Computer users are being reminded once again to take care of the browser extensions they install after security experts discovered a hacking campaign that has been targeting academic institutions since at least May 2018. Researchers at Netscout have warned of a state-sponsored attack dubbed "Stolen Pencil" that is thought to originate from North...

When carried out sensibly and securely, communication through social networks and other online public forums can be beneficial, both socially and professionally. However, if you’re not careful, it can lead to numerous undesirable consequences, one of which is cyberstalking. Cyberstalking is stalking or harassment carried out over the internet. It...

Industrial facilities' cybersecurity is very critical for the national security of every state, and comes once more into focus following the recent Honeywell’s Industrial USB Threat Report. With increasing pressure to limit network access to industrial control systems, industrial plant dependence upon USB removable media to transfer information,...

You don’t have to look hard to find organizations utilizing a small fraction of the capabilities of a vulnerability management tool. Often, that’s because the focus is on meeting a compliance obligation. For example, PCI DSS 3.2.1 says, “11.2.1 – Perform quarterly internal vulnerability scans.” It’s difficult to learn the capabilities of a tool...

We employ a lot of militaristic terms in the IT security sector, and the language of defense is robust in part because it draws upon a rich history of technical innovations. When we talk about the future of IT, it’s hard not to think about cloud infrastructure, so when we’re exploring the growth of cloud resources, I’d suggest that it may also be...

The first major security flaw has been uncovered in Kubernetes, the popular container orchestration system developed by Google. The vulnerability, identified as CVE-2018-1002105, carries a critical CVSS V3 rating of 9.8 due to low attack complexity, requiring no special privileges, and a network attack vector. ...

A security incident at Quora potentially compromised the personal information and other details of approximately 100 million users. On 30 November, the question-and-answer website identified that a third party had gained access to one of its systems and compromised the data of 100 million users. The...

It’s been a busy few months for those tracking cybersecurity breaches. Considering that this quarter alone has seen headlines for British Airways identifying additional victims behind its already significant breach, Facebook’s massive messaging leak and Yahoo’s significant payout related to earlier data breaches, there are plenty of high profile...

With three new sections added to the California Civil Code, California became the first U.S. state with a cybersecurity law specifically for internet-connected devices on September 28, 2018. The new Security of Connected Devices law will take effect on January 1, 2020. The Basics The new law requires manufacturers of connected devices to equip the...

Recently, the nonpartisan think tank New America published a report called “The Digital Deciders: How a group of often overlooked countries could hold the keys to the future of the global internet." The purpose of this report – authored by Robert Morgus, Jocelyn Woolbright and Justin Sherman – is to survey how nations around the world approach...

Penetration testing is becoming increasingly popular as organizations are beginning to embrace the need for stronger cybersecurity. But there are still too many businesses that don’t fully understand the benefits of regular security testing. Pen testing is vital for any kind of organization with an IT system or website. A recent survey of...

Marriott announced that it recently detected and addressed a security incident involving the Starwood guest reservation database. On 30 November, Marriott revealed that an internal investigation had found evidence of unauthorized access to the database containing guests' reservation information at...

Authorities in the United States have charged two people in connection with a series of notorious ransomware attacks. According to the Department of Justice, 34-year-old Faramarz Shahi Savandi and 27-year-old Mohammad Mehdi Shah Mansouri were the masterminds behind attacks against more than 200 networks since 2015. Unlike normal ransomware attacks ...

Tripwire's November 2018 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft and Adobe. First on the patch priority list this month are patches for Microsoft's Internet Explorer, Edge and Scripting Engine. These patches resolve 13 vulnerabilities, including fixes for Memory Corruption, Elevation of Privilege (EoP),...

Whoever said “crime doesn’t pay” hasn’t been following the growth of cybercrime across the globe. A thriving underground economy has evolved over the past decade to become a massive industry. Estimates in the Web of Profit research paper show cybercriminal revenues worldwide of at least $1.5 trillion – equal to the GDP of Russia. If cybercrime was a...

A federal indictment charged eight individuals with perpetrating widespread digital advertising fraud that cost businesses millions of dollars. On 27 November, a federal court in Brooklyn unsealed the indictment charging Aleksandr Zhukov, Boris Timokhin, Mikhail Andreev, Denis Avdeev, Dmitry Novikov,...

Regulations like the GDPR are changing both how we do business and how customers engage with their data. Healthcare is no exception to that rule. Even in light of strict frameworks like HIPAA, health organizations face a number of unique challenges where privacy laws are concerned. Here’s why – and how you can overcome them. The European Union’s...

It’s no longer enough to secure your own company’s infrastructure; you now must also evaluate the risk of third-party vendors and plan and monitor for breaches there, too. Data breaches are reported in the news all the time, and more than 60 percent of them are linked to a third-party. When you’re a business owner, that is a scary statistic. Third...

A newly detected worm is propagating through removable drives to distribute a fileless variant of the BLADABINDI backdoor. In mid-November, researchers at Trend Micro first observed the worm, which the security firm detects as "Worm.Win32.BLADABINDI.AA." They're still investigating the threat's exact method for infecting a system. But after...

Amazon’s new security issue, which came to light just days before one of its biggest sale events of the year, is making recent headlines. And whilst it probably won’t stop the online retail giant from achieving a profitable Black Friday and Cyber Monday this year, it certainly will make many users stop and think. Though it’s still early in the...