When I was about 10 years old, I read a book about Kevin Mitnick, Pengo and Robert Morris. While their exploits seemed very interesting, each story ended in jail time or at the very least, derailment of career goals. My unsophisticated Internet searching circa the early 2000s led me to the same conclusion. Hacking was a neat skill to have but the...

A new type of ransomware is encrypting victims’ video game files in addition to targeting other documents stored on their computers. According to Bleeping Computer, the ransomware strain, dubbed “TeslaCrypt,” was first discovered by Fabian Wosar of Emsisoft earlier this year. TeslaCrypt mimics other ransomware, including CryptoLocker, in that it...

If you've recently found your web browsing plagued by pornographic pop-ups and irritating adverts, there might be a simple - but dangerous - explanation. Maybe hackers have hijacked your internet router? Security researchers at Ara Labs have warned of an active campaign which has seen attackers changing DNS settings on routers, causing unauthorised...

Banks regularly undergo mandatory stress tests. These tests are clearly defined, and the results are used to determine how well each bank can maneuver through an economic calamity. If we apply the basic blueprint of a financial stress test to an IT infrastructure, we can loosely define it as: “An analysis conducted under unfavorable scenarios which...

While I work in security, when it’s quitting time, I’m a gamer through and through. My home is littered with consoles from Sega Genesis and NES to PS3 and Xbox One. My last two PC purchases have been strictly gaming machines, and I even bought a game pad for my iPhone because I enjoy playing (and streaming) Asphalt 8. This year, I’ve casually...

Ransomware has disabled a New Jersey school district’s computer systems, with the attackers demanding hundreds of Bitcoins as ransom to restore access to files seized in the attack. In a post published to the district’s website, officials at Swedesboro-Woolwich School District explain that the incident, which occurred on March 22nd, thus far...

Over the past decade, the role of the Internet has moved beyond just email and websites viewable from a small window on a heavy desktop to something we now carry with us in our bags, pockets and strapped to our wrists. It is now a driving force of the world economy and is creeping its way into every aspect of our lives. For better or worse, we are...

One could argue that cybersecurity is by far the most important Homeland Security, National Security and Public safety issue of our time. In the age of terror specifically, groups like ISIS, Al Shabaab and AQAP have managed to use the Internet to recruit and successfully spread their message with little to no counter narrative of merit....

A vulnerability in Cisco IP phones could allow unauthenticated attackers to remotely listen in on the phones’ audio streams. According to an advisory Cisco published on its website, the vulnerability (CVE-2015-0670) results from improper authentication in the default configuration of certain Cisco IP phones. “An attacker could exploit this...

Earlier this month, Tripwire announced Computer Criminals Brought to Justice, a continuation of its 10 Notorious Computer Criminals Brought to Justice series, by investigating the story of a young man who was recently arrested in connection with the 2014 hack of the U.S. Department of Defense. This week, we continue our series with Aleksei...

The printf() family of functions (printf(), fprintf(), sprintf(), etc.) are surprisingly powerful and, if not properly used, can expose a class of vulnerabilities called format string attacks. These attacks can be very bad because with a well-crafted format string, an attacker could write an arbitrary value into an arbitrary memory location. This...

Last week, the Internet fell over itself to report on a botnet allegedly comprised of 100,000 smart devices. Things. The Internet of Things had finally attacked! While it's inarguable that, at some point, these devices will be compromised, corrupted and otherwise made to serve the pernicious purposes of attackers, deeper technical analysis points...

Another serious privacy vulnerability has been found on Facebook, which could have put at risk the private photos of millions of users. The problem lies in Facebook Photo Sync, an opt-in feature that the social network introduced in late 2012, which meant any photos you took on your iPhone or Android device would automatically sync up with your...

A recent study found that more than 2,000 apps in the Apple App Store and Google Play Store are still vulnerable to FREAK – a widespread security flaw discovered earlier this month. Attackers exploiting the vulnerability can intercept HTTPS connections between vulnerable users and servers, thus forcing them to use weakened encryption, which can then...

Vulnerability Description The CVE-2015-0291 vulnerability introduces the possibility of a denial of service attack against a system running OpenSSL 1.0.2. If a malicious client connects to an OpenSSL server and the server requests a certificate from the malicious client, the malicious client can return a malformed cert that may trigger a NULL...

On Monday, the OpenSSL project team announced new releases that would be available today to fix security issues in OpenSSL that have been discovered as part of a major security audit and code refactoring project. When this announcement hit on Monday, there was a general panic in the IT and security community as it was mentioned vulnerabilities with...

Target Corp has agreed to pay $10 million in order to settle a class-action lawsuit related to a 2013 breach that compromised users’ financial and personal information, according to court documents. The proposed settlement, which has yet to be heard in federal court, would require Target to deposit the total settlement amount into an escrow...

Information security professionals are all too familiar with the work of black hat hackers. These individuals seek to gain unauthorized access to enterprises’ computer networks by exploiting security vulnerabilities – malicious activity which frequently threatens the personal and/or financial information of millions of customers. But what...

Sarah Clarke and a few others were running a discussion on Twitter trying to hash out if security policies have any value. The discussion was started by a person critically stating that as far as he was concerned, they have no value at all. As Twitter isn't a good medium for summarizing the potential values that were identified, Sarah and I...

…that was the question. How many people actually find your security policies useful? Go on, guess. I’m willing to bet it’s only audit, risk, compliance management and the third-parties that assess you. Here’s the tweet from Phil Huggins (@oracuk) that kicked off a lively enough debate to make me want to write this. Phil’s core and continuing...