Systema Software, a provider of claims management software solutions, is investigating a breach that exposed the personal information of at least 1.5 million of its customers. According to The Register , insurers using Systema Software allegedly posted the names, addresses, phone numbers, medical records, and other personal information in the clear to Amazon Web Services (AWS). It is currently...

My first few blog entries were written at a time when I had had a couple of prowler incidents at my house, and I wrote about how I installed security counter measures. After all this time, I was out maintaining the motion sensors, and it occurred to me I hadn't taken a look at my network security around the house lately and should put in some maintenance time on that system, as well. I put aside...

Finnish security and privacy company F-Secure recently published a white paper exploring the activities of 'The Dukes,' a group of hackers that has been targeting Western-based governments think tanks, and other organizations for at least the past seven years. According to F-Secure's research , the group is known primarily for its use of advanced, often noisy spear-phishing campaigns as means to...

ICS networks have a lot of considerations. Policies and processes can hamper success. But they are far more defensible than IT networks. — Robert M. Lee (@RobertMLee) September 15, 2015 Sometimes a tweet can catch your attention in interesting ways. Robert's use of the term 'defensible' to describe ICS networks got me thinking about what makes an environment defensible, as well as about the...

A new report claims that in 2013, a group of China-based hackers switched their attention from targeting victims in Asia-Pacific to stealing terabytes of confidential data from US high-tech firms and government contractors. The report, "Operation Iron Tiger: Exploring Chinese Cyber-Espionage Attacks on United States Defense Contractors" , claims that a hacking gang named "Emissary Panda" (where do...

Earlier this week, a U.S. judge ruled that banks can proceed with a class action suit filed against Target for a data breach that occurred in 2013. A U.S. District Court judge in St. Paul Minnesota affirmed Target's negligence in the data hack , which compromised upwards of 40 million credit cards. This decision enables the $5 million class action to be maintained under the representation of the...

Cyber liability insurance is becoming an increasing necessity for businesses and could easily become a requirement similar to E&O insurance not just for large corporations, but also small- to medium-sized businesses. The challenge, however, is understanding how much coverage, as well as the scope of the coverage organizations need to properly offset cyber risk. KPMG recently conducted a survey...

A recent report by Panda Security revealed a record high in the creation of new malware samples, reaching more than 21 million new threats over the course of just three months. In the second quarter of 2015, the Spanish security firm saw an average of 230,000 new types of malware each day – an increase of 43 percent compared to the same period last year. “A large number of the new types of...

A Russian hacker has pleaded guilty to stealing 160 million credit cards numbers and to attacking several large American companies. On Tuesday, Vladmir Drinkman , 34, admitted in federal court in Camden, New Jersey that he and four other individuals conspired to steal credit card numbers from Heartland Payment Systems Inc., 7-Eleven Inc., and the Hannaford Bros. grocery chain. The group's attack...

Content loading... More than half (55 percent) of information security professionals anticipate cybersecurity will factor as a key issue in the 2016 U.S. Presidential race. Last month, as part of Black Hat USA 2015 , Tripwire conducted a survey of 210 information security professionals. Of those respondents, more than a third (39 percent) revealed their expectation that cybersecurity would become...

All too often, I find that vendors discount the risks associated with attack vectors involving cross-site request forgery (CSRF). Naturally, remediation of vulnerabilities involving user-interaction should generally take a back seat to those that are exposed to completely remote/unauthenticated exploitation, but that doesn’t mean it is OK to simply forget about vectors like CSRF. A quick review of...

Modern cryptography, including elliptic curve cryptography , is being used extensively for securing our internet payments, banking transactions, emails and even phone conversations. The majority of today's cryptographic algorithms are based on public-key encryption, which is considered to be secure against attacks from modern computers. Quantum computing can simply break this security by reverse...

In 1985, around the time that the Internet was just beginning to take shape, there were six top-level domains (TLDs) in existence. These were ".com", ".net", ".org", ".gov", ".mil", and ".edu". Along with some 100 country codes, those TLDs led the evolution of the web for over a decade. But then things changed. As the Internet continued to expand in size, TLDs started to diversify and increase in...

For most organizations who manage information technology and/or information security programs, personnel are constantly on the lookout for the best ways to train their technology superstars and provide them with the best academic and hands-on learning resources available. Capture the Flag (CTF) events integrate both aspects of this into a single experience. In the educational and professional...

FireEye filed an injunction against German IT security research firm ERNW GmBH last month in order to protect its intellectual property. According to CIO , ERNW first contacted FireEye, a former intern of which recently pleaded guilty to selling Dendroid malware on Darkode, back in April of this year after its researchers discovered five vulnerabilities in the company's Malware Protection System...

Ransomware is on the rise. According to the McAfee Labs Threat Report: May 2015 , this threat saw a 165% increase in the first quarter of 2015 alone. In response, security researchers have periodically released removal kits designed to help victims of crypto-ransomware variants recover their encrypted files. However, given the diversification of ransomware, including their incorporation of popular...

Earlier this year, I focused on the emerging trend of Sakawa scams originating from the west coast of Africa. If you've never heard this term before, there is some learning for you to do! Sakawa, or JuJu, scams are a subsection of traditional online cyber crime. Whilst many scams originating from all over the world could be classed as 'sakawa,' the term is associated with a lifestyle, culture and...

With security breaches such as Sony , WHSmith and Ashley Madison hitting the headlines every week, the level of security awareness among the general public has never been higher. You could therefore be forgiven for thinking that (at least theoretically) it would be an easy task to impress the importance of information security matters on a board of directors. But company directors have a lot on...

Security researchers have spotted a sophisticated type of malware that is capable of bypassing CAPTCHA authentication systems in the Google Play Store. According to a blog post written by Bitdefender security researcher Liviu Arsene, the malware, which has been identified as Android.Trojan.MKero.A, seems to have somehow found its way into legitimate apps hosted on the Play Store and simultaneously...

Today’s VERT Alert addresses 12 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-632 on Wednesday, September 9th. Ease of Use (published exploits) to Risk Table Automated Exploit Easy Moderate Difficult Extremely Difficult No Known Exploit MS15-103 MS15-096 MS15-094 MS15-095 MS15-098 MS15-100 MS15...