Caspar Bowden, a passionate British privacy advocate, has passed away after a battle with cancer. In 1998, Bowden helped co-found the Foundation for Information Policy Research (FIPR), a prominent think tank for privacy based in the UK. He also became one of the most outspoken dissenting voices with regards to government backdoor surveillance into cloud computing services prior to the Snowden...

Cyber-attacks are continually increasing in scope and complexity; advanced persistent threats are becoming more difficult to detect; and over the past decade, there has been a growing “detection deficit,” according to the 2015 Verizon Data Breach Report . While 60 percent of attackers are able to gain access within minutes, the detection of attacks is usually days or longer. The core of this...

Earlier this year, the PCI Security Standards Council officially released PCI DSS 3.1 only months after its predecessor (version 3.0) came into effect. With a typical three-year period between standard revisions, the out-of-band update caught many off guard, especially organizations still in the process of complying with the changes from the previously established data security standard. Although...

OpenSSL has released an advisory urging users to update their systems in the wake of a high-severity alternative chains certificate forgery bug. "During certificate verification, OpenSSL (starting from version 1.0.1n and 1.0.2b) will attempt to find an alternative certificate chain if the first attempt to build such a chain fails," the advisory reads. "An error in the implementation of this logic...

Back in 2013, technology giants Apple, Microsoft, Facebook and Twitter all suffered a serious security breach. Their corporate networks had all been attacked by the same hacking gang, after Mac-using staff visited a website for iOS developers hosting a zero-day Java exploit. The previously unseen Pintsized Trojan horse was able to waltz around the Gatekeeper protection in OS X, and install itself...

A member of the hacking group Lizard Squad has been found guilty of 50,700 charges of "cybercrime", according to Finnish media . Julius “zeekill” Kivimaki, age 17, has received a two-year sentence suspended sentence and has been "ordered to fight against cybercrime." He will not be going to prison. The charges filed against Kivimaki include breaching protected computers, felony payment fraud...

A hacker has been sentenced to 50 months in prison for his role in a fraudulent ATM withdrawal scheme that resulted in the theft of $14 million worldwide. According to a press statement released by the United States Attorney's Office for the Eastern District of New York, Qendrim Dobruna pleaded guilty to bank fraud last year after participating in what is known among underground hacker syndicates...

We’re in the midst of a national cybersecurity crisis. Breaches, such as the ongoing OPM breach , are continuing at an alarming rate; organizations are building their security infrastructure, but are lacking staff. We need more skilled cybersecurity professionals, yet we don’t have a consolidated plan for building the cybersecurity skills pipeline. Then there’s the crisis regarding our kids and...

The private Italian spyware firm Hacking Team has become the victim of a hack itself, with more than 400GB of data compromised and released via a torrent. The hacker "PhineasFisher"– who claims responsibility for the data heist – is also responsible for surveillance tech company Gamma International based in the UK. One of the most damaging aspects of the hack so far has been the revealing of...

Cisco has released a patch for a password vulnerability that was recently discovered in its Unified Communications Domain Manager (Unified CDM) Platform Software. According to a security advisory released by the company, "A vulnerability in the Cisco Unified Communications Domain Manager Platform Software could allow an unauthenticated, remote attacker to login with the privileges of the root user...

At DEF CON 23 this summer, an information security consultant plans to unveil ProxyHam, a hardware device that bears much promise for the future of web anonymity. Benjamin Caudill , who is founder and Principal Consultant for Rhino Security Labs , developed the product in response to the growing threats against web privacy, particularly those arising from national security surveillance-based...

The FUD Wagon is rolling strong today after multiple online media outlets have picked up the story that Wi-Fi Sense, available on Windows Phone 8.1 and the soon to be released Windows 10, is Microsoft’s latest security blunder. The best advice that I can offer when you see these articles is to close them... close them, and forget that you’ve ever seen them. I don’t want you to just take my word...

Donald Trump doesn't appear to be having the best of times. Not only has the business tycoon and (now) Republican presidential candidate been dumped by Macy's, Univision and NBC over his comments on Mexican immigrants, but he is now possibly having to deal with the aftermath of a hacker attack too. Criminal hackers may have added to the headaches of The Donald, whose chain of luxury hotels have...

This is the third part of a series of three blogposts (parts 1 and 2 available here and here , respectively) related to the many Windows Server 2003 (WS2003) systems that may not be migrated to a new OS platform by the July 14, 2015 “end of extended support” deadline by Microsoft. ASSESSING THE BUSINESS RISK Clearly, with days to go, you’ve assessed the business impacts of not migrating your...

Looking for a great Information Security podcast? There are plenty to choose from! Here's a roundup of currently active Information Security podcasts. The list is split into two categories: podcasts run by people representing themselves (meaning they are not speaking for a company) and podcasts produced under the name of a company. I made the distinction because many people would like to know if...

Last week, a private investigator was sentenced for having hired "hacking services" to gain unauthorized access to victims' email accounts on the behalf of his clients. According to a statement released by the FBI New York Field Office, Eric Saldarriaga, 41, of Queens, NY operated a company that offered private investigation services to the public for a fee. These services included hacking into...

A security firm has spotted a new spam campaign that seeks to trick email users into downloading Dridex banking malware. According to research conducted by Heimdal Security , the spam campaign’s email messages are delivered with a .doc attachment that contains macros, which attempt to download Dridex. The contents of each spam message reads as follows: From: [spoofed / fake return address] Subject...

With the advent of the recent failure of RBS banking systems , there is a question on the lips of many security professionals, not to mention the aware members of the public, asking: “ Are today's banking systems and the applied management fit for purpose? ” The initiator of this particular article was born out of the recent debacle of the failing of RBS systems in June 2015, which saw the...

Commercial Virtual Private Network (VPN) services, claiming to provide users enhanced privacy and anonymity, may not be as secure as users think. A group of researchers from Queen Mary University of London and the University of Rome disclosed their findings today, revealing that many of the most widely used VPN services are susceptible to DNS hijacking attacks and leak sensitive IP data. Using a...

The Office of Personnel Management (OPM) has taken offline a web-based platform used to complete background investigations due to the discovery of a security vulnerability. According to a statement posted on the OPM's website, the move to temporarily suspend the portal, known as E-QIP, follows a comprehensive review of the government agency's IT systems. "Director Katherine Archuleta recently...