Our nation depends heavily on the more than 2.3 million miles of pipelines in the United States that move oil, gas and other liquid products cross country to delivery points, such as airports, refineries, homes, and businesses. At an average of every 40 miles for natural gas pipelines, there are compressor stations that move the gas further along...

In spite of continuous efforts to improve the security of credit card transactions by both the financial services and retail industries, we see nearly endless headlines about new card data breaches. Banks want to improve security to avoid incurring the expenses associated with fraudulent purchases and investigations efforts. Consumers want, to improve...

The fear of malicious actors taking control of glaring flaws in smart cars is on the rise. This threat is therefore considered to be one of the major technical challenges confronting the automotive industry today. Car Manufacturers Initially, car manufacturers were not very familiar with the cyber security community. From a hacker’s perspective,...

Over the last few years, you’ve probably heard a lot about companies launching their own bug bounty programs. Software giants, such as Google, Microsoft, Twitter and Yahoo, as well as hardware-centric companies, such as Tesla, Samsung and even United Airlines, run programs that pay out cash for finding vulnerabilities. As these programs gain...

Over the course of the last decade, major credit card companies have begun to implement EMV or "chip and pin" technology. This system requires that a card reader retrieve the customer's information off of their card's magnetized chip, which is followed by the cardholder entering in their PIN number. As a result, chip and pin essentially constitutes...

We are very proud to announce the release of Version 6 of the Center for Internet Security Critical Security Controls for Effective Cyber Defense. This is a set of security practices developed and supported by a large volunteer community of cybersecurity experts. Based on an ongoing analysis of attacks, vulnerabilities and defensive options, the CIS...

In the past few years, it has become abundantly clear that enterprises leveraging threat intelligence have a distinct advantage in protecting their critical infrastructure. With CSOs and security teams overwhelmed by massive amounts of threat data, organizations are doing everything they can to collect, analyze and evaluate as much data as they can,...

This week marks Week 4 in National Cyber Security Awareness Month (NCSAM), a program sponsored by the Department of Homeland Security (DHS) in cooperation with the National Cyber Security Alliance and the Multi-State Information Sharing and Analysis Center. NCSAM emphasizes our shared responsibility in strengthening the cyber security posture of our...

Hacking cars has made big headlines in recent months. Back in July of this year, security researchers Charlie Miller and Chris Valasek won the attention of the information security community and beyond when they successfully hacked a Jeep Cherokee's computer via its Uconnect infotainment system. The duo was able to rewrite the automobile's firmware,...

I am looking forward to presenting at BSidesDC this weekend, where I'll be giving a talk titled "Point-of-Sale to Point-of-Fail." In my presentation, I will be discussing the recent rash of retail breaches over the past couple of years and how and why they are occurring, and what retailers can do to protect themselves. The epidemic of mega-retail...

Getting root is fun, and with IoT gadgets, getting root is generally easy. This is why the IoT Hack Lab @ SecTor will be so much fun! If you still reminisce about (or look forward to) the first time you got root on a device, and you will be in Toronto on October 20-21, visit us at the convention centre where we’ll be setup in the expo hall. Expo...

Today’s VERT Alert addresses 6 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-638 on Wednesday, October 14th. Ease of Use (published exploits) to Risk Table Automated Exploit Easy ...

In continuing our VERT Vuln School series on SQL Injection vulnerabilities, we’re going to take a look at how attackers can leverage this vulnerability to steal and exfilitrate data. Once we views bob’s account balance page, we notice that there’s another input-field that might be of interest, the...

If you are reading this article, you are probably aware that Security Incident and Event Management solutions, or SIEMs, are powerful systems that allow IT professionals to gather and analyze activity in a company’s infrastructure through the collection and correlation of logs. Though SIEM solutions have a significant amount of built-in content in...

In December 1890, Samuel Warren and Louis Brandeis, concerned about privacy implications of the new “instantaneous camera,” penned The Right to Privacy, where they argue for protecting “all persons, whatsoever their position or station, from having matters which they may properly prefer to keep private, made public against their will.” 125 years...

Chinese networking telecommunications equipment and services company Huawei has patched a vulnerability in its MBB (Mobile Broadband) product E3272s that if exploited could lead to denial-of-service attacks and remote arbitrary code execution. According to a security bulletin released by the company, "An attacker could send a malicious packet to...

In today's world, our notion of endpoints has evolved from something with a user and a keyboard to something with exploitable vulnerabilities. This conceptualization therefore covers network connections beyond laptops, personal computers and mobile devices. Indeed, vulnerabilities arising from Internet of Things (IoT) appliances; automobiles, such...

SQL injection is arguably the most severe problem web applications face. OWASP, an online community devoted to web application security, consistently classifies injection vulnerabilities as number one on their OWASP Top 10 Project. SQL injection vulnerabilities are a favorite amongst a number of “hactivist” groups whose aim is to cause disruption in...

Our security roundup series covers the week’s trending topics in the world of InfoSec. In this quick-read compilation, we’ll let you know of the latest news and controversies that the industry has been talking about recently. Here’s what you don’t want to miss from the week of September 28, 2015: A massive data breach at Experian – one of largest...

What a whirlwind the past few months have been for data security, breaches and hacking events. From the Wyndham v. FTC ruling to yet another breach by a BCBS affiliate, there is increasing pressure across the information security industry to push organizations to perform those pesky security risk assessments touted by the National Institute of...