People ask me, “What do you do?” When I answer with, “I am a penetration tester,” I find that people generally just nod along and pretend they know what it is that I actually do. However, on the day where I am in the mood to razzle dazzle, I answer with “I am a hacker!” The reactions generally vary between priceless disbelief and excitement. But in...

Online criminals are more interested in getting their hands on stolen Uber, PayPal and even Facebook accounts, than credit card numbers and other personally identifiable information (PII). The price of these stolen identifiers on the underground marketplace, or “the Dark Web,” shows the value of credit cards has declined in the last year, according...

In November 2014, researchers from Ben-Gurion University unveiled "AirHopper," a type of malware which forces a computer to transmit sensitive information in the form of keystrokes to a mobile receiver via FM radio waves. The team went on to demonstrate that an AirHopper-based attack could succeed without the availability of a network, SIM, or Wi-Fi...

Researchers have uncovered an attack campaign that is using social engineering techniques in order to deliver remote access trojans (RATs) to SMBs located in India, the UK, and the United States. The Security Response team at Symantec provides an overview of the campaign, which began early last year, in a blog post: "The attackers operate with few...

Aerospace parts manufacturer FACC says that its financial accounting department has been attacked by hackers, who managed to steal approximately €50 million ($54.5 million) from its coffers. Perhaps surprisingly, the company, whose largest shareholder is a Chinese aviation corporation, appears not to have been hacked for its data or intellectual...

In my previous post in this series, we discussed that a "SIEM" is defined as a group of complex technologies that together, provide a centralized bird's-eye-view into an infrastructure. Furthermore, it provides analysis and workflow, correlation, normalization, aggregation and reporting, as well as log management. In this next post, I hope to answer...

Online security trends continue to evolve. This year, online extortion will become more prevalent. We also expect that at least one consumer-grade IoT smart device failure will be lethal. Ransomware will make further inroads, since the majority go unreported. China will drive mobile malware growth to 20M, and cybercrime legislation will take a...

With mobile phones in almost every pocket today, the payphone has lost its usefulness for perhaps everyone – except maybe Clark Kent. This is why New York City held a competition looking for the best ideas to make appropriate use of this valuable real-estate spread throughout the city. About a year after the contest winner was announced, the city...

The nation’s critical infrastructure experienced a 20 percent increase in cyber incidents in the fiscal year 2015, said government experts. Source: ICS-CERT According to an end-of-year report by the Industrial Control Systems Cybersecurity Emergency Response Team (ICS-CERT), investigators...

Yahoo Mail! has patched a stored cross-site scripting (XSS) vulnerability and awarded a researcher $10,000 for finding the flaw. Discovered by Finnish researcher Jouko Pynnonen, the bug allowed an attacker to embed malicious Javascript code into a specially crafted email. The code would automatically execute whenever the message was viewed,...

I received a phone call from a friend the other night. He was very concerned because he received one of those now infamous letters from the Office of Personnel Management, which indicated that his records were among one of the millions that were taken in the OPM hack. His information was originally submitted as he was applying for a security...

"123456" and "password" were the most-used and second most-used passwords of 2015, according to an annual worst passwords ranking. Every year, SplashData, a developer of password management software, releases an annual list of the worst--in this case, most commonly used--passwords. It builds its ranking based on more than two million leaked...

In a previous post, I noted some security issues that I had observed during recent visits to medical professional offices and hospitals. In reflecting on that post, I realized an important aspect of the disconnect I experienced as I observe security around me. It is that I carry with me a threat model that is probably very different than the threat...

Looking for a great information security podcast? There are plenty to choose from! Here’s a roundup of currently active information security podcasts. The list is split into two categories: podcasts run by people representing themselves (meaning they are not speaking for a company) and podcasts produced under the name of a company. I made the...

Ukrainian officials stated over the weekend that they have traced a targeted attack against Boryspil International Airport back to the BlackEnergy trojan. Last week, Specialists of the State Service of Special Communications and Information Protection of Ukraine revealed that malware had infected one of the workstations at Boryspil. That workstation...

Recently, I introduced a three-part series on how to build a successful vulnerability management program. The first installment examined Stage 1, the vulnerability scanning process. My next article investigates Stages 2 (asset discovery and inventory) and 3 (vulnerability detection), which occur primarily using the organization’s technology of...

Following an investigation launched after discovering malware on its payment processing systems, Hyatt Hotels has revealed the breach affected 250 hotels in more than 50 countries. The Chicago-based hospitality company announced it identified signs of unauthorized access to payment card data from...

Netflix has announced its intention to counter the use of proxies among members who wish to view content outside of their immediate geographic territory. David Fullagar, Vice President of Content Delivery Architecture at Netflix, broke the news in a blog post on Thursday: "[I]n coming weeks, those using proxies and unblockers will only be able to...

I don’t know if you have noticed, but when it comes to incident response, the methodology applied by organisations can vary from the downright chaotic, to a well-disciplined, well-oiled machine. However, from what I have observed over the preceding five years of my professional life, the general approach seems to be ad-hoc and has suffered from a...

Last September, CloudFlare detected a large-scale browser-based L7 flood. Over the course of the distributed denial of service (DDoS) attack, 650,000 IP addresses sent out a total of 4.5 billion HTTP requests, with the campaign peaking at 250,000 requests per second. After investigating the incident, the security company concluded that the attack...