Big data lakes should be populated with big fish. IT (and OT) staff are tasked with “fishing,” or in this case, splunking data lakes for evidence. They are looking to report and visualize evidence of operational faults, evidence of compliance and evidence of nefarious activities. They are looking to catch the bad guys and the bad things by looking...

Is the internet monitored, or is it just hanging out there without anyone looking over it? That’s a very good question. The fact is that no one is looking over the internet in a supervisory kind of way aside from governments that may create legislation that has an influence in some way. It is up to individuals, companies and other entities to...

They say you should never meet your heroes—often they will just disappoint you. But thankfully, there are also exceptions to this rule. In this series, I will be introducing you to five of my key cyber security/infosec heroes. These individuals inspire me to continuously strive for more, with one even motivating me to move across the pond. All five...

Hackers stole $8.4 million worth of Veritaseum tokens before dumping all of them just a few hours later. On 24 July, Veritaseum (VERI) founder and American entrepreneur Reggie Middleton confirmed the security incident in a post submitted to Bitcoin Forum: "We were hacked, possibly by a group. The hack seemed to be very sophisticated, but there is...

The National Institute of Standards and Technology (NIST) has released Special Publication 800-171. The document covers the protection of Controlled Unclassified Information (CUI) in Nonfederal Information Systems and Organizations. The document was designed to provide guidance on ensuring that all systems that process, store, or transmit CUI...

The progression of virtualization technology has produced a high demand for similar capabilities in network communication. Traditional networking technologies in switching and routing devices provide limited abilities for the virtualization space due to the lack of controlling and tailoring network traffic on virtual machines (VM). Software-defined...

Phishers are running a scam through a Russian hosting provider that's designed to target Bank of America customers' data. On 21 July, HackRead came across the ploy. Those responsible for the ruse impersonate financial representatives working for the second largest bank in the United States. Under that disguise, the scammers send out emails informing...

Take five seconds to think: Which of the two scenarios is the worst as an incident responder? In the first one, you have to analyze terabytes of logs by grepping audits, Windows events, proxy, intrusion prevention systems and mail as you try to pivot, correlate and understand what the heck happened. In the second one, you don't have any logs at all!...

Security researchers have observed a new, Necurs-powered Trickbot spam campaign targeting international and US-based financial institutions. The notorious banking Trojan has been responsible for man-in-the-browser (MitB) attacks since 2016. Until now, however, the malware’s webinject configuration had only targeted organizations outside of the US....

A UK price comparison website must pay an £80,000 fine after it ignored customers' requests to opt out of marketing email blasts. On 20 July, the Information Commissioner's Office (ICO) announced the penalty against Moneysupermarket.com after the business sent out 7.1 million emails over a 10-day period. Those emails included a "Preference Centre...

Security vulnerabilities are becoming the new oil, and the bug bounty economy is booming. As news of cyberattacks and data breaches continue to consume the press, never before has the market for vulnerabilities been so dynamic. “Bug bounty programs,” frameworks where security researchers legally trade previously undiscovered vulnerabilities for...

When the details of Crash Override emerged earlier this summer, many argued it would be the wake-up call to finally forewarn of potential digital threats to critical infrastructure. However, when placing last December’s attack on the Ukrainian power grid in a broader context, it quickly becomes apparent that this will likely neither be a wake-up...

The Federal Bureau of Investigations (FBI) and Europol led an international law enforcement operation that shut down the AlphaBay and Hansa dark web marketplaces. On 20 July, the U.S. Department of Justice announced the takedown of AlphaBay, an underground commercial exchange where members bought and sold illicit goods like drugs, stolen credentials...

Critical security vulnerabilities have been discovered in the Segway/Ninebot MiniPro Hoverboard, but don't panic - firmware patches have already been issued to prevent malicious hackers from attacking the devices. Which is a relief - as successful exploitation of the security holes could have seen attackers seize remote control of a hoverboard and...

In previous years at BSidesLV, I talked about the different ways security researchers and pros can be heroes. This year, we’ll focus on getting "Safer, Sooner, Together" where the Cavalry needs you most: on the battlefront; that is, the things we can start doing every day along with the practical opportunities and resources that IATC can provide,...

Over the past few years, I have spent quite a bit of time trying to figure out a way to monitor what is happening on my home network in the same way that I have grown accustomed to doing so in an enterprise environment. Not happy with what was available on the market, I chose to start building my own solution. Back in 2015, I released the first set...

The FBI’s Internet Crime Complaint Center (IC3) issued a public service announcement earlier this week, warning parents of the privacy and safety risks associated with internet-connected toys. The advisory noted that smart toys and entertainment devices for children are increasingly incorporating technologies that learn and tailor their behaviors...

Yet another scam email campaign is now targeting customers of the Sydney-based energy provider Origin Energy with malware. In this new wave of attacks, customers receive scam emails asking them to view their bills online. Those messages use the energy provider's logos to try to convince a recipient they're legitimate. If the ploy works, the...

They say you should never meet your heroes—often they will just disappoint you. But thankfully, there are also exceptions to this rule. In this five-part series, I will be introducing you to five of my key cyber security/infosec heroes. These individuals inspire me to continuously strive for more, with one even motivating me to move across the pond....

A hacker has reportedly stolen over $7 million in a matter of minutes from would-be investors, through what seems to have been an incredibly simple method. For days, online trading platform CoinDash was working hard on drumming up interest amongst people wanting to embrace the Ethereum cryptocurrency, using social media to let them know that its...