I’m a red teamer. I do work similar to pentesting and use many of the same tools. This year, I’ve added several tools to my toolbox. I’ll introduce them to you below and hope you find them valuable, as well. DoubleTap (by @4lex) I <heart> password spraying attacks where you guess a few common...

Technology, IT and engineering are male-dominated industries. However, multiple companies and organizations are aiming to introduce more diversity by providing the education and training women need to enter these fields. Scholarships and grants can open doors typically closed to many women, especially with the rising costs of BA, Masters and Ph.D....

On Thursday 6th December, 2018, I realized how dependent I was on my mobile phone having an internet connection. That particular day, I was out and about away from Wi-Fi networks. The first time I noticed I had no connectivity was when I used my phone to check if my train was on time. As I got close to London, I realized I was not the only person...

Digital attackers used new malware called "Linux Rabbit" and "Rabbot" to install cryptominers on targeted devices and servers. In August 2018, researchers at Anomali Labs came across a campaign where Linux Rabbit targeted Linux servers located in Russia, South Korea, the United Kingdom and the United States. The malware began by using Tor hidden...

Computer users are being reminded once again to take care of the browser extensions they install after security experts discovered a hacking campaign that has been targeting academic institutions since at least May 2018. Researchers at Netscout have warned of a state-sponsored attack dubbed "Stolen Pencil" that is thought to originate from North...

When carried out sensibly and securely, communication through social networks and other online public forums can be beneficial, both socially and professionally. However, if you’re not careful, it can lead to numerous undesirable consequences, one of which is cyberstalking. Cyberstalking is stalking or harassment carried out over the internet. It...

Industrial facilities' cybersecurity is very critical for the national security of every state, and comes once more into focus following the recent Honeywell’s Industrial USB Threat Report. With increasing pressure to limit network access to industrial control systems, industrial plant dependence upon USB removable media to transfer information,...

You don’t have to look hard to find organizations utilizing a small fraction of the capabilities of a vulnerability management tool. Often, that’s because the focus is on meeting a compliance obligation. For example, PCI DSS 3.2.1 says, “11.2.1 – Perform quarterly internal vulnerability scans.” It’s difficult to learn the capabilities of a tool...

We employ a lot of militaristic terms in the IT security sector, and the language of defense is robust in part because it draws upon a rich history of technical innovations. When we talk about the future of IT, it’s hard not to think about cloud infrastructure, so when we’re exploring the growth of cloud resources, I’d suggest that it may also be...

The first major security flaw has been uncovered in Kubernetes, the popular container orchestration system developed by Google. The vulnerability, identified as CVE-2018-1002105, carries a critical CVSS V3 rating of 9.8 due to low attack complexity, requiring no special privileges, and a network attack vector. ...

A security incident at Quora potentially compromised the personal information and other details of approximately 100 million users. On 30 November, the question-and-answer website identified that a third party had gained access to one of its systems and compromised the data of 100 million users. The...

It’s been a busy few months for those tracking cybersecurity breaches. Considering that this quarter alone has seen headlines for British Airways identifying additional victims behind its already significant breach, Facebook’s massive messaging leak and Yahoo’s significant payout related to earlier data breaches, there are plenty of high profile...

With three new sections added to the California Civil Code, California became the first U.S. state with a cybersecurity law specifically for internet-connected devices on September 28, 2018. The new Security of Connected Devices law will take effect on January 1, 2020. The Basics The new law requires manufacturers of connected devices to equip the...

Recently, the nonpartisan think tank New America published a report called “The Digital Deciders: How a group of often overlooked countries could hold the keys to the future of the global internet." The purpose of this report – authored by Robert Morgus, Jocelyn Woolbright and Justin Sherman – is to survey how nations around the world approach...

Penetration testing is becoming increasingly popular as organizations are beginning to embrace the need for stronger cybersecurity. But there are still too many businesses that don’t fully understand the benefits of regular security testing. Pen testing is vital for any kind of organization with an IT system or website. A recent survey of...

Marriott announced that it recently detected and addressed a security incident involving the Starwood guest reservation database. On 30 November, Marriott revealed that an internal investigation had found evidence of unauthorized access to the database containing guests' reservation information at...

Authorities in the United States have charged two people in connection with a series of notorious ransomware attacks. According to the Department of Justice, 34-year-old Faramarz Shahi Savandi and 27-year-old Mohammad Mehdi Shah Mansouri were the masterminds behind attacks against more than 200 networks since 2015. Unlike normal ransomware attacks ...

Tripwire's November 2018 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft and Adobe. First on the patch priority list this month are patches for Microsoft's Internet Explorer, Edge and Scripting Engine. These patches resolve 13 vulnerabilities, including fixes for Memory Corruption, Elevation of Privilege (EoP),...

Whoever said “crime doesn’t pay” hasn’t been following the growth of cybercrime across the globe. A thriving underground economy has evolved over the past decade to become a massive industry. Estimates in the Web of Profit research paper show cybercriminal revenues worldwide of at least $1.5 trillion – equal to the GDP of Russia. If cybercrime was a...

A federal indictment charged eight individuals with perpetrating widespread digital advertising fraud that cost businesses millions of dollars. On 27 November, a federal court in Brooklyn unsealed the indictment charging Aleksandr Zhukov, Boris Timokhin, Mikhail Andreev, Denis Avdeev, Dmitry Novikov,...