Fraudsters contacted two Canadian banks claiming they stole tens of thousands of customers' personal and account information. Simplii Financial, the direct banking brand for the Canadian Imperial Bank of Commerce (CIBC), disclosed on 28 May that fraudsters had contacted CIBC a day earlier and claimed...

Last time, I had the honor of speaking with Veronica of DFIRLABS. She’s a self-described cyborg who got into cybersecurity early and has a passion for reverse engineering code. This time, I got to speak with Anna Westelius. Not only is she a web security specialist; she also has experience with Linux driver development. What do Anna and I have in...

I had the opportunity to attend the Knowledge18 conference this past week, and from the registration to closing, I’ve never been to a show that's had so much energy. Knowledge18 staff would start the morning with a DJ playing music and with the staff energetically greeting attendees/sponsors while moving to the music. The Tripwire booth also had...

At least half a million routers and storage devices in dozens of countries around the world have been infected by a sophisticated botnet, in preparation for an alleged planned cyber attack on Ukraine. The botnet, which has been given the rather unglamorous name of VPNFilter, is believed to be likely to be controlled by a state-sponsored hacking...

Mozilla announced the rollout of two-step verification (2SV) as an optional security feature for all Firefox user accounts. The engineers at Mozilla Foundation designed the feature without support for SMS-based codes. They likely did so for the same reasons as Twitter when it moved away from this form of verification in December 2017. Criminals...

If breaches to electronic health record systems continue at their current pace, each and every American can expect their private medical data to be compromised at least once by 2024. Once adversaries obtain a patient’s health information (PHI), they can sell it to the highest bidder—leaving targets vulnerable to all manner of fraud and theft....

Regular readers of The State of Security should now have a general understanding of why organizations need security for their containers. But they still might be a bit fuzzy on the specifics. In particular, they might still be unclear on the types of threats they need to address as well as the container areas that are most at risk. This knowledge is...

The Information Commissioner's Office (ICO) fined the University of Greenwich £120,000 for a "serious" security breach of personal data. On 21 May, the United Kingdom's Information Commissioner announced the fine. It's the first time the ICO has levied such a penalty against a university under the...

According to the Mayo Clinic, plaque in your arteries and inflammation are usually to blame for coronary artery disease. Left unchecked, plaque buildup narrows arteries, decreasing blood flow to your heart and eventually causing chest pain (angina) and other symptoms. Because this develops over decades, you might not notice a problem until you have...

Last time, I got to speak with Leila Powell. She went from astrophysics to an exciting career as a security data scientist. This time, I have the pleasure of speaking with Veronica Schmitt of DFIRLABS, otherwise known as @M4lw4r3z_G1rl. She enjoys reverse engineering code, and she considers herself to be a cyborg! Kim Crawley: Please tell me about...

The Payment Card Industry Security Standards Council (PCI SSC) published a minor revision to version 3.2 of its Data Security Standard (PCI DSS). On 17 May, PCI SSC published PCI DSS version 3.2.1. The purpose of the update was to clarify organizations' use of the Standard and when they would need to upgrade their use of common cryptographic...

The latest revision to PCI DSS, PCI 3.2, provides specific security guidance on the handling, processing, transmitting and storing of credit card data. PCI 3.2 presents an opportunity for retail, healthcare, finance and hospitality organizations to minimize the theft, exposure and leakage of their customer’s personal and financial credit information...

When transitioning to a DevOps model, organizations must remember that people are essential to a successful switchover. It's people who must learn new workflows, collaboration techniques, and tools during the move. This process will cause at least some disruption over a period as long as two years. Needless to say, they will need patience and ample...

Security researchers found that hackers are using both Google Play and Facebook to actively target North Korean defectors with malware capable of stealing their information. McAfee Mobile Research Team discovered that the Sun Team hacking group is using Facebook to share links with North Korean defectors. At the time of analysis, these URLs directed...

Amidst the volatility, uncertainty and noise of the cybersecurity field, few best practice frameworks have emerged as consistently reliable and useful as the Center for Internet Security (CIS) Security Controls. Recently updated as version 7.0, the CIS Controls represent the most important security controls that an organization must implement to...

A software vulnerability is suspected of being to blame for a hack through which criminals transfer more than 300 million pesos (over US $15 million) out of Mexican banks. Officials from Mexico's central bank confirmed to Reuters that a series of "irregular" and unauthorised interbank money transfers involving large sums of money were detected late...

A federal jury convicted one of the digital criminals responsible for operating the notorious "Scan4You" counter antivirus (CAV) service. On 16 May, the Department of Justice released a press release announcing a Virginia federal jury's conviction of Ruslans Bondars, 37, on one count of conspiracy to commit wire fraud, one count of conspiracy to...

Ransomware isn’t a new threat to the cyber world. Its origins go back many years now. Over time, this threat has become only more vicious and harmful. While people were trying to deal with this cyber threat, cybercriminals moved one step further by offering ransomware-as-a-service (RaaS). Under this service, cybercriminals provide a compact...

Cryptojacking attacks affected a quarter of organizations in their cloud environments, found a recent cloud security report. In RedLock's Cloud Security Trends, researchers with the security firm's Cloud Security Intelligence (CSI) team discovered that 25 percent of organizations had suffered cryptojacking incidents in the cloud. This rate marked a...