Earlier this year, I focused on the emerging trend of Sakawa scams originating from the west coast of Africa. If you've never heard this term before, there is some learning for you to do! Sakawa, or JuJu, scams are a subsection of traditional online cyber crime. Whilst many scams originating from all over the world could be classed as 'sakawa,' the...

With security breaches such as Sony, WHSmith and Ashley Madison hitting the headlines every week, the level of security awareness among the general public has never been higher. You could therefore be forgiven for thinking that (at least theoretically) it would be an easy task to impress the importance of information security matters on a board of...

Security researchers have spotted a sophisticated type of malware that is capable of bypassing CAPTCHA authentication systems in the Google Play Store. According to a blog post written by Bitdefender security researcher Liviu Arsene, the malware, which has been identified as Android.Trojan.MKero.A, seems to have somehow found its way into legitimate...

Today’s VERT Alert addresses 12 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-632 on Wednesday, September 9th. Ease of Use (published exploits) to Risk Table Automated Exploit Easy...

Yes, simulated humans exist. And even if they don't quite walk amongst us, they do lie in beds in hospitals, helping medical students get valuable experience in caring for patients without the worry that one wrong step might result in a real human life being lost. Don't know what I'm talking about? Then meet iStan, the "most advanced wireless...

A security firm has discovered a variant of Android ransomware that masquerades as a pornography app called "Adult Player." According to a post published on Zscaler's blog, the ransomware, which is not found on legitimate app stores like Google Play Store and the Apple App Store, successfully loads onto a device after asking for admin permissions....

The Federal Trade Commission (“FTC”) can now sue a company for failing to adequately protect client data. Let that sink in for a moment. In short, the recent court ruling confirmed the FTC’s authority to create, impose, and enforce data security rules on virtually any business that holds consumer data. QUICK BACKGROUND On August 24, 2015, the US...

The nation is in the midst of a torrent of major data breaches. The most recent breaches include the Ashley Madison breach, the Office of Personnel Management breach, and the theft of millions of dollars from small- to mid-size businesses. In addition to the financial impacts, the breaches include the release of personal-data including social...

Our security roundup series covers the week’s trending topics in the world of InfoSec. In this quick read compilation, we’ll let you know of the latest news and controversies that the industry has been talking about recently. Here’s what you don’t want to miss from the week of August 31st, 2015: On the one-year anniversary of 'The Fappening,' an...

Cisco has patched a remote file overwrite vulnerability in its Integrated Management Controller (IMC) Supervisor and UCS Director products. On Thursday, Cisco issued an advisory that explains how a vulnerability in JavaServer Pages (JSP) input validation routines of both the IMC Supervisor and UCS Director products could be exploited by a remote,...

You can't protect what you don't know about. It may seem trite to bring out that cliché, but the fact is that it remains relevant in information security today. So much of what we do in this industry is about discovery, whether it's discovery of assets, discovery of vulnerabilities, or discovery of an existing compromise. As information security...

According to recent research, employees in the finance and human resources departments are seen as the mostly likely to cause a data breach. The study, which polled more than 500 information technology decision makers and 4,000 employees in the US, UK, Germany and Australia, found that nearly half of respondents (46%) believe finance departments...

Netflix has released a new tool called Sleepy Puppy that helps security researchers capture, manage, and track cross-site scripting (XSS) propagation over extended periods of time. Two application security researchers for the movie-streaming service, Scott Behrens (@helloarbit) and Patrick Kelley (@monkeysecurity), created the Sleepy Puppy tool to...

Imperva has published some pretty interesting research on how an attacker might use cloud-based file synchronization services to exfiltrate data and deliver malware to systems inside an organization. The TL;DR of this attack is that a malicious adversary can steal and replace the authentication token for these services, allowing them to effectively...

British retailer WHSmith has suffered a data breach that has resulted in users' personally identifiable information (PII) being sent out to hundreds of customers' inboxes. According to The Guardian, personal information including names, phone numbers, and email addresses that users typed into the retailer's contact form was not sent to the company...

Ashley Madison, a website for those who are interested in committing adultery, has made headline after headline in recent weeks after a hacking group penetrated its servers and published the information of all 37 million users online. As of this writing, it is believed that this incident dates back to mid-July of 2015. The timeline below recounts...

A former United States Secret Service Agent has admitted in court that he stole Bitcoin from drug dealers and attempted to hinder an investigation into Silk Road, the underground dark web market. On Monday, Shaun Bridges, 33, appeared in federal court in San Francisco and pleaded guilty to money laundering and the obstruction of justice, reports The...

When working in security, the top priority is to protect your organization’s business-critical data from cyber attacks. You know that your traditional security mechanisms are in place – the database is secure; you have implemented audit trails and encryption on sensitive data, and you instituted pretty tight access control. Anti-virus solutions are...

North Dakota was named the first U.S. state authorizing local police departments to fly drones with “less-than-lethal” weapons, including tasers, sound cannons, teargas and non-penetrating firearms, after the passage of House Bill 1328 last week. The initial proposal of the legislation, introduced by Rep. Rick Becker, was aimed at requiring police...

Siemens, a leading producer of systems for power generation and transmission as well as medical diagnosis, has patched three vulnerabilities affecting a variety of SIMATIC HMI devices. The multinational technology company was first alerted to the vulnerabilities, among them two Schneider kits and a number of remote and local exploits, by the...