Blog

Blog

Data Breach Potentially Struck Tallahassee Utility Customers

A data breach at a payment processor might have compromised the personal and financial information of some Tallahassee utility customers. Tallahassee Treasurer Clerk Jim Cooke is warning that a breach at TIO Networks, a company used by Florida's capital to help people pay their bills, might have affected an untold number of utility customers in the...
Blog

Data Breach Exposes 300K RootsWeb Users' Login Credentials

A data breach has exposed the login credentials belonging to 300,000 users of RootsWeb, a service owned and sponsored by Ancestry.com. On 4 December 2017, someone posted a file containing the usernames and plaintext passwords of 300,000 users to a hacker forum. An analysis of the dump, which was...
Blog

The State of Security in Industrial Control Systems

The main challenge for industrial control systems is that the processes that control those systems are connected to critical infrastructure such as power, water, gas, and transport. This means they require high availability, and it is not easy to interrupt those systems to apply security updates. Effects of any downtime means that it can affect...
Blog

The Top 10 State of Security Articles of 2017

With 2017 coming to a close, we wanted to give our readers an overview of some of the most interesting, educational, and standout blogs from the year to help fill the time between Christmas and the New Year. My favourite State of Security blogs from 2017 Pentest Toolbox Additions 2017 It´s becoming a yearly tradition, but one our readers and I...
Blog

Canada Proposes $17.5M Settlement for Student Loan Privacy Breach

Canada has proposed to pay $17.5 million to settle a privacy breach involving hundreds of thousands of individuals who applied for student loans. Under the proposed settlement, Canada would pay $60 to Canada Student Loan borrowers affected by the breach. The federal government could reduce that individual payment, however, in the event the total...
Blog

The Future of Ransomware 2018 and Beyond

Ransomware is a problem on the rise, a simple threat with some very large business implications. Statistics show it has reached new levels of menace, and it's growing at a remarkable rate: 6000% in 2016, an IBM study found, and a triple-digit increase into 2018. Although a very real and present danger (as shown by some very high profile infections...
Blog

OWASP Top 10 Most Critical Web Application Security Risks of 2017

As organizations' IT environments become increasingly more complex, so too does the software they install on their systems. Software developers and managers have embraced microservices written in node.js and Spring Boot, for example. These new types of dynamic applications challenge organizations to establish appropriate trust chains and secure old...
Blog

Women in Information Security: Tiffany Gerstmar

Last time, I spoke with Stephanie Vanroelen. She's an OWASP contributor who specializes in web penetration testing. She also organizes BruCON, Belgium's largest cybersecurity convention, and volunteers at CyberSKool, an information security camp for kids. This time, I have the pleasure of speaking with Tiffany Gerstmar. Working with the US Navy...
Blog

5 Notable DDoS Attacks of 2017

We all know what a great year distributed denial-of-service (DDoS) attacks had in 2016. In the last four months, the web registered two significant DDoS campaigns. The first targeted Brian Krebs at a peak size of 620 Gbps. The second struck Dyn and, in so doing, took down Twitter, Amazon, Spotify and other clients of the DNS provider's critical...
Blog

How Employees Unknowingly Gamble with Your Data

Modern-day encryption is surprisingly effective. Take the gold standard: AES 256-bit encryption. It’s military-grade, trusted by governments and top security professionals worldwide. The encryption keys use so many number combinations that it’s virtually brute-force proof. In theory, someone might be able to crack it if they invented a supercomputer...
Blog

How to Create And Maintain a More Secure Database

The damage done to a business's reputation and the long-term financial consequences of a data breach are never a concern that should be treated lightly. While extending an existing database into the cloud can allow users to access sensitive files and information with far greater ease, failing to address potential security concerns or underlying...
Blog

"123456" Still Reigns Supreme on Worst Passwords List

"123456" has once again topped an annual list of the worst passwords created by users in North America and Western Europe. On 19 December, password management provider SplashData released the 2017 edition of its "Worst Passwords of the Year" list. The dataset comprises five million leaked passwords exposed by data security incidents over the course...
Blog

Exploiting ROBOT like Mr. Robot

It was late Friday afternoon when the email arrived saying he’d won a free cruise. Philip quickly opened the email and clicked the link for more information, but there was nothing there. What he didn’t know is that this cruise offer actually came from a hacker and not Cruise Giveaways of America. This was no ordinary link, either. That link...
Blog

Bitcoin Exchange Bids Adieu after Suffering Second Hack This Year

A Bitcoin exchange has announced it has filed for bankruptcy and will cease all operations after suffering its second hacking attack this year. On 19 December, South Korean exchange Youbit announced at 04:35 local time that bad actors had hacked its website and stolen 17 percent of its assets in the process. BBC News reports that the hackers didn't...
Blog

Women in Information Security: Stephanie Vanroelen

Last time, I spoke with Jelena Milosevic. She's a nurse who discovered a huge security problem in her hospital and is now on a mission to educate people about improving medical cybersecurity. This time, I spoke with Stephanie Vanroelen. Not only is she an OWASP contributing web security specialist, but she also volunteers at a camp that teaches...
Blog

Preventing Yet Another AWS S3 Storage Breach

It seems like everyday you see a new report about a massive data leak caused by someone accidentally exposing files stored in AWS S3 Buckets to everyone on the Internet. Many may remember Verizon’s infamous snafu that leaked data records for six million of their customers due to a misconfiguration in their S3 buckets. Since then, there have also...
Blog

Monero Mining Software Found on Oil Transport Company's Systems

An oil transportation company discovered someone had installed Monero-mining software on its systems without its authorization. On 14 December, Vladimir Rushailo, vice president of the Russian state-owned transport monopoly Transneft, revealed that the company had found that one of its computers had automatically downloaded software designed to mine...
Blog

Foundational Controls that Assure Integrity

We want more of the CIA Triad. No, this has nothing to do with the US government agency. It stands for “confidentiality, integrity, and availability.” What it alludes to is the idea of protecting access to privileged information (confidentiality), asserting that the information hasn’t been tampered with (integrity), and that the information can be...