Blondes vs brunettes, Kirk or Picard, and the Oxford comma... these are some of the most burning issues that people just can't agree on. And another is whether iPhones are better than Android phones. Both sides have their fervent fans and supporters, and are capable of making convincing arguments to back their point of view. But now a new study ...

Today’s VERT Alert addresses 12 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-643 on Wednesday, November 11th. Ease of Use (published exploits) to Risk Table Automated Exploit Easy ...

Few Internet technologies are relied upon as heavily as TLS/SSL, yet it has been widely known for years that this fundamental security protocol does not do enough to effectively protect communications. The most visible failing of TLS is the reliance on public key infrastructure (PKI) in which every certification authority (CA) becomes a potential...

In the early morning hours of Monday, November 1st, the Kansas City Royals won the 2015 major league baseball World Series. To be sure, the team secured its championship against the expectations of most. In the fifth game, the Royals trailed behind the New York Mets 0-2. Everyone expected that the Mets would win, but then things changed. At the top...

You can hack a toaster, a TV and a car... but a mainframe? Isn’t everything on Windows and Linux? Who still uses mainframes (specifically IBM’s flagship System Z running Z/OS)? They’re obsolete, specialized and cumbersome, just like the stuff that runs on them: TSO, JES, Walker, CICS, VTAM, MVS, IMS. And they’re pretty much sequestered from all the...

Our nation depends heavily on the more than 2.3 million miles of pipelines in the United States that move oil, gas and other liquid products cross country to delivery points, such as airports, refineries, homes, and businesses. At an average of every 40 miles for natural gas pipelines, there are compressor stations that move the gas further along...

In spite of continuous efforts to improve the security of credit card transactions by both the financial services and retail industries, we see nearly endless headlines about new card data breaches. Banks want to improve security to avoid incurring the expenses associated with fraudulent purchases and investigations efforts. Consumers want, to improve...

The fear of malicious actors taking control of glaring flaws in smart cars is on the rise. This threat is therefore considered to be one of the major technical challenges confronting the automotive industry today. Car Manufacturers Initially, car manufacturers were not very familiar with the cyber security community. From a hacker’s perspective,...

Over the last few years, you’ve probably heard a lot about companies launching their own bug bounty programs. Software giants, such as Google, Microsoft, Twitter and Yahoo, as well as hardware-centric companies, such as Tesla, Samsung and even United Airlines, run programs that pay out cash for finding vulnerabilities. As these programs gain...

Over the course of the last decade, major credit card companies have begun to implement EMV or "chip and pin" technology. This system requires that a card reader retrieve the customer's information off of their card's magnetized chip, which is followed by the cardholder entering in their PIN number. As a result, chip and pin essentially constitutes...

We are very proud to announce the release of Version 6 of the Center for Internet Security Critical Security Controls for Effective Cyber Defense. This is a set of security practices developed and supported by a large volunteer community of cybersecurity experts. Based on an ongoing analysis of attacks, vulnerabilities and defensive options, the CIS...

In the past few years, it has become abundantly clear that enterprises leveraging threat intelligence have a distinct advantage in protecting their critical infrastructure. With CSOs and security teams overwhelmed by massive amounts of threat data, organizations are doing everything they can to collect, analyze and evaluate as much data as they can,...

This week marks Week 4 in National Cyber Security Awareness Month (NCSAM), a program sponsored by the Department of Homeland Security (DHS) in cooperation with the National Cyber Security Alliance and the Multi-State Information Sharing and Analysis Center. NCSAM emphasizes our shared responsibility in strengthening the cyber security posture of our...

Hacking cars has made big headlines in recent months. Back in July of this year, security researchers Charlie Miller and Chris Valasek won the attention of the information security community and beyond when they successfully hacked a Jeep Cherokee's computer via its Uconnect infotainment system. The duo was able to rewrite the automobile's firmware,...

I am looking forward to presenting at BSidesDC this weekend, where I'll be giving a talk titled "Point-of-Sale to Point-of-Fail." In my presentation, I will be discussing the recent rash of retail breaches over the past couple of years and how and why they are occurring, and what retailers can do to protect themselves. The epidemic of mega-retail...

Getting root is fun, and with IoT gadgets, getting root is generally easy. This is why the IoT Hack Lab @ SecTor will be so much fun! If you still reminisce about (or look forward to) the first time you got root on a device, and you will be in Toronto on October 20-21, visit us at the convention centre where we’ll be setup in the expo hall. Expo...

Today’s VERT Alert addresses 6 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-638 on Wednesday, October 14th. Ease of Use (published exploits) to Risk Table Automated Exploit Easy ...

In continuing our VERT Vuln School series on SQL Injection vulnerabilities, we’re going to take a look at how attackers can leverage this vulnerability to steal and exfilitrate data. Once we views bob’s account balance page, we notice that there’s another input-field that might be of interest, the...

If you are reading this article, you are probably aware that Security Incident and Event Management solutions, or SIEMs, are powerful systems that allow IT professionals to gather and analyze activity in a company’s infrastructure through the collection and correlation of logs. Though SIEM solutions have a significant amount of built-in content in...

In December 1890, Samuel Warren and Louis Brandeis, concerned about privacy implications of the new “instantaneous camera,” penned The Right to Privacy, where they argue for protecting “all persons, whatsoever their position or station, from having matters which they may properly prefer to keep private, made public against their will.” 125 years...