As discussed before, the blockchain-based solution is built to provide strong integrity and independent verifiability. An exception to the independent verifiability is private blockchain solutions. In this part, we discuss both of these technological dimensions and detail their applicability and limitations. Public distributed blockchain provides...

It's been a fantastic year on The State of Security blog. We've seen a real plethora of high-quality articles and here are my 10 favorites! A Google Cloud Platform Primer with Security Fundamentals | By Ben Layer Though less well-known than Microsoft Azure and Amazon Web Services, Google Cloud Platform currently makes up five percent of the cloud...

A lot has been going on with autonomous vehicles these days. Almost every famous car manufacturer seems to be in a rush to master the perfected version of self-driving cars. While most people believe that fully autonomous vehicles are still in their infancy stage, manufacturers think that they will dominate the roads by 2020. The problem with...

Doxxing means publishing private information about someone online to harass or intimidate them. It has ruined reputations and caused untold distress to hundreds of people. On occasion, doxxing has resulted in injury or even death. Being doxxed can have serious consequences for your safety and privacy. How can you prevent it? Doxxing and...

If you own a WordPress site, then you should be careful about your website security. To successfully run a blog, business or online store, you need to make sure your website is totally safe. Customers visit your website, purchase products and pass sensitive information like passwords, credit card details etc. If there is a place to infiltrate to...

Phishers are bypassing common forms of two-factor authentication (2FA) in a campaign targeting hundreds of Google and Yahoo accounts. In a new report, Amnesty International uses several attack emails sent to it by Human Rights Defenders (HRDs) spread across the Middle East and North Africa to analyze the campaign. A typical attack email in this...

Tripwire's December 2018 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft and Adobe. First on the patch priority list this month are patches for Microsoft's Internet Explorer and Scripting Engine. These patches resolve nine vulnerabilities, including fixes for Memory Corruption and Remote Code Execution (RCE)...

Following on from the round-up we released yesterday, today we look through the rest of what our regular contributors shared as their standout moments from 2018. Bob Covello, IT Security Director | @BobCovello "The most memorable event for me in 2018 was a positive one. There was enormous progress made towards getting multi-factor authentication...

Over the past few years, I've had the pleasure of welcoming interns on our security research team. One of my goals was to pass on knowledge of security to these folks and pique their interest in (a career in) security. The goal of any teacher is to pass on their knowledge to the younger generation, in essence creating a miniature version of...

The National Aeronautics and Space Administration (NASA) has warned its employees of a data breach that might have compromised their personal information. On 18 December, the agency's Human Resources Messaging System (HRMES) sent out a message to all employees informing them of a potential security...

As 2018 draws to a close, it's been a fascinating year in the IT security community. From record-breaking data breaches, new regulations and the Meltdown and Spectre debacle, we can certainly say it's been eventful. To round the year off, we thought it would be interesting to ask some of our regular contributors (and followers on Twitter) what their...

News Flash: Your DNS might be broken, and you don’t even know it. But wait? How could I not know my DNS is broken? Well, the answer lies in the history of the DNS standards and what has become the cobbling together of features within authoritative and recursive DNS server software. It all started going south about 19 years ago with the introduction...

Researchers have observed a new threat using malicious memes posted on Twitter to receive command-and-control (C&C) instructions. Trend Micro observed that the malicious activity begins after a threat detected as "TROJAN.MSIL.BERBOMTHUM.AA" executes on an infected machine. As of this writing, the Japanese multinational digital security firm had not...

When evaluating enterprise security tools for their effectiveness, it can be challenging to find the right model for best calculating your Return on Security Investment (ROSI). Just a few years ago, the potential cost attributed to a security breach was likely to be primarily related in the assessed financial cost into a business’ reputation, with...

A new phishing attack is using fake non-delivery notifications in an attempt to steal users' Microsoft Office 365 credentials. SANS ISC Handler Xavier Mertens discovered the attack while reviewing data captured by his honeypots. The attack begins when a user receives a fake non-delivery notification from Microsoft such as the one shown below: ...

As a business owner, you’re no stranger to the myriad moving parts that keep the day-to-day business going. In all the bustle, it can be easy to overlook important tasks such as creating a privacy policy because you’re unsure where to start or which elements to include. Earlier this year, the EU’s GDPR—the General Data Protection Regulation—went...

Utilities can be a pricey monthly expense for many households and businesses, with the average cost for households in America coming in at over $420 every month. Getting on top of utility usage, especially electricity—which typically constitutes the largest part of that monthly expense—can help save money, but it can also help conserve resources and...

Scammers tricked Save the Children Federation, a well-known U.S. charity, into sending them approximately one million dollars. As reported by The Boston Globe, digital attackers compromised the email account of a Save the Children Federation employee sometime in 2017. They then abused that access to...