2015 was a bad year for data security—it started and ended with a series of high-profile cybersecurity attacks. No industry was spared, from health-care disasters (think of the CareFirst BlueCross BlueShield breach in May 2015) to financial organizations, from higher-education entities and federal markets to even the security industry itself (with...

Global financial services firm Morgan Stanley has agreed to pay a $1 million penalty for failure to safeguard customer data, the U.S. Securities and Exchange Commission (SEC) said on Wednesday. According to a statement by the SEC, the Wall Street bank violated a federal regulation – known as the “Safeguards Rule” – by failing to adopt federally...

uTorrent is urging all forum users to change their passwords after an attacker gained access to one of its forum databases through its software vendor. Torrent client uTorrent was acquired by BitTorrent Inc. back in 2006. Its developer team operates an IP.Board forum where users can contact one another as well as read announcements. That forum runs...

Organizations are constantly looking to obtain a "big picture" view of information security so that they can better protect themselves against digital threats. To answer that call, a variety of companies regularly publish security trend reports in which they analyze how threats in the digital space are evolving. Some reports target specific kinds of...

The Retail Cyber Intelligence Sharing Center (R-CISC) hosted its inaugural summit this April – an event which brought together more than 200 information security leaders from some of the region’s largest retail and consumer services organizations. Throughout the two-day event in the “Windy City,” industry experts shared insights, advice and lessons...

A Canadian university has paid a ransom fee of $20,000 CDN following a ransomware attack against its computer systems. Linda Dalgetty, Vice-President of Finance and Services at the University of Calgary, announced the ransom payment on Tuesday in a statement posted to the school's website: "As part of efforts to maintain all options to address...

Think of a classic item in your life. Perhaps it is a song that defines your generation. Or maybe it is a life event that holds special meaning for you. We all have them. They are part of what makes life wonderful. Why do classics matter in a security blog? With the recent revelation that the LinkedIn breach was far worse than originally reported,...

In May, ransomware was in full bloom. Over sixteen new ransom Trojans surfaced, plus one Ransomware-as-a-Service (RaaS) and plenty of updates to existing ransomware. The good news is that at least six new decryptors were released. The database of ransom infections has been extended, with a novel specimen that targets websites rather than computers...

There were three critical digital canaries in the cyber security coal mine in the past seven days, all of which signal a rising tide of threats for every sector outside of banking and finance. The first of the three critical reports came out on Wednesday, with the Anti-Phishing Reporting Group noting a record-breaking 250% increase in phishing...

When playing chess, you need to consider not only your next three to five moves but also the next several moves of your opponent. In our case, the security of an organization's data and infrastructure is open to an abundance of moves by hackers and malicious insiders. Regardless of which defensive pieces you have in place – knights, bishops, pawns...

The FBI’s Internet Crime Complaint Center (IC3) has issued an alert, warning users of a spike in reported extortion email attempts connected to recent high-profile data breaches. According to the advisory, targeted individuals are told that their personal information—such as their name, phone number, address, credit card information, and other...

In the last day or two, there have been a spate of posts by TeamViewer users claiming that their computers have been hijacked by malicious hackers, their PayPal and other banking accounts emptied, their webmail accessed, and malicious software installed. And the victims seem to believe the attacks are linked to their use of TeamViewer. ...

Now that you know how to plan for, select and deploy an endpoint detection and response (EDR) solution, there are just a few things you need to remember about EDR going forward. These are as follows: 1. Discovery and Inventory of Endpoints Are Key To effectively secure your organization's endpoints, you need to understand the contextual details of...

When you travel internationally for business, you’re likely headed to a country that utilizes drastically different cybersecurity laws. In the U.S., you can expect a reasonable amount of privacy for your data and devices. Even with the uproar about the National Security Agency (NSA) and security violations in recent years, Americans still enjoy a...

I was there when the bubble burst in ’99. If you are too young to know the reference to the bubble of 1999, or if you are so old that you have forgotten it, 1999 was the year that the "internet bubble" burst. What was it that caused this bursting effect? The internet wasn’t the problem. The internet is still here. The problem was driven by the...

Information security is a lot like chess. On the macro level, the security field is divided between the black hats and the white hats, just as a chessboard is split between black and white pieces. Those groups compete against one another using a combination of offensive and defensive tactics. Ultimately, each "match" is different than the next. Some...

Suppose you get a call from a college classmate with the following pitch: "David, I want to give you the opportunity of a lifetime. We started up our business last year called 'Super Duper Application.' We tested it, and we put it on the Apple App Store. It has done resoundingly well since then. We now have thousands of customers who love the...

A man who was busted in the takedown of the hacking forum Darkode has received jail time for his online criminal activities. U.S. District Judge Dee D. Drell sentenced Rory Stephen Guidry, 29, also known as "[email protected]," of Opelousas, Louisiana, to 12 months and one day in prison for using a computer to steal money, hack computers in an attempt to...

I think we are all familiar with the popular axiom, “It’s not IF you get compromised, it’s WHEN you get compromised.” I’m also pretty sure we all know that IT security is no longer viewed purely as an operational concern but as a significant contributor to business risk. As a result of this, IT security is quickly moving up the ladder on the...

The Anti-Phishing Working Group (APWG) says it observed a record-breaking 250 percent surge in phishing attacks between October 2015 and March 2016. According to its latest report, the number of unique phishing websites detected in Q1 totaled 289,371, with more than 123,000 of those sites being discovered in March 2016 alone. APWG says the findings...