There is much consternation and many dismal proclamations from think tanks all the way to Twitter eggs decrying the shortage of skilled information security workers. The skills gap does exist, but it isn’t a singular chasm. It’s a series of rifts and valleys, each with different characteristics. Beyond acknowledging the gap, we need to survey its...

Container shipping company A.P. Moller-Maersk says a cyberattack that disrupted its operations will come with a hefty price tag of as much as $300 million in lost revenue. The Danish conglomerate, known as the largest container ship and vessel operator in the world, announced the estimated losses in its second quarter financial report. "In the last...

Have you heard about the European Union's Network and Information Security (NIS) Directive, which is scheduled to enter into member state law in 2018? Maybe not. Both the world’s attention and appetite for IT security legislation has been overfed with all things General Data Protection Regulation (GDPR) over the past two years, leaving little...

Digital security common sense says you should never plug an unauthorized device like an unknown Universal Serial Bus (USB) into your computer. Of course, logic doesn't always reign supreme when it comes to using a computer. We saw this on display at Black Hat USA 2016 when Google's anti-abuse research team shared an experiment for which its...

In the Army, we see the basic military fundamental skills being tested on every mission and operation. Whether the operator is jumping out of C-130 to scuba submersion or securing a post in country, their basic skills are always being tested. This goes for information security professionals, as well. Your basic skills sets will be tested every day....

A "Facebook password stealer" is capable of covertly pilfering sensitive information from any wannabe attacker who uses it. On 3 August, a security researcher by the name of MalwareHunterTeam tweeted about the credential-collecting tool's hidden nature. https://twitter.com/malwrhunterteam/status/893053328057413634 The phrase "how to hack facebook...

We all get them: those notices from the ARIN WHOIS service. Whether you run a corporate website or perhaps your own blogging domain, those notices arrive reminding us to confirm our internet records. How much attention do you pay to those? Do you treat them casually, relying on the idea that everything is working so that nothing needs to be done?...

A high school student has received a $10,000 bug bounty award for reporting a security vulnerability in Google's App Engine. Back in July, 17-year-old Ezequiel Pereira decided to use the Burp Suite graphical tool to test the web application security of Google's App Engine. He wanted to see if he could access pages protected by MOMA, a portal for...

A new analysis of over 40 popular consumer and enterprise websites revealed that many fail to implement the most basic password security requirements. According to the Password Power Rankings study conducted by Dashlane, a surprising 46 percent of consumer sites have “dangerously lax” password policies, including widely used Dropbox, Netflix and...

British Home Secretary Amber Rudd has been duped into sharing her personal email address with a prankster who has previously embarrassed the likes of Bank of England governor Mark Carney and Barclays boss Jes Staley, as well as Donald Trump Jr and various White House officials. Rudd, who recently courted controversy in the security industry by...

Nationwide and one of its wholly owned subsidiaries have agreed to a $5.5 million settlement for a data breach that occurred in 2012. On 9 August, the Ohio-based insurance corporation along with Allied Property & Casualty Insurance Company agreed to the "Assurance of Voluntary Compliance" (PDF) with 33 Attorneys General of Alaska, Arizona, Arkansas,...

The WannaCry and NotPetya attacks caused disruption on a global scale in the spring and early summer of June 2017. Following those malware campaigns, businesses around the world should have heard the alarms and responded by tightening their security systems in an effort to mitigate against similar attacks in the future. But reality doesn't always...

Well, to start off, Las Vegas is in my view and experience not the best location for all these annual cyber happenings. Prices are going up through the roof—it's just crazy. For example, my hotel cost $3,500 for 10 nights at Caesars Palace, and I paid $50 for a burger with fries and a drink. Really? Or a simple bottle of water for $10? Is that worth...

Sophisticated and coordinated hackers are constantly adapting and using innovative techniques to gain unauthorized access to corporate data. Recently, 48 Office 365 customers experienced exactly this kind of threat where an attacker implemented a new strategy to try to access high-level information. The brute force login attack was unique in that it...

The Federal Trade Commission (FTC) is warning the public to be on the lookout for scams that leverage fake government grants as lures. This type of ruse begins when an individual receives a cold call from someone they don't know. The caller informs them that they have won a grant of $14,000 from the National Institutes of Health (NIH), an agency of...

Containers can be traced back to 1979 with chroot but the advent of Docker has exponentially increased the popularity and usefulness of this technology. Any technology that becomes popular and useful also becomes a target for attacks. Containers are designed to provide isolated environments rather than full virtual machines, but they make great...

I have had the pleasure of working on the latest curriculum for Tripwire University. In that capacity, I've noticed more and more interest around securing cloud environments as our customers and the market continue to move towards cloud technologies. Whether it be customers who are 100% committed to the cloud and moving all of their assets up into...

Today’s VERT Alert addresses the Microsoft August 2017 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-737 on Wednesday, August 9th. In-The-Wild & Disclosed CVEs CVE-2017-8627 The first publicly disclosed vulnerability this month is a denial of service in the Windows Subsystem for Linux....

In 490 B.C. an important battle was fought between the Athenians and the powerful and seemingly unconquerable Persians: The Battle of Marathon. Going it alone, without the help of the Spartans, the Athenian army of about 10,000 men defeated King Darius’ army of about 35,000. Knowledge of the local geography, technological advantage and tactical...

July was relatively slow in terms of ransomware. Some crooks must have been on vacation spending ill-gotten money at deluxe resorts. Well, why not? They sure can afford it. The rest were busy releasing small shoddy strains and reanimating old ones. Here’s what the month looked like in the numbers: 42 new samples went live, 33 existing ones were fine...