It's the kind of bad news that every organisation hopes it will never have to find itself sharing with its customers - hackers have breached computer systems, and accessed a database containing sensitive personal information. On this occasion, the corporate victim warning 1.1 million customers that an attack has occurred is CareFirst, a major health...

During my career, I have built and managed hundreds of production-level client and server systems, and nothing can be more worrisome than when it comes time to apply patches and upgrades to software. Why? Because things can, and often times, do go wrong during patch and upgrade cycles. According to a few reports, it is possible that system...

Telstra's Pacnet has begun contacting its customers following the discovery of a data breach that compromised its corporate IT servers on which customer data is stored. Several high-profile Pacnet customers, including the Australian Federal Police and other government agencies, were exposed by the breach. It is unclear at this time whether the...

A new potentially high-impact vulnerability called LogJam has been revealed by researchers, which has similarities to the FREAK (CVE-2015-0204) vulnerability disclosed a few months ago, whereby a man-in-the-middle attack can be implemented to weaken the encryption between client and server. Like FREAK, the LogJam vulnerability takes advantage of...

Last week, we published a list of the top 10 conferences in information security. In our article, we strove to include some of the biggest events in the industry. But realizing that we likely missed a few, we invited you – our readers – to write in and let us know of the conferences you feel should have made the list. Thank you to those who provided...

Protecting enterprise networks is a constant game of cat and mouse between information security professionals and malicious actors targeting their assets. Attackers are constantly changing their tactics for both establishing their foothold in the network, as well as methods on how to exfiltrate data back to systems they control. With the rise of...

According to a recent report, analysts discovered a record-breaking 4.1 million new malware threats in the second half of 2014. Researchers at German antivirus firm G DATA revealed that the 77 percent spike from 2013 resulted in nearly six million new malware strains identified last year alone. ...

A security firm has discovered a vulnerability in Apple’s Safari Browser that allows attackers to spoof legitimate websites and phish for user credentials. Security firm Deusen reveals that the flaw works by using a short script to force Safari into loading one page while still displaying the URL of another page. This script is provided below: &lt...

On Friday May 15th, a Canadian news outlet published a copy of the application for a search warrant filed by the FBI after Chris Roberts was removed from a United flight for tweeting about hacking a plane. If you’ve never read a search warrant for electronic devices, it’s an educational read. The purpose of the warrant was to allow the FBI to search...

Last week, we explored the story of Valérie Gignac, a Canadian woman who is believed to have hacked users’ webcams and subsequently harassed them. We now report on the story of Randall Charles Tucker, a serial distributed denial of service (DDoS) attacker who targeted the websites of government authorities whom he felt were guilty of unjust behavior...

Some mods of the popular computer game Grand Theft Auto V have been found to contain malware. In the game’s online forums, users have identified malicious code in the ‘Angry Planes’ and ‘Noclip’ mods. The former spawns planes that attack players, and the latter allows players to walk through walls and other objects. One GTAForums user aboutseven...

Last week, Tripwire compiled a list of the top 10 information security conferences. We made a special effort to ensure that our article included the biggest, most industrialized conferences in the industry, and we feel that we succeeded in capturing the major brands across the infosec conference landscape. Even so, we recognize that information...

One year after the European Union’s ruling to enact the controversial “right to be forgotten” policy, Google released some details on the petitions it received to remove specific URLs from its search engine. In its latest transparency report, the Internet giant states it evaluated nearly one million (925,586) URLs for removal, dating back to the...

Updated at 9:00 AM PST. According to reports, hackers have gained access to a number of Starbucks mobile app accounts. The source of the compromise is reportedly due to account passwords being guessed or reused, giving attackers access to customer accounts through the application program interface ...

Federal law enforcement have arrested five men for filing close to 1,000 fraudulent tax returns using the stolen information they obtained from a breach that compromised the data of 125,000 people, 88,000 of whom were listed in an Oregon employment company’s database. Lateef A. Animawun, 34, of Smyrna, Georgia; Oluwatobi R. Dehinbo, 30, of Marietta,...

It seems more and more companies are beginning to understand the benefits of running a bug bounty program, encouraging vulnerability researchers to report security flaws responsibly (for a reward) rather than publishing details on the web or selling a flaw to potentially malicious parties. The latest high profile firm found running a bug bounty is...

One of the most fundamental aspects of any information security program requires IT security leaders to effectively communicate how cyber security risks can affect the operation of any business. It’s crucial to gain the support of executives and board members not only for investment purposes but also to successfully execute an enterprise-wide...

Updated at 8:30 AM PST. A security researcher has discovered a new vulnerability that he claims could allow a hacker to infiltrate potentially every machine on a datacenter’s network, leaving millions of virtual machines vulnerable to attack. According to CrowdStrike Senior Security Researcher Jason Geffner, ‘VENOM’ (CVE-2015-3456), which is an...

Today’s VERT Threat Alert addresses 13 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-614 on Wednesday, May 13th. MS15-043 VBScript ASLR Bypass CVE-2015-1684 VBScript and JScript ASLR Bypass CVE-2015-1686 ...

Many IT administrators struggle to protect their company’s server from malware, and one of the most common malicious software that can damage your IT setup is ransomware. Ransomware is hacking software that cybercriminals use to hold the IT system hostage. If the user of the IT system refrains from paying the ransom that is demanded by the cyber...