Security is not the same for the industrial control systems (ICS) as it is for information technology (IT). This difference in part arises from the unique characteristics that set IoT and IT environments apart from one another. Take IT, for instance. One of the most important business drivers for securing systems in those types of environments is...

Apple has announced it will be launching a bug bounty program that will pay security researchers upwards of USD 200,000 for finding flaws in its software. On Thursday at the Black Hat USA 2016 security conference in Las Vegas, Nevada, head of the Apple Security Engineering and Architecture group Ivan Krstic made the announcement at the end of his...

Industrial Control Systems (ICS) are the technology workhorses responsible for powering the electric grid and utilities, water treatment plants, oil and gas production, food and beverage manufacturing, and transportation systems, among many others. Our society relies on these systems more than we know to keep life running smoothly. ...

There is never a dull moment for compliance and security. Case in point, amidst a brewing storm of regulation, version 3.2 of the Payment Card Industry Data Security Standards (PCI DSS) announced in late spring articulates good data security intent along with controversy. PCI has been around since 2006, and aims to protect payment data for consumers...

Wireless routers designed for consumers often do not employ proper security practices. This topic was extensively covered in VERT’s 2014 report, “SOHO Wireless Router (In)security.” Our research revealed that 74% of the 50 top-selling consumer routers on Amazon shipped with security vulnerabilities, including 20 different models where the latest...

Embedded devices on enterprise networks make attractive targets for hackers because they provide potential footholds. These systems perform a variety of functions, often involving sensitive data or control of critical systems. Network gear, printers, storage appliances and other equipment generally do not have end-point protection installed, making...

In today’s vulnerability market, vendors want to squeeze every ounce of publicity out of their security researchers. As a result, responsible disclosure often falls by the wayside. The same is true of independent researchers in search of their 15 minutes of fame. A fatal flaw in a major product is akin to Kennedy’s dream of landing a man on the moon...

When it comes to the Internet of Things and security, it seems individuals and organizations keep making the same fatal mistakes – over and over again – because we continuously see it as a technology problem. It’s not. It’s a business strategy failure. Whether it’s insecure hospital devices, hackable power grids, or lethal connected cars, the same...

Come get your hands dirty with embedded device hacks during my DEF CON 24 workshop. Brainwashing Embedded Systems will be held in Las Vegas Ballroom 3 on Saturday, August 6, from 10AM - 2PM. This workshop is a condensed version of the full-day training offered at the 2016 AusCERT and SecTor conferences. During the workshop, you will learn about the...

Digital attackers are constantly looking for ways to infiltrate organizations' IT environments. One of the easiest modes of entry is for an actor to exploit a weakness in an endpoint, a network node which according to Dark Reading remains "the most attractive and soft soft target for cyber criminals and cyber espionage actors to get inside." Under the...

A security audit evaluating many best-selling fitness trackers and wearable devices, including the Apple Watch, revealed that some manufacturers are continuing to make blatant security errors. Conducted by AV-TEST, the new study found several security flaws in Android-powered fitness trackers. The organization tested the following devices: Basis...

A security breach at Ubuntu Forums exposed the information of as many as two million users. Jane Silber, CEO of Canonical, which is the company that produces the Debian-based Linux operating system Ubuntu, published a statement about the hack on Friday: "At 20:33 UTC on 14th July 2016, Canonical’s IS team were notified by a member of the Ubuntu...

You’ve managed fine on your own for years, but suddenly there’s a new security data scientist in your life. You’re excited at the possibilities, but can you really make it work? Here are five sure-fire ways to turn that initial buzz into a perfect partnership, so that your data scientist can deliver the insights you’re looking for. Together, you can...

Fiat Chrysler Automobiles (FCA) announced on Wednesday the launch of its own bug bounty program, rewarding researchers for disclosing security vulnerabilities in its connected cars. As the seventh-largest automaker in the world, Fiat Chrysler is among the first major vehicle manufacturers to offer ...

You visit a company on business, and want to print something out. You visit another department in your office and need a hard copy of a document in your email. You're a guest at someone's home and want to print off directions to the airport. What do you? Simple. You get Windows to quickly search for and add a printer hosted on the network, and off...

Today’s VERT Alert addresses 11 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-680 on Wednesday, July 13th.Ease of Use (published exploits) to Risk TableAutomated Exploit Easy Moderate Difficult Extremely Difficult No...

WordPress (WP) is the most popular and widely used blogging platform. It supports every kind of website, from a simple blog to a full-featured business website. Twenty-six percent of all websites globally use WordPress. As a result of this popularity, hackers and spammers have taken keen interest in breaking the security of WP-operated sites. In this...

According to a new survey, 80 percent of IT security professionals believe that their organization will be threatened with a DDoS ransom attack in the next 12 months. Conducted by Corero Network Security, the research includes the responses of 100 security professionals at the Infosecurity Europe conference in London earlier this year. Even more...

A security researcher has disclosed two zero-day vulnerabilities in the online service web applications of the German luxury automobile company BMW. The first issue exists in the web application for BMW ConnectedDrive, a suite of services which includes real-time traffic updates, on-board app connectivity, and other functions built into each...

An new exploit kit campaign is targeting websites running on out-of-date versions of the Joomla! and WordPress content management system (CMS). Researchers at Sucuri have been tracking the campaign for the past several weeks. They've codenamed it "Realstatistics" because it injects fake analytics code for "realstatistics[.]info" or "realstatistics[....