Last time, I got to speak with Leila Powell. She went from astrophysics to an exciting career as a security data scientist. This time, I have the pleasure of speaking with Veronica Schmitt of DFIRLABS, otherwise known as @M4lw4r3z_G1rl. She enjoys reverse engineering code, and she considers herself to be a cyborg! Kim Crawley: Please tell me about...

The Payment Card Industry Security Standards Council (PCI SSC) published a minor revision to version 3.2 of its Data Security Standard (PCI DSS). On 17 May, PCI SSC published PCI DSS version 3.2.1. The purpose of the update was to clarify organizations' use of the Standard and when they would need to upgrade their use of common cryptographic...

The latest revision to PCI DSS, PCI 3.2, provides specific security guidance on the handling, processing, transmitting and storing of credit card data. PCI 3.2 presents an opportunity for retail, healthcare, finance and hospitality organizations to minimize the theft, exposure and leakage of their customer’s personal and financial credit information...

When transitioning to a DevOps model, organizations must remember that people are essential to a successful switchover. It's people who must learn new workflows, collaboration techniques, and tools during the move. This process will cause at least some disruption over a period as long as two years. Needless to say, they will need patience and ample...

Security researchers found that hackers are using both Google Play and Facebook to actively target North Korean defectors with malware capable of stealing their information. McAfee Mobile Research Team discovered that the Sun Team hacking group is using Facebook to share links with North Korean defectors. At the time of analysis, these URLs directed...

Amidst the volatility, uncertainty and noise of the cybersecurity field, few best practice frameworks have emerged as consistently reliable and useful as the Center for Internet Security (CIS) Security Controls. Recently updated as version 7.0, the CIS Controls represent the most important security controls that an organization must implement to...

A software vulnerability is suspected of being to blame for a hack through which criminals transfer more than 300 million pesos (over US $15 million) out of Mexican banks. Officials from Mexico's central bank confirmed to Reuters that a series of "irregular" and unauthorised interbank money transfers involving large sums of money were detected late...

A federal jury convicted one of the digital criminals responsible for operating the notorious "Scan4You" counter antivirus (CAV) service. On 16 May, the Department of Justice released a press release announcing a Virginia federal jury's conviction of Ruslans Bondars, 37, on one count of conspiracy to commit wire fraud, one count of conspiracy to...

Ransomware isn’t a new threat to the cyber world. Its origins go back many years now. Over time, this threat has become only more vicious and harmful. While people were trying to deal with this cyber threat, cybercriminals moved one step further by offering ransomware-as-a-service (RaaS). Under this service, cybercriminals provide a compact...

Cryptojacking attacks affected a quarter of organizations in their cloud environments, found a recent cloud security report. In RedLock's Cloud Security Trends, researchers with the security firm's Cloud Security Intelligence (CSI) team discovered that 25 percent of organizations had suffered cryptojacking incidents in the cloud. This rate marked a...

BULLETIN CVE Scripting Engine CVE-2018-1019, CVE-2018-0980, CVE-2018-0995, CVE-2018-0994, CVE-2018-0993, CVE-2018-0990, CVE-2018-0979, CVE-2018-1000, CVE-2018-0989, CVE-2018-0987, CVE-2018-0981, CVE-2018-1001, CVE-2018-0988, CVE-2018-0996 Browser CVE-2018-0870, CVE-2018-1018, CVE-2018-1020, CVE-2018-0997, CVE...

As new technologies like the cloud, IoT, Big Data and more emerge, organizations are playing catch up to upskill their employees to handle challenges that come with them. According to ESG’s 2018 annual global survey of the state of IT, more than half (51 percent) of respondents said their organization had a problematic shortage of cybersecurity...

Signal patched a code injection vulnerability that by some means of exploitation enabled attackers to achieve remote code execution. The security team for the encrypted communications app, a program which has been available for both Android and iOS since November 2015, published a fix for the bug just hours after first being contacted by a group of...

This week in Tripwire’s countdown of the FBI’s 10 most-wanted black-hat hackers, we name three hackers bound together in digital crime: Wen Xinyu, Huang Zhenyu and Sun Kailiang. The suspects made headlines in May 2014 when the United States Department of Justice indicted five suspected Chinese nationals for allegedly committing economic and cyber...

One of the most dangerous threats to your business in 2018 is a data leak. Hackers can sell your information on the black market or simply destroy it. This could ruin your business overnight if you are not careful. So, you should use the best practices below to ensure you avoid leaks in 2018. Phishing If you haven't trained your people on phishing...

Last time, I spoke with Valerie Thomas. She specializes in SCADAs and industrial control systems; she enlightened me on their cybersecurity aspects. This time, I got to speak with Leila Powell. Her background in astrophysics taught her how to manage data to better understand the effectiveness of security controls. Kim Crawley: Hi, Leila! Please tell...

Some Chili's restaurant locations suffered a data security incident that might have compromised customers' payment card details. Brinker International, a Dallas-based multinational hospitality industry company which operates 1,600 Chili's restaurants, said it learned of the incident on 11 May. It provided additional details about the event in a...

Penetration tests are an essential tool in ensuring that your computer systems are secure from known threats, and it’s important to carry them out on a regular basis or after any significant changes have been made. Forewarned is forearmed, and knowing about common pitfalls can ensure your tests run smoothly and avoid any delays or additional costs. ...

Last week, I introduced the DevOps model for software development and discussed the advantages this type of approach has over more traditional methods. Its benefits, which include collaboration between operations and development teams as well as a better overall project creation for customers, explain why so many organizations are transitioning to...

Scammers designed a phishing website and encrypted it with the Advanced Encrypted Standard (AES) in their attempts to steal unsuspecting users' Apple IDs. Researchers at Trend Micro came across the phishing campaign on 30 April. It all began when they received an email designed to look like it came from Apple. The email warned recipients that Apple...