Researchers have identified a new Trojan that targets mobile banking apps with customized phishing pages in an attempt to steal users' login credentials. According to a blog post recently published by security firm Symantec, the Trojan, which has been named "Android.Fakelogin", is targeting primarily Russian mobile users. The malware comes in the form of a fake app, and upon download, it requests...

On Monday, the news buzzed with a story about a high school student who had managed to break into the email accounts of CIA Director John Brennan and DHS Secretary Jeh Johnson. We've seen this scenario played out all too often. The teen used the standard social engineering techniques to find out enough information about the targets to force a password reset on the accounts. At that point, it was...

A security researcher has developed a method by which one can exploit a vulnerability in FitBit fitness trackers and subsequently deliver malware to the target device in 10 seconds. FitBit (Source: PCMag ) Axelle Apvrille ( @cryptax ), a malware researcher at network security firm Fortinet , has found that FitBit wearables are open on their Bluetooth ports, a property which could enable an...

We are very proud to announce the release of Version 6 of the Center for Internet Security Critical Security Controls for Effective Cyber Defense. This is a set of security practices developed and supported by a large volunteer community of cybersecurity experts. Based on an ongoing analysis of attacks, vulnerabilities and defensive options, the CIS Controls specify the primary actions of cyber...

In the past few years, it has become abundantly clear that enterprises leveraging threat intelligence have a distinct advantage in protecting their critical infrastructure. With CSOs and security teams overwhelmed by massive amounts of threat data, organizations are doing everything they can to collect, analyze and evaluate as much data as they can, not just data for threats they currently face...

This week marks Week 4 in National Cyber Security Awareness Month ( NCSAM ), a program sponsored by the Department of Homeland Security (DHS) in cooperation with the National Cyber Security Alliance and the Multi-State Information Sharing and Analysis Center. NCSAM emphasizes our shared responsibility in strengthening the cyber security posture of our workplaces, homes, and digital lives, and it...

Although associating with third parties and outsourcing certain processes provides many benefits – from reducing costs to leveraging their expertise – many organisations choose to overlook the security risks accompanying these benefits. According to a recent survey conducted by Tripwire at the IP EXPO Europe in London earlier this month, 63 percent of the respondents said their organisation would...

Hacking cars has made big headlines in recent months. Back in July of this year, security researchers Charlie Miller and Chris Valasek won the attention of the information security community and beyond when they successfully hacked a Jeep Cherokee's computer via its Uconnect infotainment system . The duo was able to rewrite the automobile's firmware, tamper with the vehicle's stereo and air...

Two-factor authentication (2FA) is a type of multi-factor authentication that verifies a user based on something they have and something they know. The most popular 2FA method currently in use is the token code, which generates an authentication code at fixed intervals. Generally, the user will enter in their username, and their password will be a secret PIN number plus the code generated on the...

Federal law enforcement is investigating claims of an anonymous hacker allegedly infiltrating the personal email account of CIA Director John Brennan earlier this month. According to a report by The New York Post , Brennan’s private AOL account contained sensitive information, including Social Security numbers and personal information of more than a dozen top American intelligence officials, as...

A security firm has observed that hackers associated with the Chinese government attempted to infiltrate U.S. firms even after the United States and China agreed to neither conduct nor support activities that would result in the theft of intellectual property online. On September 25th, at the end of Chinese President Xi Jinping's visit to the United States, the White House released a statement...

Defensible and defended are not the same thing. There are characteristics of an environment that make it more or less defensible. While IT and OT environments both have some mixed results, in general, OT environments are more defensible than IT environments. My hypothesis, as a reminder, is that a more defensible network is one in which currently unknown attacks can be more easily thwarted in the...

Consumers today demand options, value and security in order for their loyalty to a brand to stay intact. According to a recent study, nearly half of consumers across generations said they’d be willing to switch retailers if the company offered enhanced payment security measures, and accepted other forms of payment, such as Google Wallet or digital currencies. The 2015 Next Generation of Commerce...

Over the next five years, healthcare providers that fail to make cyber security a strategic priority will potentially lose more than $300 billion of cumulative lifetime revenue, according to a new report by Accenture . The company predicts that one in 13 patients­ – approximately 25 million people – will have their medical and/or personal information stolen from healthcare provider’s digitized...

Earlier this week, as part of Week 3 of National Cyber Security Awareness Month ( NCSAM ), we discussed tips on how we can safely use our mobile devices to access our online accounts while on the go. We now focus on best practices for securely navigating the world of social networking. The Dangers of Indulging in Social Media Like any online account, we should protect our social media channels...

I am looking forward to presenting at BSidesDC this weekend, where I'll be giving a talk titled "Point-of-Sale to Point-of-Fail." In my presentation, I will be discussing the recent rash of retail breaches over the past couple of years and how and why they are occurring, and what retailers can do to protect themselves. The epidemic of mega-retail breaches reveals a number of weaknesses in point-of...

US-CERT published an advisory today regarding the Dridex banking Trojan following a massive resurgence of the malware over the past few weeks as part of a large phishing campaign. Dridex is an evolution of an increasingly sophisticated family of malware focused on stealing banking credentials. This particular strain of bank credential-stealing malware was first seen one year ago and has quickly...

Getting root is fun, and with IoT gadgets, getting root is generally easy. This is why the IoT Hack Lab @ SecTor will be so much fun! If you still reminisce about (or look forward to) the first time you got root on a device, and you will be in Toronto on October 20-21, visit us at the convention centre where we’ll be setup in the expo hall. Expo passes are free with pre-registration using the code...

This week marks Week 3 of National Cyber Security Awareness Month ( NCSAM ). A program sponsored by the Department of Homeland Security (DHS) in cooperation with the National Cyber Security Alliance and the Multi-State Information Sharing and Analysis Center, NCSAM emphasizes our shared responsibility in strengthening the cyber security posture of our workplaces, homes, and digital lives. The...

Today’s VERT Alert addresses 6 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-638 on Wednesday, October 14th. Ease of Use (published exploits) to Risk Table Automated Exploit Easy Moderate Difficult Extremely Difficult No Known Exploit MS15-107 MS15-106 MS15-108 MS15-109 MS15-110 MS15-111 Exposure...