European data center services provider Interxion recently announced it had suffered a security data breach, potentially exposing the personal information of more than 23,000 existing and prospective customers. The company notified affected customers via email this weekend, saying it had become aware of the incident in December when an intruder gained access to its Customer Relationship Management...

Normally when you see a headline referring to intelligence agencies and phone accounts being hacked, you expect in this day and age that it's law enforcement that is doing the hacking. But not in this case. Director of National Intelligence James R. Clapper appears to have become the latest to fall foul of hackers, after a teenage hacker called "Cracka" broke into a number of online accounts...

Computer crime is on the rise around the world. Every day, nefarious actors develop increasingly more sophisticated forms of malware for their attacks. Additionally, as reported by the United Kingdom's National Crime Agency (NCA) back in December, the average age of online criminals has dropped to 17 years old, suggesting that teenagers are more susceptible to embrace the world of digital crime...

Today’s VERT Alert addresses 9 new Microsoft Security Bulletins . VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-652 on Wednesday, January 13th. Ease of Use (published exploits) to Risk Table Automated Exploit Easy Moderate Difficult Extremely Difficult MS16-001 MS16-005 MS16-004 MS16-007 No Known Exploit MS16-002 MS16-003 MS16...

eBay has patched a cross-site scripting (XSS) vulnerability that attackers could have exploited in order to steal users' passwords. A researcher who goes by the name MLT explains in a blog post how he was able to exploit a "fairly basic" XSS vulnerability without needing to resort to any additional measures, such as bypassing the WAF, in order to spear phish for users' login credentials. He first...

Is using ad blocking software stealing or is it a sound security practice? On one hand, many websites and content creators make money from advertising. They certainly deserve to be compensated for their time and effort. On the other hand, advertising – at best – can be annoying, and at worst, can serve up malware, suck up bandwidth and redirect confused users to websites without their knowledge...

Online fraudsters recently broke into a number of Fitbit customer accounts using leaked usernames and passwords from third-party websites. According to a report by BuzzFeed , at least two dozen cases were discovered in December. Fitbit did not disclose how many users were affected but told the publication it was a “small portion.” Once the intruders were able to gain access to customer accounts...

An enterprise vulnerability management program can reach its full potential when it is built on well-established foundational goals that address the information needs of all stakeholders, its output is tied back to the goals of the enterprise, and there is a reduction in the overall risk of the organization. Such vulnerability management technology can detect risk but it requires a foundation of...

Time Warner Cable (TWC) is planning to notify 320,000 of its customers whose account information might have been compromised. The American cable telecommunications company first learned of the issue after the Federal Bureau of Investigations (FBI) reached out and alerted them to the fact that some of their customers' email addresses and passwords might have been compromised, reports Reuter s ....

Seven months ago I began an odyssey through our medical system that ended in December with my last visit to my surgeon's office. Throughout the entire experience, I couldn't help but make mental notes about the security practices I encountered. I want to be clear from the beginning – nothing I saw was egregious or malicious, just caring people trying to get a difficult job done AND navigate the...

A group of researchers has made public a database, dubbed "SCADAPASS," containing default credentials for more than 100 industrial control system (ICS) products belonging to various top vendors. The research team—known as SCADA StrangeLove— published the list on GitHub , which includes the product and vendor names; device type; default username and password; port and protocol; as well as a link to...

Fancy earning $100,000? Of course, you do. Well, now there's an opportunity to earn a huge reward if you can demonstrate how Adobe Flash can be exploited. Sounds good right? Well, here's the bad news for the rest of us: it's not Adobe offering the money in the form of a bug bounty. Less than a month ago, Adobe proudly announced a series of security enhancements it had made to bolster the defences...

As cyber threats grow in scope and potential impact, the complexity of enterprise digital data protection grows to astonishing proportions. Last year, a Fortune 500 survey revealed that cyber security is the second biggest concern for CEOs, who keep looking for new solutions to keep their data safe and their clients happy. The enterprise data is worth more than gold, so it is unsurprising that the...

UPDATED 01/07/2016 to include RSA Conference USA. (Please see below.) In Part II of our 2015 Infosec Wishlist series , a number of security experts expressed their desire for the security community to renew its focus on collaboration, communication and unity in the New Year. To accomplish this goal, folks in information security will need to internalize this message and inject it into their...

Researchers have confirmed that a variant of the BlackEnergy malware was behind a power outage that occurred around Christmas Eve last year. Reuters reports that the Western Ukrainian power company Prykarpattyaoblenergo reported on outage on December 23rd that affected an area including the regional capital Ivano-Frankivsk . A subsequent investigation revealed that a variant of the BlackEnergy...

Back in July, I brushed on the topic of using a Raspberry Pi as a cheap and effective way to secure Internet of Things (IoT) and Industrial Control Systems (ICS) networks where traditional protection mechanisms are not feasible. I took those concepts and spoke to them at the IoT Village at DefCon 23 in a level of detail that explained how to actually deploy one of these Sweet Security devices. I...

Have you discovered a security gap? Have you found a possible solution? Have you received funding for it? If you answered 'yes' to all of the above, you're half way to successfully implementing a new control. Here are some other (often overlooked) actions you should consider to ensure the success of your project: 1. Be sure the solution solves your problems. Create use cases (and actually test...

Last week, we reported on a post office email scam that was recently observed to be t argeting PostNord customers with Cryptolocker2 ransomware. Our story noted that customers commonly fall for this type of scam because, by nature, they tend to trust institutions with which they are familiar. As a result, users were more than willing to click on a URL to arrange a pick-up time for an undelivered...

By any measurement, 2015 was another bad year for the world in terms of cyber security. Despite record spending of more than $75 billion USD, losses were still estimated to be around $400 billion, with some firms predicting losses will grow to over $2 trillion by the end of 2020. But 2016 doesn’t have to be another losing year for cyber security professionals, and there is a way forward to stem...

The author of the Radamant ransomware kit has insulted the researcher responsible for creating a decryption tool in some of the malware's new embedded strings. Shortly before Christmas Eve, Fabian Wosar of EmsiSoft published the decrypting tool on his company's website after discovering a weakness in Radamant's encryption algorithm, reports Softpedia . After identifying their infected files by...