A typo helped prevent a group of hackers from successfully stealing one billion dollars during a bank heist that occurred last month. In the heist, a group of attackers infiltrated Bangladesh Bank's systems and made off with the credentials necessary for making payment transfers, reports Reuters. ...

Security Configuration Management (SCM) exists where IT security and IT operations meet. It has evolved over the years from a ‘nice to have’ to a ‘must-have.’ The last line of defence is on the endpoint, as network intrusion detection becomes less effective and as the attacks become more sophisticated. One area where a good SCM solution should...

Security breaches, also known as a safety violation, occur when a person or application illegally enters a confidential IT border. This could result in the hacking of unauthorized data, services, networks and applications that are highly critical. Breaches can also cause bankruptcy and destroy a company’s reputation, which is why most businesses...

Social engineering is perhaps the most dangerous vector of attack available to hackers. Social engineering could be a phone call made by an attacker to extract data; an email phishing attack that is composed to look like a legitimate request to gain sensitive information; or a physical intrusion into the building by someone claiming false credentials....

Unless you’ve been living out in the remotest frontier of some Data Protection Wild West, you will no doubt be aware that a ‘supervisory authority’ Sheriff will soon be riding into town, clutching a lengthy new scroll of law and order in the form of the General Data Protection Regulation (GDPR). ICYMI or simply passed over it as not particularly...

Even if you are not a developer, you should be familiar with GitHub. If you are not familiar, then consider this blog post your introduction. GitHub is a large cloud-based software repository that uses the git protocol. Creating a GitHub account is painless and free for anyone who is interested. You don’t even need to supply a valid email address to...

Fuzz testing is one of the most powerful tools in the bug hunter’s toolset. At a basic level, fuzzing is the art of repeatedly processing crafted test inputs while checking for ill-effects, such as memory corruptions or information disclosures. One of the main advantages of fuzz testing is that it works 24x7 without a break and with no need for...

Developers today recognize the importance of secure software development. Indeed, security was one of the key topics at this month's DeveloperWeek conference in San Francisco. This level of focus should be applauded. At the same time, however, we must recognize that planning for secure software development is not the same thing as implementing it. In...

Cisco has patched a 'critical' buffer overflow vulnerability affecting the Internet Key Exchange (IKE) implementation in Cisco ASA. On Wednesday, the multinational technology company published a security advisory for CVE-2016-1287. First discovered and reported by researchers at Exodus Intelligence, the vulnerability could lead to a complete...

Security researchers have identified a new phishing scam that is targeting customers of the popular accommodation booking site Airbnb. Christopher Boyd, a malware intelligence analyst at Malwarebytes, says he recently discovered an email phishing campaign impersonating the company and redirecting users to a fake Airbnb login page in an attempt to...

Today’s VERT Alert addresses 13 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-656 on Wednesday, February 10th. Ease of Use (published exploits) to Risk Table Automated Exploit ...

Tripwire studied confidence vs. knowledge of financial services IT security pros on seven key security controls necessary to detect a data breach. For many controls IT pros believed they had the information necessary to detect a breach quickly but provided contradictory information about the specific data. ...

This is the conclusion to a three-part series of building a successful vulnerability management program. The first installment focused on Stage One, the vulnerability scanning progress. Without a foundation of people and process, the remaining stages are prone to failure. The second installment focused on Stage Two and Three, using a vulnerability...

There’s an old principle in tabletop RPG (Role Playing Games) circles that goes something like this: If you find yourself in the company of a halfling and an ill-tempered dragon, remember that you do not have to outrun the dragon; you simply have to outrun the halfling. In the context of security and specifically password creation, this principle...

Online security trends continue to evolve. This year, online extortion will become more prevalent. We also expect that at least one consumer-grade IoT smart device failure will be lethal. Ransomware will make further inroads, since the majority go unreported. China will drive mobile malware growth to 20M, and cybercrime legislation will take a...

Yahoo Mail! has patched a stored cross-site scripting (XSS) vulnerability and awarded a researcher $10,000 for finding the flaw. Discovered by Finnish researcher Jouko Pynnonen, the bug allowed an attacker to embed malicious Javascript code into a specially crafted email. The code would automatically execute whenever the message was viewed,...

I don’t know if you have noticed, but when it comes to incident response, the methodology applied by organisations can vary from the downright chaotic, to a well-disciplined, well-oiled machine. However, from what I have observed over the preceding five years of my professional life, the general approach seems to be ad-hoc and has suffered from a...

Computer crime is on the rise around the world. Every day, nefarious actors develop increasingly more sophisticated forms of malware for their attacks. Additionally, as reported by the United Kingdom's National Crime Agency (NCA) back in December, the average age of online criminals has dropped to 17 years old, suggesting that teenagers are more...

An enterprise vulnerability management program can reach its full potential when it is built on well-established foundational goals that address the information needs of all stakeholders, its output is tied back to the goals of the enterprise, and there is a reduction in the overall risk of the organization. Such vulnerability management technology...

As cyber threats grow in scope and potential impact, the complexity of enterprise digital data protection grows to astonishing proportions. Last year, a Fortune 500 survey revealed that cyber security is the second biggest concern for CEOs, who keep looking for new solutions to keep their data safe and their clients happy. The enterprise data is...