Data exposure reports have reached a dizzying pace in the past few months, and the security community has been focused on the risk from multiple angles. Now, a new study from HTTPCS gives us new insight into rates of vulnerable S3 configurations. HTTPCS scanned s3.amazonaws.com addresses looking for storage “buckets” and logged data on those that...

German officials are blaming Russian-linked black-hat hackers for breaching several federal agencies and stealing sensitive information. On 28 February, sources told Deutsche Presse-Agentur (dpa) that the Russian digital espionage group APT28 used malware to target the German government's secure computer network. ...

Tripwire's February 2018 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft, Adobe and Oracle. BULLETIN CVE Adobe Flash APSB18-03 CVE-2018-4878, CVE-2018-4877 Microsoft Browser CVE-2018-0763, CVE-2018-0839, CVE-2018-0771 Microsoft Scripting Engine CVE-2018-0840, CVE...

Many of us in the cybersecurity world have followed this general mantra: protect the data, protect the data, protect the data. It’s a good mantra to follow, and ultimately that is what we are all trying to do. But there are different ways to protect data. The obvious method is to make sure it doesn’t get ripped off, but as we have noted in previous...

Many people view the Health and Safety at Work Act 1974 as unnecessary and burdensome, but its introduction has had a dramatic impact on reducing accidents in the workplace, particularly within industrial settings. Today, it controls the safety of equipment used on process plants, the time professional drivers may spend behind the wheel, and even...

A new family of mobile malware called RedDrop exfiltrates victims' sensitive data including ambient audio recordings and sends it to cloud storage services. Wandera, a mobile security firm which spotted weaknesses in the CBS Sports app and mobile site back in 2016, uncovered the malware when a user clicked on an ad for the Chinese search engine...

BEC, or Business Email Compromise, is a contemporary twist on a staple scam. Often in the shadow of the more extravagant, media-friendly super-hacks or ransomware compromises, BEC is leading the line on both the number of attack victims and the direct losses encountered by businesses. Although not as en vogue as other ‘nouveau’ cybersecurity threats...

To distinguish the size of merchant companies and appropriately determine the level of testing required, the founding credit card companies created four different brackets ranging from Tier 1 to 4. Each tier is based on the number of transactions processed per year by the merchant and also dictates the testing a merchant must undertake. While...

Everyone in Silicon Valley and the tech industry, in general, is talking about “The Cloud.” “The Cloud” is something that’s not only trendy but also very useful for business. Why deal with the burden of running your own datacenters when companies like Amazon, Google and Microsoft offer third-party cloud services that will be less expensive for your...

A relatively new ransomware-as-a-service (RaaS) platform keeps victims guessing by not using a special file extension with the files it encrypts. On 22 February, security researchers began seeing reports from users claiming that Data Keeper ransomware had affected their computers. Victims found out about the infections by coming across the "!!! ####...

What would you say if I told you that now a hacker doesn’t even have to trick you into installing malicious files on your computer in order to steal sensitive data? Let’s take a look at how this form of (non-) malware works and, more importantly, how to protect yourself against it. How does this fileless malware attack occur? The big picture...

This article is part 1 of 3 in the “Insider Enterprise Threats” series, outlining effective policies and practices for combating insider cyber security threats to the modern enterprise. Insider cyber security threats are much more prevalent than most of us realize. IBM estimates that 60 percent of all cyberattacks are perpetrated by those with...

The Council of Economic Advisers recently released a report that examines the cost of malicious cyber activity to the U.S. economy. The report cites many of the usual findings from the Verizon DBIR and Ponemon reports—nothing new to those of us who live and breathe cybersecurity. However, the report caught my eye because it offers some very...

A security researcher has released an updated list of 500 million breached passwords so that organizations can use it to protect their systems. On 22 February, Australian web security expert Troy Hunt published the second version of "Pwned Passwords." The feature enables users to check a new or used password against a list of 501,636,842...

Security breaches are increasingly affecting organizations across various domains as they heavily rely on technologies to reduce the operational costs and improve the work efficiency. The United States is the world leader in data breach incidents. According to a report shared by the Identity Theft Resource Center in 2017, the security breach...

Whoever hacked the LA Times' interactive county murder map probably hoped to make a killing mining cryptocurrency - but swift action from a security researcher has put paid to their plans. Security researcher Troy Mursch, whose blog has focused on cryptomining threats in recent months, raised the alarm on Twitter, after discovering that an Amazon...

Colorado's Department of Transportation (DOT) shut down more than 2,000 computers after its network suffered a ransomware attack. First thing in the morning on 21 February, the DOT discovered that ransomware had struck all employee computers running Windows and protected by McAfee anti-virus software. It immediately launched an investigation into...

With distributed ledger technology (such as blockchain), there is growing interest in automating routine commercial transactions. But how will these smart contracts be interpreted under existing commercial contract laws? Although there is no federal contracts law for private commercial transactions in the United States, there is a widely adopted...

Living in today’s society, it is almost impossible to meet someone without an email account. For almost everything you do online, you need to have an email ID whether for work, education, or socially. Many of us hold multiple accounts, each for a different purpose; however, you need to protect yourself. If you are using Outlook as your email...

In these times of unabated data breaches, the typical Chief Information Security Officer (CISO) must feel like a moving target in a shooting gallery. It’s not a matter of whether an attack and possible breach will occur, it’s a matter of when. Being a CISO is a fascinating and important job. Often, though, it’s a thankless one. Unfortunately for...