My last on-topic post pontificated about the dangers and surprise of letting third parties into your house or codebase , where I discussed the addition of a TV DVR system to my home network. In this post, I'm going to go into some details about what I found on the network for the pure pleasure of it – no pontificating about anything, just the fun of sharing something I learned with some simple...

A member of the Federal Bureau of Investigations (FBI) has recommended that ransomware victims "just pay the ransom" if no other option exists and if they need access to their encrypted data. Last Wednesday, during Cyber Security Summit 2015 at Boston's Back Bay Events Center, Joseph Bonavolonta, the Assistant Special Agent in Charge of the FBI’s CYBER and Counterintelligence Program in the Boston...

Malicious actors began exploiting a patched critical vulnerability found in Joomla —a popular open-source content management system—just four hours after its details were disclosed. Discovered by researchers at Trustwave, the SQL injection flaw (CVE-2015-7297, CVE-2015-7857 and CVE-2015-7858) found in versions 3.2 through 3.4.4 of Joomla could potentially grant attackers full administrative access...

If you're running a CCTV surveillance camera in your office, high street store, or at home make sure that you are not unwittingly helping hackers launch denial-of-service attacks. That's the warning that has been issued by the security team at Incapsula, who discovered a botnet of 900 CCTV cameras spread across the globe, flooding targeted websites with unwanted traffic in an attempt to blast them...

The fear of malicious actors taking control of glaring flaws in smart cars is on the rise. This threat is therefore considered to be one of the major technical challenges confronting the automotive industry today. Car Manufacturers Initially, car manufacturers were not very familiar with the cyber security community. From a hacker’s perspective, as more and more cars are connecting to the internet...

Everyone always talks about the shortage in cybersecurity talent or their limited cyber resources. However, what I haven’t seen too many folks focus on is the mentoring of the next generation workforce. I recently started volunteering with high school kids, who are mostly all minorities, such as me. I found them, or should I say their coach found me, through a program called CyberPatriot . I have...

TalkTalk, a UK telecommunications company, is an investigating a data breach that might have compromised the personal information of as many as four million customers. On Friday, Trista Harrison, Managing Director (Consumer) of TalkTalk, posted an update on the company's website about the incident: "We are very sorry to tell you that yesterday a criminal investigation was launched by the...

Over the last few years, you’ve probably heard a lot about companies launching their own bug bounty programs. Software giants, such as Google, Microsoft, Twitter and Yahoo , as well as hardware-centric companies, such as Tesla, Samsung and even United Airlines , run programs that pay out cash for finding vulnerabilities. As these programs gain popularity, you might begin to consider launching your...

Over the course of the last decade, major credit card companies have begun to implement EMV or "chip and pin" technology. This system requires that a card reader retrieve the customer's information off of their card's magnetized chip, which is followed by the cardholder entering in their PIN number. As a result, chip and pin essentially constitutes a method of two-factor authentication (2FA) for...

Now in its 18 th year, The Global State of Information Security ® Survey 2016 – a worldwide survey by CIO, CSO and PwC – observes a fundamental shift in the way business leaders are responding to today’s biggest security challenges. Recognizing the rising cyber risks, a growing number of boards and executives are taking action to improve their organization’s security posture. Furthermore, emerging...

Researchers have identified a new Trojan that targets mobile banking apps with customized phishing pages in an attempt to steal users' login credentials. According to a blog post recently published by security firm Symantec, the Trojan, which has been named "Android.Fakelogin", is targeting primarily Russian mobile users. The malware comes in the form of a fake app, and upon download, it requests...

On Monday, the news buzzed with a story about a high school student who had managed to break into the email accounts of CIA Director John Brennan and DHS Secretary Jeh Johnson. We've seen this scenario played out all too often. The teen used the standard social engineering techniques to find out enough information about the targets to force a password reset on the accounts. At that point, it was...

A security researcher has developed a method by which one can exploit a vulnerability in FitBit fitness trackers and subsequently deliver malware to the target device in 10 seconds. FitBit (Source: PCMag ) Axelle Apvrille ( @cryptax ), a malware researcher at network security firm Fortinet , has found that FitBit wearables are open on their Bluetooth ports, a property which could enable an...

We are very proud to announce the release of Version 6 of the Center for Internet Security Critical Security Controls for Effective Cyber Defense. This is a set of security practices developed and supported by a large volunteer community of cybersecurity experts. Based on an ongoing analysis of attacks, vulnerabilities and defensive options, the CIS Controls specify the primary actions of cyber...

In the past few years, it has become abundantly clear that enterprises leveraging threat intelligence have a distinct advantage in protecting their critical infrastructure. With CSOs and security teams overwhelmed by massive amounts of threat data, organizations are doing everything they can to collect, analyze and evaluate as much data as they can, not just data for threats they currently face...

This week marks Week 4 in National Cyber Security Awareness Month ( NCSAM ), a program sponsored by the Department of Homeland Security (DHS) in cooperation with the National Cyber Security Alliance and the Multi-State Information Sharing and Analysis Center. NCSAM emphasizes our shared responsibility in strengthening the cyber security posture of our workplaces, homes, and digital lives, and it...

Although associating with third parties and outsourcing certain processes provides many benefits – from reducing costs to leveraging their expertise – many organisations choose to overlook the security risks accompanying these benefits. According to a recent survey conducted by Tripwire at the IP EXPO Europe in London earlier this month, 63 percent of the respondents said their organisation would...

Hacking cars has made big headlines in recent months. Back in July of this year, security researchers Charlie Miller and Chris Valasek won the attention of the information security community and beyond when they successfully hacked a Jeep Cherokee's computer via its Uconnect infotainment system . The duo was able to rewrite the automobile's firmware, tamper with the vehicle's stereo and air...

Two-factor authentication (2FA) is a type of multi-factor authentication that verifies a user based on something they have and something they know. The most popular 2FA method currently in use is the token code, which generates an authentication code at fixed intervals. Generally, the user will enter in their username, and their password will be a secret PIN number plus the code generated on the...

Federal law enforcement is investigating claims of an anonymous hacker allegedly infiltrating the personal email account of CIA Director John Brennan earlier this month. According to a report by The New York Post , Brennan’s private AOL account contained sensitive information, including Social Security numbers and personal information of more than a dozen top American intelligence officials, as...