Hackers have been found exploiting a freshly-uncovered vulnerability in Microsoft's software to install malware on business computers. According to security researchers, since last month a Russia-linked hacking group known as APT28 have been using a Microsoft protocol called Dynamic Data Exchange (DDE) to run malicious code through a poisoned Word...

Hackers have done the unthinkable by making off with a charity's funds right before the start of the 2017 Christmas season. The Utah Association for Intellectual Disabilities (UAID) first noticed something was wrong when it had not received any new email applications for help since 22 October. Typically, the charity gets numerous applications in...

While data center consolidation has been trending in government and commercial spaces since the 1970s, new government initiatives and directives released recently have created a new sense of urgency: those who haven’t yet consolidated are now required to. Many organizations are now looking to the cloud to meet the requirements. Whether they know it...

I’ve been involved in information technology and infosec since the mid-1990s. Until recently, I had not been actively attending infosec or hacker conferences. I started attending DEF CON in 2013 when the conference was held at the Rio Hotel. DEF CON was the first hacker conference I ever attended. I did not know many in the community and certainly...

Fraudsters are increasingly targeting potential home buyers and real estate professionals with wire fraud schemes and phishing scams. In May 2017, the FBI revealed that the identified exposed losses resulting from business email compromise (BEC) scams increased by 2,370 percent between January 2015 and December 2016. Those scams preyed on...

Last time, I talked with Glenda Snodgrass. She's a founder and the president of The Net Effect, a cybersecurity services company. This time, I had a fascinating discussion with Nitha Suresh. She taught me a bit about penetration testing and aircraft data networks. Kimberly Crawley: Hi, Nitha! Tell me a bit about what you do. Nitha Suresh: I am...

Over one million Android users unknowingly downloaded a fake version of the popular WhatsApp messaging service from the Google Play Store. Disguised as an “update,” the app was designed to look nearly identical to the official version, and claimed to be developed by “WhatsApp Inc.” Over the weekend, however, several users on Reddit flagged the...

Ransomware activity didn’t skyrocket last month, but there was definitely a substantial increase compared to September. Perhaps the most serious wake-up call was the onset of BadRabbit, a Petya-like culprit going on a rampage in Eastern Europe. A likely successor of the Cerber ransomware dubbed Magniber started making the rounds via the Magnitude...

Certain users of the Tor Browser should implement a temporary fix for a vulnerability that can potentially leak their real IP addresses. On 3 November, Tor Browser 7.0.9 rolled out to macOS and Linux users. Included in the updated version is a fix for an issue that affects Tor Browser 7.0.8 on those two operating systems. Windows users aren't...

What do your policies look like? If your organization is like most, then your policies are probably voluminous and all-encompassing. This is a good thing – or is it? Probably one of the most painful aspects of being an infosec professional is having to author or review policies. (Audit is the other painful aspect.) When you first entered the field,...

Security patches and updates leave companies at risk when they're running systems designated as end of life (EOL), such as .Net systems, Windows Server 2003, and Windows XP. When Microsoft releases an update or patch after the operating system (OS) is no longer supported, cybercriminals and malicious software develops dissect the update and reverse...

We've been hearing a lot about IoT security recently. The news is overwhelming us with stories about baby dolls and baby monitors that can listen in on conversations at home, not to mention surveillance cameras that provide video streams to unauthorized individuals. To better understand these events, let’s start by looking at what is IoT. According...

A former student at the University of Iowa was arrested on computer-hacking charges for accessing copies of exams in advance, and altering grades for himself and his classmates. Chemistry major and wrestler Trevor Graves, 22, allegedly plugged keyloggers into university computers in classrooms and labs, allowing him to see whatever his professors...

A researcher has uncovered security holes in Google's bug-tracking database that could have potentially resulted in malicious hackers accessing sensitive information, including details of ways to exploit unpatched vulnerabilities in Google products. Researcher Alex Birsan has described how he managed to trick Google Issue Tracker (known internally...

Negligence by a third-party contractor exposed the personal information of approximately 50,000 Australian employees online. A Polish security researcher who uses the moniker "Wojciech" discovered the information while searching for open Amazon S3 buckets. The details belong to 48,270 employees of Australian government agencies, banks, and a utility...

What do Robert M. Lee, Eric Byres, Sean McBride, Dr. Oliver Kleineberg, and Sid Snitkin all have in common? If any of these names do not ring a bell, they’re each industrial cybersecurity experts in different realms. Along with Tripwire customers and other industry leaders, they will be sharing fast-paced perspectives and challenging you to think...

“Hello, again, friend. It all went quiet for a while and the depictions of hacking and cyber on TV seemed to become trite and clichéd again. We stopped seeing him, Mr. Robot, but now he’s back again. Did you see him, too?” This blog may contain spoilers and was written following ‘eps3.2_legacy.so,’ which seems a good enough point into the new...

BULLETIN CVE APSB17-32 CVE-2017-11292 Microsoft Browser - IE CVE-2017-11790,CVE-2017-11822,CVE-2017-11813 Microsoft Browser - Edge CVE-2017-11794,CVE-2017-8726 Microsoft Browser - Scripting engine CVE-2017-11796, CVE-2017-11808, CVE-2017-11809, CVE-2017-11805, CVE...

46.2 million mobile numbers have appeared online following a data breach that affected several Malaysian telecommunication companies. The incident involves 15 Malaysian telcos and mobile virtual network operators (MVNO). Included in the leak are customers' mobile numbers along with their personal and device information. Of note, those exposed...