Societies function on the basis of trust, and Internet users are no different. Users need to trust the Internet. They need to trust it to keep their data secure, protected and private, and they need to trust it to reliably give them the content they want to view and share. If governed in an inclusive way, users will continue to place their trust in...

Research on quantum networking is well under way. In April 2012, Gerhard Rempe and other researchers at the Max Planck Institute of Quantum Optics in Germany announced their first working quantum network to the world. Then, just this year, Wolfgang Tittel and his researchers at the University of Calgary transported a light particle's properties...

Women are eagerly needed in information security because we offer unique perspectives and there are so few of us. So far in this series, I interviewed Tiberius Hefflin, Tracy Maleef, Isly, Kat Sweet, and Jess Dodson--five different women from different parts of the English-speaking world and from different areas of IT. For my sixth and final interview...

What happens when service providers issue routers with remotely exploitable flaws? This weekend, we saw a glimpse of what is possible when attackers attempted to load Mirai-based malware on routers through a vulnerability in an exposed remote management protocol. Although the attackers probably failed in their ultimate goal of creating a large...

On the cusp of 2017, one thing's clear: distributed denial-of-service (DDoS) attacks made their mark in 2016. Arbor Networks tracked 124,000 DDoS attacks each week between January 2015 and June 2016. Furthermore, 274 of the attacks observed in the first half of 2016 reached over 100 Gbps (as compared to 223 in all of 2015), while 46 attacks...

Christmas is around the corner, and cyber criminals are as restless as Santa’s dwarves. All big ransomware families are being updated on quite a regular basis, leaving users breathless and file-less. The Cerber ransomware family is an excellent example of a crypto family constantly being renewed. Cerber 5.0.1 is now making its rounds in the wild,...

Facebook has taken the privacy of their customers seriously, as their Chief Security Officer (CSO) Alex Stamos has stated that the company has engaged in black market purchases of leaked or hacked databases that contain Facebook account credentials. A Preface To The Facebook Black Market Trade Facebook has publicly disclosed that it has bought...

Women in information security are a fascinating group of people. I should know, being one myself. But being female in a quickly growing male-dominated industry poses its own challenges. And those of us who pursue security and IT in spite of gender stereotypes have unique strengths and insight. I first interviewed Tiberius Hefflin, a Scottish security...

Women are vital to the information security field, but there are relatively few of us. Speaking to women in our industry gleams insights about how we've ended up in that male dominated field and perhaps how to attract more of us. I first interviewed Tiberius Hefflin, a Scottish security analyst who's working in the United States. Then I spoke to...

What has happened? The AdultFriendFinder website appears to have been hacked, exposing the personal information of hundreds of millions of user accounts. What is AdultFriendFinder? I don't want to be indelicate, so I'll just tell you it's strapline: "Hookup, Find Sex or Meet Someone Hot Now". Oh! So like Ashley Madison? Yes, very much so. And we all...

The United States military has announced it will be launching its inaugural bug bounty program called "Hack the Army" in November 2016. Outgoing secretary of the Army Eric Fanning made the announcement in a press conference. He said the program will help the Army keep up with the latest digital threats. As quoted by WIRED: "We’re not agile enough...

Today's industrial control systems (ICS) face an array of digital threats. Two in particular stand out. On the one hand, digital attackers are increasingly targeting and succeeding in gaining unauthorized access to industrial organizations. Some actors use malware, while others resort to spear-phishing (or whaling) and other social engineering...

Women in information security, being a minority, deserve a spotlight. Previously, I've interviewed Tiberius Hefflin, a Scottish security analyst who is currently working in the United States, and Tracy Maleeff, a woman who went from library sciences to infosec, who's now a host of the PVCSec podcast, and who runs her own infosec business. Recent years...

In February of 2015, researchers at Kaspersky Lab disclosed the existence of a sophisticated cyber-attack group that's been in operation since early 2001, and targeted almost every industry and foreign countries with its zero-day malware. Kaspersky called this threat actor the Equation Group because of its love for encryption algorithms and the...

Today’s VERT Alert addresses 14 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-698 on Wednesday, November 9th. Ease of Use (published exploits) to Risk Table Automated Exploit ...

The Bizarro Sundown exploit kit is spreading two versions of Locky ransomware via the still-active ShadowGate malvertising campaign. In October, Trend Micro spotted two versions of Bizarro Sundown, a modification of the earlier Sundown exploit kit which rose to prominence with RIG following Neutrino's demise. The first iteration reared its ugly head...

In February 2016, Tripwire first unveiled the results of its 2016 Breach Detection Survey. The study polled the comments of 763 security information security personnel about their organizations' efficacy of implementing seven key security controls: PCI DSS, SOX, NERC CIP, MAS TRM, NIST 800-53 and IRS 1075. Those controls are essential to helping an...

Information security really needs female professionals. There aren't a lot of us, but all the women in infosec I've met so far have been fascinating. In my first interview, I spoke with Tiberius Hefflin, a Security Assurance Analyst. The second woman I spoke to was Tracy Z. Maleeff, who is well known on Twitter as @InfoSecSherpa. Kim Crawley: How...

Celebrating the fifth and final week of National Cyber Security Awareness Month (NCSAM) 2016, we at The State of Security would like to emphasize the goal of building resilience in critical infrastructure. We'll do so by discussing three ICS security incidents that rocked 2016 and by sourcing expert opinion on what we can learn from each of those...

We at The State of Security have explored all the ways people can strengthen their security online in acknowledgement of National Cyber Security Awareness Month (NCSAM) 2016. We kicked off the public awareness campaign by providing tips on how users can protect their passwords, as well as defend against ransomware and other common IT security...