Despite the operating system reaching end of life exactly two years ago today, statistics show Windows XP still runs on one out of every ten desktops around the world. According to IT security firm ESET, however, the statistics have lowered significantly since Microsoft pulled support for its once dominant platform. Compared to April 8, 2014, nearly...

A new phishing scam is targeting thousands of people with scam emails that contain the recipient's home address. On Wednesday, Zack Whittaker, a writer for ZDNet, received a spam email that contained his home address from approximately eight years ago. "The well-worded email appears to come from a legitimate email address and domain name, and...

The Federal Trade Commission (FTC) has issued an alert warning users to be on the lookout for a new tech-support call scam. In a post published on Tuesday, Andrew Johnson from the FTC's Division of Consumer and Business Education identifies a variation on the age-old tech-support scam where someone attempts to access a victim's computer or sensitive...

This past year was the year of the data breach. Large and small organizations across every industry vertical were impacted by compromises that ranged from theft of PII, intellectual property, and financial information to publication of entire backend databases and email spools. The data from these breaches often wound up being exposed publicly,...

According to the forecast published by Gartner Research, we can expect a total of 6.4 billion devices connected online by the end of the year 2016, which is a 30 percent increase when compared to the previous year. In that sort of environment, questioning your cybersecurity comes natural. While we are well familiar with threats like third-party...

Adobe has announced its plans to release a patch for a "critical" Flash Player vulnerability that is currently being exploited in the wild. In a security advisory, the transnational computer software company explains that the vulnerability (CVE-2016-1019) exists in all current versions of Flash Player for Windows, Macintosh, Linux, and Chrome OS. ...

There are roughly 200 requirements and sub-requirements in NERC CIP, and to satisfy each one requires performance-based compliance evidence that produces the comprehensive documentation that proves each requirement and sub-requirement was met for all activities that fall under it. That by itself is no mean feat. Of those 200 requirements, baseline...

By now, unless you have been living in a cave with no electricity, you are aware that the FBI successfully unlocked the infamous San Bernadino iPhone. While there is plenty of speculation about the company that assisted in the unlocking of the device, the FBI made it clear very early in the process that encryption was the main roadblock to gaining...

The United States and Canada have issued a joint alert on ransomware and the threat it poses to both individuals and businesses. In their bulletin, the Canadian Cyber Incident Response Centre (CCIRC) and the United States Computer Emergency Readiness Team (US-CERT), which operates under the Department of Homeland Security (DHS), provide an overview...

The risk of sophisticated malware, especially of ransomware, has grown exponentially over the years. This means we need to evolve our techniques for mitigation, detection and monitoring of malicious behavior on our assets. It's a wise move given the durability of this threat. Indeed, ransomware, which attempts to scare users and organizations into...

Stingrays (also known as IMSI Catchers) are devices that are used to spy on cellphones and their owners. A Stingray mimics the operation of a legitimate cellphone base station to reveal the movements, communications and personal information of the cellphones that attach to them. Some illicit IMSI Catchers have been discovered attached to the light...

A massive database allegedly containing the personal information of more than 49 million Turkish citizens has been published online. The leaked data was reportedly found to contain names, addresses, national identifier numbers and dates of birth, among other personally identifiable information. Published anonymously at http://185.100.87.84/, the...

Millions of users are open to attacks that can quietly compromise machines by exploiting a weakness in some of Firefox's most popular browser extensions. On Thursday, Boston University PhD Ahmet Buyukkayhan and Northeastern University Professor William Robertson presented their research on the attacks at Black Hat Asia in Singapore. Black Hat Asia...

Transport Layer Security (TLS) is the unsung champion and defender of all good citizens of the Internet. Rather like some invisible, altruistic Marvel superhero, it works tirelessly behind the scenes each and every day helping to protect the things we need and like to do online. Along with its now atrophied predecessor Secure Sockets Layer (SSL), it...

I’ve been following the FBI vs. Apple case, and now that it seems it's tentatively over, I find myself keeping up with the conversations around who won and who lost. In my opinion, the software industry should strive to provide the strongest possible protections for users' individual privacy and security. Apple has done just that – so well, in fact,...

Security experts have discovered vulnerabilities in a database where the U.S. State Department stores visa information. Reuters writes that the State Department first learned of the security flaws following an internal review of its computer systems several months ago. In a report, security experts...

It’s been a month since Hollywood Presbyterian Medical Center joined the ranks of Premera Blue Cross, Anthem, CareFirst BCBS, and a considerable number of other healthcare institutions that have experienced recent hacks where personal patient data might have been exposed. While it may have played out like the plot of a bad "cyber"-thriller movie,...

The Federal Bureau of Investigations is investigating a series of hacks against some of the United States' most prestigious law firms. On Tuesday, the FBI disclosed its investigation into data breaches affecting Cravath Swaine & Moore LLP, Weil Gotshal & Manges LLP, and a number of other high-profile New York-based law firms. Cravath Swaine & Moore...

If there is one truth about today's threat landscape, it is that nothing remains the same. Such dynamism rests partially with the sheer volume of threats circulating the web. Multiple reports indicate that bad actors are developing as many if not more threats than security personnel have time to remediate. Indeed, in the second quarter of 2015 alone...

Information Security conferences should form part of the front line when it comes to tackling cybercrime. Unless we learn to share information as an industry, we are always going to be on the back foot. I’m spending a little down time with my family after the relentless pace of the Can Sec West conference in Vancouver, where I had the pleasure of...