A hacker took over a dark web hosting provider by exploiting a "major security vulnerability" and thereby accessing a server. On 8 July, an attacker calling themselves "Dhostpwned" set up a shared hosting account on the service offered by Deep Hosting. They used that account to upload two shells on their servers. One was written in PHP, whereas the...

The Phoenix Project was an easy and enjoyable read about Bill Palmer, a manager in the IT department who unexpectedly gets promoted to VP of IT Operations. To succeed in this new role, Bill had to expand his view from just his group to the organization as a whole in order to master the "Three Ways" for how to evolve from a dysfunctional group of...

They say you should never meet your heroes—often they will just disappoint you. But thankfully, there are also exceptions to this rule. In this five-part series, I will be introducing you to five of my key cyber security/infosec heroes. These individuals inspire me to continuously strive for more, with one even motivating me to move across the pond....

Today’s VERT Alert addresses the Microsoft July 2017 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-733 on Wednesday, July 12th. In-The-Wild & Disclosed CVEs CVE-2017-8584 In a Patch Tuesday first, we have a HoloLens code execution vulnerability. This vulnerability impacts Windows 10 and...

A hijacker has hit a radio station with a series of rogue broadcasts containing "The Winker's Song" by comedy band Ivor Biggun. Mansfield 103.2, an independent local radio station in Mansfield, Nottinghamshire, has suffered eight hijacking attacks since June 2017. In each of those offensives, the responsible party is believed to have used a mobile...

The Phoenix Project, A Novel about IT, DevOps, and Helping Your Business Win might seem like a “techies-only” read at first glance, but it’s really a story that all business leaders (yes, even the technology-challenged) should invest in. Bill Palmer plays the hero of this fictional (yet all too realistic) story about a business dangerously close to...

IRS scams and tech support scams are two of the most well-known fraud schemes preying on users today. In the former, bad actors cold-call unsuspecting individuals and tell them they'll go to prison and/or lose their assets unless they call back and agree to pay back taxes owed to the Internal Revenue Service (IRS). The latter leverages a fake...

Hard Rock Hotels & Casinos is, once again, warning customers of a data breach that may have compromised their payment card information. In a press release last week, the popular hotel, resort and casino franchise announced it was recently alerted of a security incident through its third-party hotel reservation system – Sabre Hospitality Solutions...

A fake Facebook message is urging users to not approve a friend request submitted by hacker who goes by the name Jayden K Smith. This hoax has many variants. All versions say the same thing: don't approve Jayden K Smith as friend or they'll hack a user's account, target their Facebook friends, and thereby spread their influence. Craig Charles of...

I’ve been studying the security designs of various embedded devices for the past couple of years. This research has led me to uncover dozens of critical flaws in internet-connected devices ranging from enterprise NAS devices and access points to countless consumer products like wireless routers, home automation controllers, security cameras and more...

A man has admitted that he committed fraud and money laundering as part of a phishing scheme to steal Bitcoins on dark web forums. On 27 June 2017, Michael Richo, 35, of Wallingford, Connecticut pleaded guilty in federal court to one count of access device fraud and one count of money laundering. The former offense carries a maximum sentence of 10...

Docker – a platform for OS-level virtualization instances known as containers – has become a hugely popular infrastructure technology. Flexible containerization is completely changing the way we build and maintain applications at scale, with analyst group RedMonk identifying the large enterprise market as a key driving force. Towards the end of...

Supply chain functions are moving towards automation and integration. For instance, take the use of cloud computing, robotics and artificial intelligence in improving productivity and customer service. In fact, not a single day goes by when we don’t come across headlines about the shipping and logistics industry, like Clearpath or DHL, developing...

Reckitt Benckiser, the household goods manufacturer of such famous products as Nurofen painkillers, Durex condoms, Dettol, and Harpic, has warned that it was hit hard by the June 27th global malware outbreak which struck power plants, airports, and government agencies in Ukraine before spreading to other multinational firms. In a sales warning for...

Snapchat's new Snap Map location-sharing feature is stirring concerns among parents and schools for the privacy and safety of their children. Launched on 21 June 2017, Snap Map allows Snapchat users to view publicly shared "Snaps" (photos and videos) from around the world. They can also use it to share their exact location with their "friends". The...

With millions of small businesses out there, why don’t they care about cyber security? You may be reading this and own a small business or know someone that does. Think to yourself: why would small businesses not care about cyber security? You may find that it is not a problem of caring but a problem of understanding. Let’s take a look at some of...

When it seemed that ransomware authors hit the lowest of the low with their attacks a long time ago, they managed to take it a notch further last month. With the revamped Petya Trojan that surfaced on June 27, the crooks broke new ground and started waging a real cyber war against a particular country. This toxic code renders computers inoperable,...

Ukrainian police have seized the servers of the firm that created MeDoc accounting software on the suspicion the company unwittingly helped spread NotPetya malware. Col. Serhiy Demydiuk, head of Cyberpolice Ukraine, confirmed on 3 July 2017 that Intellect Service is under investigation. The officer said Ukraine's police is looking into the company...

They say you should never meet your heroes, often they will just disappoint you, but thankfully there’s also exceptions to this rule. In this five-part series, I will be introducing you to five of my key cyber security/infosec heroes. These individuals inspire me to continuously strive for more, in one case move across the pond, and all five gave...

As someone who has worked in the Managed Network Services space for over a decade, there are certain behaviors I notice when it comes to security planning. Every so often, a major security incident occurs that makes headlines, and the media cycle begins. Decision makers at organizations, who are typically business experts and not technology experts,...