Blog

Blog

Two Zero-Day Vulnerabilities Found in BMW Web Applications

A security researcher has disclosed two zero-day vulnerabilities in the online service web applications of the German luxury automobile company BMW. The first issue exists in the web application for BMW ConnectedDrive, a suite of services which includes real-time traffic updates, on-board app connectivity, and other functions built into each...
Blog

The Peril of 'Unauthorized Access' in Healthcare

I recently read an article in HealthIT Security that analyzed the breaches reported to the Department of Health and Human Services Office of Civil Rights between January 1, 2016, and June 1, 2016. According to the article: "There have been 114 incidents reported to OCR between Jan. 1, 2016 and June 1, 2016. Of those, 47 (41%) were classified as...
Blog

How Your Smartwatch or Fitness Tracker Could Reveal Your ATM PIN

Quick question - are you right or left handed? That's a harmless enough question, but here's the follow-up: do you wear a smartwatch or fitness tracker on that same wrist? If you do, then you may want to rethink whether that was a sensible choice after you've read about some fascinating research done by a group of scientists from Binghamton...
Blog

Exploit Kit Campaign Targeting Out-of-Date Joomla! and WordPress Sites

An new exploit kit campaign is targeting websites running on out-of-date versions of the Joomla! and WordPress content management system (CMS). Researchers at Sucuri have been tracking the campaign for the past several weeks. They've codenamed it "Realstatistics" because it injects fake analytics code for "realstatistics[.]info" or "realstatistics[....
Blog

IoT / IoE: When It’s Got an IP Address, It Will Get Hacked

Given the recent debate and increased attention on the subject, I’d like to make a couple of points for the (hopefully) greater good of the security community. Currently, most experts envision the Internet of Things (IoT) / Industrial Internet / Machine-to-Machine / Internet of Everything (IoE) as the next big wave that will come and connect...
Blog

My TLS Rant

The Internet as we know it is only possible thanks to cryptography and specifically TLS (formerly known as SSL). Without this crucial technology providing a means for private online communications, e-commerce would quite simply not be a thing, and the Internet would likely be little more than a world-wide party line for sharing bad jokes. Despite...
Blog

Common Basic Port Scanning Techniques

In the world of information security, port scanning is a vital part. Enterprises, organizations or regular users use port scans to probe systems for open ports and their respective services. If you think of a computer as a hallway of doors, port scanning can be compared with walking through the hallway looking for open doors. Penetration testers...
Blog

Decryptor Created for MIRCOP Ransomware that Sets $30K Ransom

Researchers have created a decryption tool for MIRCOP ransomware that demands 30,000 USD in ransom from its victims. Trend Micro explains the ransomware is currently being delivered via malicious macros as part of a spam campaign. Users open what appears to be a Thai customs document for importing and exporting goods. But when they click to enable...
Blog

5 Actionable Steps We Can Learn from the SWIFT Banking Attacks

As is often the case in cybersecurity, just when you think you are writing or talking about the "issue of the day" (most recently ransomware), some other issue comes up that makes you shake your head and wonder why each of us is working so hard to secure our networks when it appears so easy for attackers to steal important data or money. That is...
Blog

Hummer Malware the No. 1 Mobile Trojan in the World

The Android malware "Hummer" is now the number one mobile trojan in the world, finds researchers. Threat analysts at Cheetah Mobile Security Research Lab reveal in a blog post the extent to which Hummer malware infections took off in 2016: "During the first half of 2016, the Hummer trojan infected nearly 1.4 million devices daily at its peak. In...
Blog

Finding, Using, and Staying Safe on Public Free Wi-Fi

If there’s one thing I’ve come to know about the tech crowd, it’s this: we all want free Wi-Fi connections everywhere we go, and we want them now. Now finding that free Wi-Fi is great, and we’ll look at how to find some anywhere you go, but we’ll also look at staying safe on that free Wi-Fi. There are many risks lurking around public Wi-Fi, and it...
Blog

Alleged Hacker Lauri Love Bailed Following Extradition Hearing

A court has bailed the alleged hacker Lauri Love, 31, and temporarily adjourned his case following a two-day extradition hearing. On Wednesday, District Judge Nina Tempia at Westminster Magistrates' Court in London adjourned the case until a later time when attorneys for the prosecution and defense will make their final arguments regarding Love's...
Blog

The Android Ransomware Threat has Quadrupled in Just One Year

If you need any more evidence that ransomware has become a major problem, just look at how online criminals are busily developing attacks against platforms other than Windows. Yes, Windows continues to be the operating system most commonly targeted with ransomware threats - but malware that attempts to extort money out of you is also being actively...
Blog

Can We Be Better Cheerleaders for Password Managers?

LinkedIn, MySpace and all of the other recent (sort of) password breaches have resulted in many articles that advise everyone to not use the same password on more than one site. This is known as “password re-use,” and the only way to effectively accomplish the task of setting up unique passwords for all of our web accounts is to use a password...
Blog

Hacker Mindset: Email Is the Golden Ticket

In my ongoing blog series “Hacker Mindset,” I’ll explore an attacker's assumptions, methods and theory, including how information security professionals can apply this knowledge to increase cyber-vigilance on the systems and networks they steward. In this first article, I examine how email provides a tool for hackers to gain a foothold into company...
Blog

The Newest Online Threat - .Zepto Ransomware

Terrible news shook the web the other day, as reports surfaced of a new ransomware virus circulating the web. A new version of the infamous Locky ransomware has been unleashed upon users worldwide, affecting computers all across the globe from the USA to Mexico, Japan, Germany, and beyond. The unwelcome arrival of the new virus was first reported...
Blog

EU GDPR – Yawn, Another Regulation. Who Cares?

Well, if you're reading this blog, then I suggest you should! The European Union General Data Protection Regulation (EU GDPR) takes effect on 25th May 2018. But don’t be misled by the title. The EU reference should be treated as an indication of the Regulation's birth place, not some form of virtual boundary restricting its influence. This...
Blog

Infosecurity Europe: Its History, Value, and Future

On June 7-9, information security professionals from all over the world gathered together at Infosecurity Europe 2016, one of The State of Security‘s top 11 conferences in information security. Anyone who’s attended Infosecurity Europe knows how difficult it is to choose which presentations they’d like to see. It’s simply impossible to attend all of...
Blog

Attackers Leveraged Large CCTV Botnet to Launch DDoS Attacks

Attackers leveraged a botnet consisting of thousands of closed-circuit television (CCTV) devices to launch distributed denial-of-service (DDoS) attacks. Daniel Cid, CTO of Sucuri Security, explains that a small jewelry shop recently signed up with his company. At the time, the new customer was experiencing a DDoS attack that had knocked it offline...