The WannaCry and NotPetya outbreaks were by far among the most significant digital attack campaigns that took place in 2017. Together, the crypto-ransomware and wiper malware affected hundreds of thousands of computers all over the world. They achieved this reach by abusing EternalBlue. Allegedly developed by the U.S. National Security Agency (NSA)...

Scammers are impersonating the FBI's Internet Crime Complaint Center (IC3) in order to infect users with malware and/or steal their personally identifiable information (PII). On 1 February, the real IC3 issued a public service announcement warning users of three scams that are impersonating the multi-agency task force. Here's the FBI on the first...

BULLETIN CVE Browser - Edge CVE-2018-0803,CVE-2018-0766 Scripting Engine CVE-2018-0780,CVE-2018-0800,CVE-2018-0767,CVE-2018-0781,CVE-2018-0769,CVE-2018-0768,CVE-2018-0778,CVE-2018-0777,CVE-2018-0758,CVE-2018-0773,CVE-2018-0770,CVE-2018-0776,CVE-2018-0774,CVE-2018-0775,CVE-2018-0772,CVE-2018...

Why go to all the bother of writing ransomware that demands victims pay a Bitcoin ransom? If all you want is cryptocurrency, why not use the infected computers to mine the crypto coins themselves? That way you don't have to rely on a human victim buying some Bitcoin, and nervously making their way onto the dark web to make their ransom payment....

Thursday is "Change Your Password Day," a national observance of password security and best practices. Passwords are often the first line of defense protecting users from criminals with the malicious intent of invading systems and stealing data, a threat which emphasizes the importance for people to use strong and diverse passwords. Unfortunately,...

The European Union's General Data Protection Regulation (GDPR) goes into effect this May, and lawmakers in the U.S. are proposing stricter data breach legislation. With the pressure on to better protect data and improve notification procedures in the event of a data breach, Tripwire surveyed 406 cybersecurity professionals to see how prepared...

Security breaches are becoming more common. They occur most often in the United States (followed by the UK), exposing businesses and their customers to significant risks. Most recently, in December 2017, Kromtech uncovered a breach at Ai.Type with 577GB of data stolen. It's possible the incident exposed the information of 31 million customers. And...

Australian law enforcement officers have arrested a man for allegedly hacking the company database of a car-sharing service. On 30 January, investigators of Strike Force Artsy, a division of the State Crime Command’s Cybercrime Squad, executed a search warrant at a home in Penrose. Officers arrested a 37-year-old man and charged him with two counts...

The second half of 2017 was busy in terms of digital security events. In September, consumer reporting agency Equifax announced a breach that potentially compromised the Social Security Numbers and other personal information of 143 million U.S. consumers. Less than two months later, organizations in Russia and Ukraine suffered infections at the...

A recent article in the New York Times postulated America may choose to respond to a devastating cyberattack with a nuclear response. In November of 2017, a widely viewed social media video entitled Slaughterbots suggested “swarms of AI-controlled drones [could] carry out strikes on thousands of unprepared victims with targeted precision.” Both of...

Cisco has patched a remote code execution (RCE) vulnerability bearing a "perfect" CVSS score of 10.0 that affects its Adaptive Security Appliance (ASA) software. On 29 January, the American multinational technology conglomerate publicly recognized the security issue (CVE-2018-0101) and revealed that it affects the ASA software found in the following...

Data breaches are common in the news lately, but a recent study by credential monitoring firm VeriClouds focuses specifically on the credentials of Fortune 500 employees found in account leaks posted online. Using a corpus of 8 billion stolen credentials gathered over three years, the total number of employees of each Fortune 500 company was...

Users of a fitness tracking app have inadvertently exposed the locations of military bases by publicly sharing their jogging/cycling routes. Many service people who use Strava, an app which allows them to record their exercise activity using GPS plotting, are sharing their data publicly. Their movements have ended up in Strava Labs' Global Heatmap...

There are many managerial and operational tasks required to successfully grow a startup business. One of the biggest mistakes startup businesses make is neglecting to safeguard their data from cyber threats. Some studies show that 200,000 new malware samples were discovered each day in 2016. Unfortunately, analysts expect this number to increase as...

Cloud computing is not a new name anymore, and its adoption is growing consistently across various industries. Public cloud is a disruptive technology, irresistible to the Financial Services Industry (FSI) due to its tremendous benefits, including agility, elasticity, time to market and on-demand provisioning, to name a few. However, there are...

A single Monero cryptocurrency mining operation has used malware delivery techniques to affect at least 15 million people worldwide. The campaign, which has been active since at least October 2017, delivers its payload using one of 250 unique Microsoft Preinstallation Environment (PE) files like "File4org]_421064.exe" and "[Dropmefiles]_420549.exe."...

Reddit, the so-called "front page of the internet", has some important news for its 250 million registered users. You can now secure your Reddit account with two-factor authentication (2FA). The additional layer of security has been rolled out as an option to all users following months of beta-testing. To enable the feature, Reddit users must access...

Data Privacy Day began in the USA in 2008 as an extension of Data Protection Day in Europe. Since then, The National Cyber Security Alliance (NCSA) has led this international effort, which is held annually on January 28 to help create awareness about the importance of safeguarding data, respecting privacy, and enabling trust. In our efforts to help...

Phishing attacks continue to threaten organizations' digital security in droves. Kaspersky Lab prevented 46,557,343 phishing attempts in the second quarter of 2017 alone. Overall, close to one in ten (8.26%) of Kaspersky users encountered a phishing attack that quarter. Recognizing the prevalence of phishing, it's useful to examine the granular...

A popular WordPress plugin has fixed a vulnerability that allowed an unauthenticated user to download the subscriber lists for more than 100,000 websites. Email Subscribers & Newsletters incorporated the fix into version 3.4.8 on 19 January after working closely with Dominykas Gelucevicius from ThreatPress, a company which offers security products...