We’re in the midst of a national cybersecurity crisis. Breaches, such as the ongoing OPM breach, are continuing at an alarming rate; organizations are building their security infrastructure, but are lacking staff. We need more skilled cybersecurity professionals, yet we don’t have a consolidated plan for building the cybersecurity skills pipeline. Then...

The private Italian spyware firm Hacking Team has become the victim of a hack itself, with more than 400GB of data compromised and released via a torrent. The hacker "PhineasFisher"– who claims responsibility for the data heist – is also responsible for surveillance tech company Gamma International based in the UK. One of the most damaging aspects of...

Cisco has released a patch for a password vulnerability that was recently discovered in its Unified Communications Domain Manager (Unified CDM) Platform Software. According to a security advisory released by the company, "A vulnerability in the Cisco Unified Communications Domain Manager Platform Software could allow an unauthenticated, remote attacker...

At DEF CON 23 this summer, an information security consultant plans to unveil ProxyHam, a hardware device that bears much promise for the future of web anonymity. Benjamin Caudill, who is founder and Principal Consultant for Rhino Security Labs, developed the product in response to the growing threats against web privacy, particularly those arising from...

The FUD Wagon is rolling strong today after multiple online media outlets have picked up the story that Wi-Fi Sense, available on Windows Phone 8.1 and the soon to be released Windows 10, is Microsoft’s latest security blunder. The best advice that I can offer when you see these articles is to close them... close them, and forget that you’ve ever seen...

Donald Trump doesn't appear to be having the best of times. Not only has the business tycoon and (now) Republican presidential candidate been dumped by Macy's, Univision and NBC over his comments on Mexican immigrants, but he is now possibly having to deal with the aftermath of a hacker attack too. Criminal hackers may have added to the headaches of The...

This is the third part of a series of three blogposts (parts 1 and 2 available here and here, respectively) related to the many Windows Server 2003 (WS2003) systems that may not be migrated to a new OS platform by the July 14, 2015 “end of extended support” deadline by Microsoft. ASSESSING THE BUSINESS RISK Clearly, with days to go, you’ve assessed...

Looking for a great Information Security podcast? There are plenty to choose from! Here's a roundup of currently active Information Security podcasts. The list is split into two categories: podcasts run by people representing themselves (meaning they are not speaking for a company) and podcasts produced under the name of a company. I made the...

Last week, a private investigator was sentenced for having hired "hacking services" to gain unauthorized access to victims' email accounts on the behalf of his clients. According to a statement released by the FBI New York Field Office, Eric Saldarriaga, 41, of Queens, NY operated a company that offered private investigation services to the public for a...

A security firm has spotted a new spam campaign that seeks to trick email users into downloading Dridex banking malware. According to research conducted by Heimdal Security, the spam campaign’s email messages are delivered with a .doc attachment that contains macros, which attempt to download Dridex. The contents of each spam message reads as follows: ...

With the advent of the recent failure of RBS banking systems, there is a question on the lips of many security professionals, not to mention the aware members of the public, asking: “Are today's banking systems and the applied management fit for purpose?” The initiator of this particular article was born out of the recent debacle of the failing of RBS...

Commercial Virtual Private Network (VPN) services, claiming to provide users enhanced privacy and anonymity, may not be as secure as users think. A group of researchers from Queen Mary University of London and the University of Rome disclosed their findings today, revealing that many of the most widely used VPN services are susceptible to DNS hijacking...

The Office of Personnel Management (OPM) has taken offline a web-based platform used to complete background investigations due to the discovery of a security vulnerability. According to a statement posted on the OPM's website, the move to temporarily suspend the portal, known as E-QIP, follows a comprehensive review of the government agency's IT systems...

Updated: July 10, 2015 - 9:00 AM PST The United States Office of Personnel Management (OPM) has recently been in the news for two separate breaches that may have compromised the information of as many as 18 million former, current and prospective federal employees. Significantly, the story of these two intrusions stretches back to as early as spring of...

I was recently quoted in eCampus News regarding the recent cyber attack against Penn State, which triggered a number of conversations with CISO's at various academic institutions. One of these conversations was with Helen Patton, the Chief Information Security Officer for Ohio State University. I had a very interesting dialogue with her via email, and...

The Magnitude exploit kit (EK) is leveraging a recently patched zero-day vulnerability found in Adobe Flash Player to drop CryptoWall ransomware. Early last week, Adobe released a security update for the critical vulnerability CVE-2015-3113, which affects Windows, Macintosh, and Linux. If unpatched, the flaw allows for an attacker to take control of an...

On my way to a client site, I was listening with interest to a report on Radio 4 discussing a news article covering the rise of offences against women, including offences associated with the cowardly utilisation of the Internet to target, stalk, and to impose mental anguish and misery on the intended target of abuse. However, to maintain the correct...

First, it was cloud computing that sparked the imaginations of businesses in terms of all the benefits they could receive. Then, came the division of public and private clouds; some companies wanted to keep their cloud on-premise, while others looked to cloud providers. Now, the next step in the cloud revolution has come—the gradual adoption of the...

Cisco has released patches for SSH keys vulnerabilities affecting several of its virtual appliances. The vulnerabilities were discovered during internal security testing and have been found to affect Cisco Web Security Virtual Appliance (WSAv), Cisco Email Security Virtual Appliance (ESAv), and Cisco Security Management Virtual Appliance (SMAv). ...

If you read my previous post about Microsoft ending extended support for Windows Server 2003 (WS2003) on July 14, 2015, you’re familiar with what that means - Microsoft will not be providing further security patches, hot fixes, or software updates without a costly extended support agreement. “Many IT teams are very comfortable using Windows Server 2003...