Europol, the European Union’s law enforcement agency, has seized nearly 1,000 websites illegally selling counterfeit merchandise to online consumers, authorities reported. In a press release , the agency said its international operation – known as In-Our-Sites (IOS) VI – tackled the sale of counterfeit goods, including intellectual property trademark infringements, as well as online piracy on e...

A Swedish court has ruled that copyright holders cannot force internet service providers (ISPs) into blocking their customers from accessing the popular torrent website The Pirate Bay. According to a report by TheLocal.se , a Swedish newspaper, the District Court of Stockholm has ruled that Swedish ISP Bredbandsbolaget's operations do not constitute participation in the copyright offenses of some...

A transformative event is occurring where countless industrial devices, both old and new, are beginning to use Internet Protocol communication technologies. We refer to these collections of IP-enabled industrial devices and associated networks as the Industrial Internet of Things (IIoT). The Industrial IoT is at the very core of disruptive visions, such as Industry 4.0, and other advanced...

In the spring of 2014, researchers at the Center for Strategic and International Studies identified a powerful strain of banking malware whose code functions similarly to that of ZeuS. The malicious software, now formally known as Dyreza, hooks into Internet Explorer, Chrome and Firefox, at which point in time it harvests sensitive data whenever users visit the websites of targeted major banks...

This open source, crowdfunded router boasts a unique set of features, including the ability to update its own security and analyze the traffic between the Internet and the host network. Based on the Latin word for "tower", the Turris Omnia router is open source and runs OpenWrt, a free operating system that not only provides Omnia's users with the capabilities of a regular Linux server but also...

Cyber Monday is the heaviest online shopping day in the United States , with last year’s sales exceeding $2 billion within 24 hours. Unfortunately, for bargain-hungry consumers, the holiday shopping season is also a bonanza for cyber criminals. The huge uptick in website traffic means more potential targets, making the holiday season the perfect time for attackers to target online shopping sites...

A security researcher has developed a device called MagSpoof that can emulate any magnetic stripe or credit card wirelessly. Hacker Samy Kamkar first came up with the idea shortly after he lost his American Express card last August. At that time, he noticed a pattern in his replacement card's last four digits when compared to those of his previous AmEx cards. He subsequently developed an algorithm...

*Updated 12/7/2015 – NOTE: The WeMo attack vector described in this article was resolved with WeMo firmware release 2.00.8643. Customers are encouraged to install the latest update immediately. There were many activities hosted at SecTor 2015 . My favorite activity was the Internet of Things Hack Lab sponsored by Tripwire. The term Internet of Things (IoT) refers to physical devices that have...

You know that cybersecurity risks exist for your company; so does your board. They know cybersecurity is a business issue, and they also know they need to be concerned about what it means to their business. But more often than not, the board doesn’t have a concrete understanding of how they can actually help. In a recent paper, Top 5 Tips for Communicating Information Security to the Board, David...

Dell Inc., a computer technology company, has provided instructions to customers on how they can remove a recently discovered root Certificate Authority (CA) from their laptops and PCs. On Monday, a Reddit user by the name of rotorcowboy posted a thread in which they explained how they had discovered a self-signed root CA called "eDellRoot" while troubleshooting another issue on their Dell XPS 15...

The actual origination of the above phrase ( worth reading in full ) is Ecclesiastes 1:9, the Old Testament. With respect to whatever religion you worship, the point is simply to highlight the naivety in assuming something to be new or original without paying due attention to available mavens . Every “new” idea has some sort of precedent or echo from the past. Even Shakespeare took inspiration...

One of the world’s largest hotel and leisure companies announced late last week that point-of-sale (PoS) systems at more than 50 of its hotels located across North America have been compromised. Starwood Hotels & Resorts – which owns and operates a number of international brands, including St. Regis, Westin, W Hotels, Sheraton and Le Méridien – said it had recently become aware some of its systems...

Researchers have discovered two new utilities that are closely associated with the wiper malware used to disrupt the computer networks of Sony Pictures Entertainment last year. After phishing for employees' login information, the attackers responsible for the breach used a strain of wiper malware known as "Destover" to wipe the files off of company workstations, thus rendering them inoperable...

Just in time for the holiday shopping season, cybercriminals have developed a destructive new form of ransomware that targets the websites of online retailers. According to independent security journalist Brian Krebs, fraudsters have been leveraging the malware – dubbed ‘Linux.Encoder.1’ – to essentially hold a site’s files, pages and images for ransom . Retailer’s websites are scanned for common...

The emergence of IoT is especially pronounced in the workplace. Indeed, as revealed by a recent Tripwire survey, 63 percent of executives anticipate they will need to adopt "smart" things and other IoT devices due to the pressures exerted by business efficiency and productivity. Such enthusiasm notwithstanding, security has not kept up with the changing market. While a majority of executives are...

Security researchers have spotted a type of malware that uses social engineering to trick users into enabling it to automatically install apps on their Android devices. Michael Bentley, the head of research and response at mobile cybersecurity firm Lookout , has published a blog post in which he explains how a so-called "trojanized adware" known as Shedun attempts to assume control of the Android...

Throughout October this year, many tips for National Cyber Security Awareness Month focused on the password problem, including the usual warnings about weak passwords and the same password used in multiple places (known as “password re-use”). Every one of those tips (including more than one written by me ) advises the use of a password manager to solve the password problem. I often wonder why my...

Yes, targeted attacks - especially those perpetrated by an adversary with considerable resources, such as a foreign state - may incorporate zero-day vulnerabilities, but often they begin with something as simple as a phishing message tricking your staff into handing over their passwords. That's a lesson you learn from a new report published by Microsoft that explores a pernicious hacking gang that...

Security researchers with IBM have named "onion-layered" security incidents one of the top cybercrime trends they are observing in Q4 2015. In their report IBM X-Force Threat Intelligence Quarterly, 4Q 2015 , the researchers explain that an onion-layered security incident involves a second, more damaging and sophisticated attack that follows an initial intrusion. Typically, the actors involved...

Thanksgiving is a time for reflection. It provides us with a space for acknowledging all those many people and life experiences that one way or another enrich our lives, year after year. With the spirit of Thanksgiving in mind, we have gathered together the comments of some of the industry's leading professionals on who they are thankful for fueling their love of infosec. These persons are mentors...