Malware as a business model rests on two core tenets—the first is innovation. Malware authors are constantly innovating tools and techniques that allow their software to slip past network defenses, to brute force their way past weak authentication credentials, and to escalate local privileges—all in an attempt to counter the work of security...

Last year, attackers used an email scam to defraud an unidentified American corporation out of $100 million, report U.S. authorities. According to Reuters, the American corporation was targeted by a business email compromise between August and September of 2015. A business email compromise (BEC) is a type of payment fraud where an attacker...

A former Reuters journalist has been sentenced to two years in prison for helping to hack a multimedia corporation. Last October, a California jury found Matthew Keys, 28, guilty of one count of conspiracy to make changes to a corporate website, one count of transmitting malicious code, and one count of attempting to transmit malicious code for an...

Researchers at BAE Systems have published a report investigating the return of the Qbot network-aware worm, revealing infections on some 54,517 PCs. 85% of the affected systems are based in the United States, with academic, government and healthcare industry networks particularly badly hit. Earlier this year, for instance, the media reported that...

As a child, I loved taking things apart. I was always overly precocious and immensely curious—so much so, that I was frequently disciplined for “breaking” things. Years later, as a young adult—I would find myself taking things apart again—only this time, I was a divorced mother of three and going back to college, where the taking-apart part inspired...

Sports fanatics using the CBS Sports app or mobile site recently may have had their personal information exposed to online theft, researchers say. According to mobile security firm Wandera, both the Android and iOS versions of the app were found transferring users’ names, email addresses, account...

"We ourselves feel that what we are doing is just a drop in the ocean. But the ocean would be less because of that missing drop.” – Mother Teresa. I live by this quote. It’s powerful. It inspires me and it’s one of the reasons why I do what I do. Let me explain. It all began with a blog. I was in a state of shock after having read an (ISC)² report,...

Today’s VERT Alert addresses 13 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-666 on Wednesday, April 13th. Ease of Use (published exploits) to Risk Table Automated Exploit Easy ...

Despite increased digitization and other paper reduction efforts, global paper usage has nonetheless increased in the last 30-odd years. With the average officer worker in the US using 10,000 sheets of copy paper annually, the security risks related to the circulation of potentially sensitive documents pose a serious issue for information security...

The threat landscape has grown considerably since the the first PC arrived on the tech scene in the 1980s. Indeed, as the amount of information transmitted and stored by organizations has grown, we have seen a corresponding increase in computer crime. Today, approximately one million new malware samples are developed each day. External actors use...

“But we only sell hammers, do we really need the Cadillac solution?” During a 9 AM meeting, I sat across from a C-suite executive as these words hung in the air. I was left gobsmacked. It was readily apparent a significant language gap needed to be overcome to help leaders understand the motivations of cybercriminals. It doesn’t matter if your...

In mid-March, news first broke about a ransomware attack at The Ottawa Hospital in Ottawa, Ontario. The hospital released a statement soon after the attack confirming ransomware had infected four of its 9,800 computers. It is believed a staff member clicked on a suspicious link that in turn downloaded the ransomware onto the hospital's computers....

Despite the operating system reaching end of life exactly two years ago today, statistics show Windows XP still runs on one out of every ten desktops around the world. According to IT security firm ESET, however, the statistics have lowered significantly since Microsoft pulled support for its once dominant platform. Compared to April 8, 2014, nearly...

A new phishing scam is targeting thousands of people with scam emails that contain the recipient's home address. On Wednesday, Zack Whittaker, a writer for ZDNet, received a spam email that contained his home address from approximately eight years ago. "The well-worded email appears to come from a legitimate email address and domain name, and...

The Federal Trade Commission (FTC) has issued an alert warning users to be on the lookout for a new tech-support call scam. In a post published on Tuesday, Andrew Johnson from the FTC's Division of Consumer and Business Education identifies a variation on the age-old tech-support scam where someone attempts to access a victim's computer or sensitive...

This past year was the year of the data breach. Large and small organizations across every industry vertical were impacted by compromises that ranged from theft of PII, intellectual property, and financial information to publication of entire backend databases and email spools. The data from these breaches often wound up being exposed publicly,...

According to the forecast published by Gartner Research, we can expect a total of 6.4 billion devices connected online by the end of the year 2016, which is a 30 percent increase when compared to the previous year. In that sort of environment, questioning your cybersecurity comes natural. While we are well familiar with threats like third-party...

Adobe has announced its plans to release a patch for a "critical" Flash Player vulnerability that is currently being exploited in the wild. In a security advisory, the transnational computer software company explains that the vulnerability (CVE-2016-1019) exists in all current versions of Flash Player for Windows, Macintosh, Linux, and Chrome OS. ...

There are roughly 200 requirements and sub-requirements in NERC CIP, and to satisfy each one requires performance-based compliance evidence that produces the comprehensive documentation that proves each requirement and sub-requirement was met for all activities that fall under it. That by itself is no mean feat. Of those 200 requirements, baseline...

By now, unless you have been living in a cave with no electricity, you are aware that the FBI successfully unlocked the infamous San Bernadino iPhone. While there is plenty of speculation about the company that assisted in the unlocking of the device, the FBI made it clear very early in the process that encryption was the main roadblock to gaining...