A U.S. federal appeals court has ruled that victims of a payment card data breach at Barnes & Noble can seek damages against the national bookseller. According to Reuters, the decision came on 11 April when the 7th U.S. Circuit Court of Appeals in Chicago said that Heather Dieffenbach of California...

Getting hacked is among the most discouraging experiences you'll deal with as a website owner. No matter how secure your site is, there is always a chance that your site may get hacked. According to Forbes, about 30,000 websites are hacked every day, and who knows if/when hackers will target your site next. Now think: your site is getting popular,...

Great Western Rail has taken the precaution of resetting the passwords for all its customers after detecting a limited campaign of password reuse attacks. As reported by The Register, the British train operating company detected password reuse attacks against some of its customers' GWR.com accounts. In total, it found that bad actors had targeted 1...

Today’s VERT Alert addresses Microsoft’s April 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-773 on Wednesday, April 11th. In-The-Wild & Disclosed CVEs CVE-2018-1034 A vulnerability in SharePoint Server could allow specially crafted web requests to read unauthorized content or...

Verizon Enterprise has named ransomware the most prevalent variety of malware in its 2018 Data Breach Investigations Report (DBIR). For the 11th edition of its report, Verizon Enterprise analyzed 53,308 incidents with 2,216 confirmed data breaches. Researchers with the American multinational telecommunications conglomerate found that three in 10...

In my last interview, I had the pleasure of speaking with Senior Security Analyst and Brakeing Down Security podcast host Amanda Berlin. Defensive security and blue teams are cool, and it’s about time that the area gets the recognition it deserves. This time, I spoke with Sorene Assefa. She’s the founder of Cyber Czar, a cybersecurity firm based in...

The United States Secret Service is warning of a new scam in which thieves are targeting the chip-based debit cards issued to corporations. As reported by Brian Krebs, the scam involves criminals intercepting a newly issued debit card along its way to a corporation, tampering with the chip and waiting until it's activated so that they can profit off...

ISO/IEC 27001 is a set of standards for information security management systems (ISMS) created by the International Organization for Standardization and the International Electrotechnical Commission, both independent, and non-governmental organizations. ISO/IEC 27001 is part of the broader ISO/IEC 27000 family, a set of standards designed to “[help]...

The number of cyber security job openings around the globe is staggering. Cisco estimated that there were 1 million unfilled cyber security jobs worldwide in 2014, and Cybersecurity Ventures predicted there will be 3.5 million openings by 2021. The unprecedented need for cyber security experts has intensified as the industry has grown nearly 35...

A shopper has filed a class-action lawsuit seeking at least $5 million in damages for a data breach that affected Saks Fifth Avenue and Lord & Taylor. According to Women's Wear Daily, shopper Antranik Mekerdijian filed a class action lawsuit against Hudson's Bay Company, owner of the two luxury...

Organizations have secrets. It doesn't necessarily mean that they're up to no good; they just may not have all of their corporate plans or internal communications laid bare for the outside world to see. But what's to stop someone from simply cutting-and-pasting an internal email and sending it from a webmail account to an external journalist or...

Crimeware is increasing at an exponential rate. Attackers and underground sellers now use crimeware-as-a-cervice (CaaS) models to sell crimeware services to buyers. These days, one does not need to be tech savvy to conduct attacks on the Internet as CaaS has made this process easier. One of the main CaaS channels is the selling of botnets for...

More and more organizations are now entrusting their IT resources and processing to the cloud. This trend is likely to grow in the coming years. To illustrate, Gartner predicts that cloud data centers will process 92 percent of workloads by 2020. Cloud workloads are expected to increase 3.2 times in that same span of time, Cisco forecasts. With...

UPDATED 05/04/18: Zuckerberg has since refuted this story in a call with reporters. As quoted by TechCrunch: Overall I think regulations like this are very positive. We intend to make all the same controls available everywhere, not just in Europe. Is it going to be exactly the same format? Probably not. We’ll need to figure out what makes sense in...

One of the tools I expect to see gain in popularity in the wild is DNS rebinding. DNS rebinding is a technique that turns a victim’s browser into a proxy for attacking private networks. Attackers can change the IP associated with a domain name after it has been used to load JavaScript. Since same-origin policy (SOP) is domain-based, the JavaScript...

Back by popular demand, I’ve interviewed a new group of women and non-males in information security for Spring 2018. I’m really honoured by all of the positive feedback I’ve been getting on this interview series since it launched in the fall of 2016. This series was even mentioned outside of the tech media during my appearance on a popular non-tech...

Saks Fifth Avenue and Lord & Taylor have both suffered a data breach involving customers' debit and credit card information. The data breach became apparent on 28 March when Joker's Stash, a seller of stolen payment card details on underground markets, announced its "BIGBADABOOM-2" sale of five million cards. Working with financial organizations,...

As we barrel further into the digital age, IT security carries increasing importance to the operation of your business. IT services now represent both the hub of business operations and the primary line of defense for most companies. Accordingly, it is crucial that your employees understand the centrality IT services and security play to the overall...

Previously, I brought attention to what I believe is one of the biggest cybersecurity challenges: data integrity. As I note in a different piece, we have entered a strange phase in our history where questioning “evidence” is not such a ludicrous idea. For example, altering photographs digitally so you can’t tell there have been alterations is a full...