...

Last time, I got to speak with Leanne Williams. As a pen testing professional, she knows there’s a lot more to penetration testing than pointing a network vulnerability scanner at an IP address. This time I had the pleasure of chatting with Jen Fox. She’s all about cybersecurity in the very challenging compliance space. Kim Crawley: Tell me a bit...

A lending website ceased all operations over concerns with the European Union's General Data Protection Regulation (GDPR). Chris Beach, the founder of Streetlend.com, decided to shut down the service after five years of operation due to uncertainty and risk created by the GDPR. He explained in a message posted to the site that the penalties...

Organizations face a number of security challenges when migrating to the cloud from on-premise data centers. Their work isn't done once they've completed the move, either. At that stage, enterprises must decide on the best approach to fulfill their end of the Shared Responsibility Model and ensure "security in the cloud" with respect to protecting...

Cyber security is a field both deep and broad with a large number of complicated facets. As no one can be an expert in all things, it can sometimes be difficult even for experienced security professionals to know where vulnerabilities are in the system. That’s where risk assessments come in; they can help you identify problems that need to be...

The government of Canada has unveiled new regulations that specify how organizations must report and respond to a data breach. The Canadian Parliament in Ottawa, Canada. (Source: Wikipedia) On 18 April, the Governor General of Canada released the Breach of Security Safeguards Regulations (SOR/2018-64...

In 2017, an independent security researcher discovered that a vulnerability had been exploited in the Kennesaw State University Election Center. The researcher responsibly reported the breach to authorities. In response, the Georgia Attorney General’s office requested that a bill be drafted to criminalize any unauthorized access to any computer or...

What's happened? Security researchers at F-Secure have discovered a flaw that could allow millions of hotel rooms around the world to be accessed by unauthorised parties, without leaving a trace. A design flaw in the widely-used Vision by VingCard electronic lock software could have been exploited by intelligence agencies, thieves, and other...

Last week, I had the pleasure of talking to Tripwire’s own marketing specialist, Cindy Valladares. Marketing fits a valuable and overlooked need in the cybersecurity field. Cindy’s creative talent for bringing out the best in people helps Tripwire shine in this industry. This time, I got to chat with pen testing whiz Leanne Williams. Enjoy! Kim...

Medical devices can be vulnerable to security breaches in the same way as any other networked computing device. This may potentially affect its safety and effectiveness. The FDA (Food and Drug Administration) has issued final guidelines for manufacturers to consider cybersecurity risks as part of their medical device design and development. Its...

A privacy breach at a school district in New Jersey exposed portions of 1,200 employees' Social Security Numbers. The breach occurred at Irvington Public Schools on 16 April when an "unknown source" sent out an email to an undetermined number of recipients. The email contained the names of current...

Most organizations have already adopted or are moving towards adopting a DevOps model into their work culture for improved productivity and workflow. In simple terms, DevOps is an application delivery methodology that encourages collaboration and communication between the developers and operations teams across all phases of the Software Development...

Blockchain and other emerging distributed ledger technologies offer the promise of increased security, transparency and resilience based on the use of distributed, immutable records. At the same time, the European Union General Data Protection Regulation (GDPR), which takes effect May 25, 2018, governs the use and protection of personal data...