Blog

Blog

Cisco Issues Patches for Multiple Default SSH Keys Vulnerabilities

Cisco has released patches for SSH keys vulnerabilities affecting several of its virtual appliances. The vulnerabilities were discovered during internal security testing and have been found to affect Cisco Web Security Virtual Appliance (WSAv), Cisco Email Security Virtual Appliance (ESAv), and Cisco Security Management Virtual Appliance (SMAv). ...
Blog

5 Practical Steps for Proactive Hardening of Your WS2003 Systems

If you read my previous post about Microsoft ending extended support for Windows Server 2003 (WS2003) on July 14, 2015, you’re familiar with what that means - Microsoft will not be providing further security patches, hot fixes, or software updates without a costly extended support agreement. “Many IT teams are very comfortable using Windows Server...
Blog

Expedia, Travelocity, Hotels.com Warn Customers of Phishing Scam

A number of popular travel sites have alerted customers of fraudulent emails and SMS messages posing as the legitimate companies in an attempt to lure users into disclosing their personal information. According to reports, a similar notice was recently sent out to customers of online travel agencies Travelocity and Hotels.com, as well as their...
Blog

Business Email Compromise Scam Alert Issued by FS-ISAC

The Financial Services Information Sharing and Analysis Center (FS-ISAC) has issued an alert warning companies of a continued increase in wire transfer fraud due to business email compromise (BEC) scams. The product of a joint effort with the Federal Bureau of Investigation and the U.S. Secret Service, the alert discusses BEC attacks and provides...
Blog

The 5 Most Common Attack Patterns of 2014

Tripwire is pleased to announce the release of its newest infographic, “Where Are Your Cyberattacks Coming From?” Created in response to the release of Verizon’s 2015 Data Breach Investigations Report (DBIR 2015) back in April, the infographic explains the five most common attack patterns behind today’s data breaches. In this article, I will review...
Blog

Gift Card Fraud: How It’s Committed and Why It’s So Lucrative

Gift cards have caused quite a headache for retailers in the last month, exposing another way that fraudulent activity can eat into razor-thin profit margins. Gift card fraud can range from physical theft to cloning to exploiting programming errors on the merchant side. The methods of attack are very similar to what is seen with credit card fraud,...
Blog

VERT Vuln School: Return-Oriented Programming (ROP) 101

In the beginning, there were stack buffer overflows everywhere. Overflowing data on the stack made for a quick and easy way to subvert a program to run code provided by an attacker. Initially, this meant simply overwriting the saved return address on the stack with the location of shellcode typically on the stack and perhaps prefaced by a NOP sled,...
Blog

Did The Aviation Industry Fail Cybersecurity 101?

Most of us in the cybersecurity industry are familiar with a recent “tweet heard around the world.” Yes, I’m referring to the infamous tweet that caused Chris Roberts to be removed from a United Airlines flight. This incident has undoubtedly generated much criticism aimed at both Roberts and the airline industry. I am not writing this article to...
Blog

The Difference Between Cybersecurity Literacy and Awareness

The issue of cybersecurity has finally gained the attention of top company decision-makers in light of the ongoing large-scale breaches that continue to jeopardize company assets and customers’ privacy. However, as executives and board members become more aware of the impact of cyber attacks on the business, is awareness enough to allow them to...
Blog

Three Vulnerabilities Found in Magento Platform Patched by eBay

eBay has patched three vulnerabilities found in its Magento shopping platform that could have allowed for hijacking sessions and man-in-the-middle (MitM) attacks. Hadji Samir, a penetration tester with Vulnerability Labs, released technical descriptions of a persistent input validation web vulnerabiility, a cross-site scripting (XSS) hole, and a...
Blog

Report: Vulnerability Risk Correlates to Exposure on Social Media

The type of coverage a vulnerability receives on social media often correlates to that threat’s level of risk, reveals a recent report. This is just one of the findings of the 2015 State of Vulnerability Risk Management, a study issued earlier this month by NopSec Labs, a data science and research company that specializes in analyzing malware,...
Blog

Security Slice: Fighting Security Stereotypes

The Telegraph recently published an article profiling six hacker “tribes”: secret agents, voyeurs, hacktivists, white hats, glory hunters, and cyber thieves. The article made some broad assumptions about cybercriminals that were not well-received by industry experts. As cybersecurity becomes a part of our daily lives, how can we talk about it...
Blog

Samsung announces fix for major Galaxy keyboard security flaw

There is good news today for many of the 600 million Samsung Galaxy users who have been put at risk by a security flaw in the pre-installed SwiftKey keyboard. Samsung is preparing a fix which will be rolled out as a security update. The problem was that Samsung Galaxy S phones, including the S4 Mini, S4, S5, and S6, failed to properly validate...
Blog

Infosec Influencers: An Interview with Graham Cluley – Part 2

I am pleased to present Part 2 of my recent interview with Graham Cluley, an award-winning security blogger on grahamcluley.com DB: How do you feel the security industry has changed since you first started in the 1990s? GC: The industry has grown up enormously. Originally, it was just a cottage industry made up of little – often one-person –...
Blog

Microsoft's Anti-Surveillance Website Allegedly Hacked

A website used by Microsoft to challenge the U.S. federal government's policies on matters of privacy and surveillance has allegedly been hacked. According to ZDNet, Digital Constitution appears to have been modified at 9:15 pm EDT on Wednesday, with casino-related text -- including keywords used to garner greater search engine hits, such as "casino...