A new study reveals that dozens of apps endorsed by the National Health Service (NHS), four publicly funded health care systems in the United Kingdom, are transmitting personal and medical information over the web without any protection. According to The Guardian , researchers from the Imperial College London examined 79 apps endorsed by the NHS health apps library and found that several of them...

Craig Young and I spent several days with the crew at Crime Watch Daily in Los Angeles – a new national crime show. In this first segment, we showed them how malicious hackers gain access to baby monitors and IP cameras, demonstrating a number of techniques that can be used to gain access to the devices to hijack the video feeds and audio, as well as control the camera and even speak through...

The United States Navy has announced it is currently working on developing a new system aimed at protecting its ships from pervasive Internet attacks, often leading to network spying and confidential data theft. Codenamed the Resilient Hull, Mechanical, and Electrical Security (RHIMES) system, the Office of Naval Research (ONR) revealed the enhanced security system is designed to make its...

The Office of Personnel Management (OPM) has revealed in a statement that when hackers breached its systems earlier this year they made away with approximately 5.6 million fingerprints - a significant increase from the 1.1 million previously reported. As is now well known, in addition to fingerprint data being stolen the Social Security numbers, addresses, employment history, and financial records...

Our smartphones know everything about us – who our friends are, where we have been, our financial details, our health information and other intimate details of our lives. But can we trust our phones to keep these our personal information secret? One of the biggest security and privacy challenges of smartphones are the very apps we install on them and use every day . Many applications that we...

Today, enterprises must grapple with a panoply of numerous and highly sophisticated threats. In response to this dangerous landscape, it is no wonder that businesses are increasingly turning to security dashboards – a powerful communication vehicle for all information security professionals. An effective security dashboard provides personnel, ranging from security analysts to CISOs, with the tools...

The styles associated with Sakawa scammers have been highlighted in previous articles, but today I would like to describe the anatomy of a scam for people to be aware of just how they complete these wicked assaults on our inboxes. This could serve as a guide for Sakawa , but is intended to give insight. Nothing is new here – these guides are passed through the African scam communities already...

The one-month countdown is on and I figured it was time for a reminder that Tripwire VERT will be at SecTor in the Expo area running an IoT Hack Lab. If you aren’t considering attending SecTor, you really should be. Even if you don’t want to attend the full conference, there’s an Expo Only admission that is free on their website until the start of the show. We’ve got quite the experience planned...

Android users are being warned of a newly discovered type of malware that has recently infected hundreds of thousands of devices each day. Security researchers at Android developer Cheetah Mobile claim to have found a virus – dubbed ‘Ghost Push’ – being packaged in seemingly legitimate applications downloaded from non-Google app stores. “This is the most widespread and infectious virus we’ve...

A security firm has announced a one million dollar bounty in reward for anyone who submits exploits and jailbreaks for Apple's iOS 9 mobile operating system. In a blog post published on Monday, Zerodium officially unveiled "The Million Dollar iOS 9 Bug Bounty". "Apple iOS, like all operating system, is often affected by critical security vulnerabilities, however due to the increasing number of...

Over the last year we've seen the healthcare industry become a motivating target for malicious actors attempting to take advantage of stolen healthcare data. This is a unique sector and completely different from organizations within the retail, financial or any other vertical for that matter. The difference here is when network connectivity and operating system restraints occur within healthcare...

UPDATE 9/23/15: VERT has released a script based on FireEye's nping command to report if a host is affected or not. The script is available on the Tripwire VERT GitHub here . For IP360 customers, a variant of this is available as a custom rule. Please contact Tripwire Support or view the TechNote in TCC for details. I’ve always been a big fan of language. I’m a stickler for proper usage of the...

Systema Software, a provider of claims management software solutions, is investigating a breach that exposed the personal information of at least 1.5 million of its customers. According to The Register , insurers using Systema Software allegedly posted the names, addresses, phone numbers, medical records, and other personal information in the clear to Amazon Web Services (AWS). It is currently...

My first few blog entries were written at a time when I had had a couple of prowler incidents at my house, and I wrote about how I installed security counter measures. After all this time, I was out maintaining the motion sensors, and it occurred to me I hadn't taken a look at my network security around the house lately and should put in some maintenance time on that system, as well. I put aside...

Finnish security and privacy company F-Secure recently published a white paper exploring the activities of 'The Dukes,' a group of hackers that has been targeting Western-based governments think tanks, and other organizations for at least the past seven years. According to F-Secure's research , the group is known primarily for its use of advanced, often noisy spear-phishing campaigns as means to...

ICS networks have a lot of considerations. Policies and processes can hamper success. But they are far more defensible than IT networks. — Robert M. Lee (@RobertMLee) September 15, 2015 Sometimes a tweet can catch your attention in interesting ways. Robert's use of the term 'defensible' to describe ICS networks got me thinking about what makes an environment defensible, as well as about the...

A new report claims that in 2013, a group of China-based hackers switched their attention from targeting victims in Asia-Pacific to stealing terabytes of confidential data from US high-tech firms and government contractors. The report, "Operation Iron Tiger: Exploring Chinese Cyber-Espionage Attacks on United States Defense Contractors" , claims that a hacking gang named "Emissary Panda" (where do...

Earlier this week, a U.S. judge ruled that banks can proceed with a class action suit filed against Target for a data breach that occurred in 2013. A U.S. District Court judge in St. Paul Minnesota affirmed Target's negligence in the data hack , which compromised upwards of 40 million credit cards. This decision enables the $5 million class action to be maintained under the representation of the...

Cyber liability insurance is becoming an increasing necessity for businesses and could easily become a requirement similar to E&O insurance not just for large corporations, but also small- to medium-sized businesses. The challenge, however, is understanding how much coverage, as well as the scope of the coverage organizations need to properly offset cyber risk. KPMG recently conducted a survey...

A recent report by Panda Security revealed a record high in the creation of new malware samples, reaching more than 21 million new threats over the course of just three months. In the second quarter of 2015, the Spanish security firm saw an average of 230,000 new types of malware each day – an increase of 43 percent compared to the same period last year. “A large number of the new types of...