One of the tools I expect to see gain in popularity in the wild is DNS rebinding. DNS rebinding is a technique that turns a victim’s browser into a proxy for attacking private networks. Attackers can change the IP associated with a domain name after it has been used to load JavaScript. Since same-origin policy (SOP) is domain-based, the JavaScript...

Back by popular demand, I’ve interviewed a new group of women and non-males in information security for Spring 2018. I’m really honoured by all of the positive feedback I’ve been getting on this interview series since it launched in the fall of 2016. This series was even mentioned outside of the tech media during my appearance on a popular non-tech...

Saks Fifth Avenue and Lord & Taylor have both suffered a data breach involving customers' debit and credit card information. The data breach became apparent on 28 March when Joker's Stash, a seller of stolen payment card details on underground markets, announced its "BIGBADABOOM-2" sale of five million cards. Working with financial organizations,...

As we barrel further into the digital age, IT security carries increasing importance to the operation of your business. IT services now represent both the hub of business operations and the primary line of defense for most companies. Accordingly, it is crucial that your employees understand the centrality IT services and security play to the overall...

Previously, I brought attention to what I believe is one of the biggest cybersecurity challenges: data integrity. As I note in a different piece, we have entered a strange phase in our history where questioning “evidence” is not such a ludicrous idea. For example, altering photographs digitally so you can’t tell there have been alterations is a full...

Online businesses of all sizes need to be able to accept payments today. This really is the only way in which you can buy and sell products and services without a physical presence. It's convenient and economical but there are also some risks associated with it because of the information being shared. Payment gateways are something that you must watch...

Something that I like to discuss is the ease with which individuals open themselves up to cyberstalking. A lot of people don’t even realize the detail they are revealing during online conversations and gaming sessions. While these online gaming tips should be considered by adults, the goal of this checklist is to create a conversation point for...

Ransomware is still rampant across organizations worldwide, with roughly 56 percent of businesses experiencing a ransomware attack in the last 12 months, new research revealed. The findings come from SentinelOne’s 2018 Global Ransomware Study conducted by Vanson Bourne, which surveyed 500 businesses in the UK, France, Germany and the United States....

City officials have confirmed they detected what they're calling a "limited breach" on a system that supports Baltimore's 911 emergency services. According to The Baltimore Sun, city personnel detected the intrusion at 08:30 local time on 25 March. The quickly determined that unknown attackers had hacked into the municipality's computer-aided...

It appears we reached a global level of moral outrage surpassing a high warp factor during the week commencing 19th March 2018 with widespread news coverage of the machinations of Cambridge Analytica (CA). [I write as a long-time cynic who did not need to experience last week to know that “I am the product.”] We are all making choices daily – for...

The city of Atlanta is struggling to recover from a ransomware infection days after the initial attack targeted its computer network. As of 26 March, the municipality was still struggling to collect customers' online payments for bills and fees. Such disruption continues to plague the State of Georgia's capital city at a time when Atlanta is busy...

One of the ways I try to give back to the community is by using my writing to be the resource I wish I had earlier in my journey. I have constraints on what I can publish due to the nature of my work, but I’m passionate about sharing career advice that can positively impact the industry. I’ve made my desire to be a public resource, so people ping me...

The Spanish National Police has arrested the leader of a criminal group responsible for developing sophisticated banking malware including Cobalt and Carbanak. On 26 March, EUROPOL announced the arrest of the yet-unnamed computer criminal mastermind in Alicante, Spain. That individual is responsible for helping to attack 100 financial institutions...

Nearly one in five students at Ohio State University clicked on unverified links in emails sent to them as part of a phishing simulation. On 31 January, the IT risk management office at Ohio State University (OSU) initiated a phishing exercise against the university's student population. Its intention was to determine how many students would click...

Online travel services firm Orbitz has revealed that it has suffered a "data security incident" which may have compromised the sensitive information of hundreds of thousands of customers. According to Orbitz, which was acquired by Expedia in two years ago, hackers were able to infiltrate a legacy version of the company's travel booking platform...

Netflix has launched a public bug bounty program through which security researchers can receive rewards of up to $15,000. Announced on 21 March, the streaming service's new vulnerability responsible disclosure framework will award researchers upwards of thousands of dollars for reporting weaknesses discovered in Netflix's primary targets. In-scope...

BULLETIN CVE Browser CVE-2018-0942, CVE-2018-0929, CVE-2018-0927, CVE-2018-0932, CVE-2018-0879 Scripting Engine CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0934, CVE-2018-0933, CVE-2018-0936, CVE-2018-0937, CVE-2018-0930, CVE-2018-0931, CVE-2018-0939, CVE-2018-0891, CVE-2018-0876, CVE-2018-0889, CVE...

Industrial control systems (referred to as ICS) have faced an ever-growing volume of threats over the past few years. From 2015 to 2016, IBM Managed Security Services reported a 110 percent increase in ICS cybersecurity attacks. The US accounted for most of these incidents, given it has the most Internet-connected ICS networks on the planet, but the...

The oil and gas sector in the Middle East has become a top target for cybercriminals, enduring 50 percent of all cyber-attacks in the region, revealed a new report. The study, conducted by industrial giant Siemens and the Ponemon Institute, polled around 200 individuals in the Middle East responsible for securing or overseeing cyber risk in oil and...