Just last week, police forces across Europe arrested individuals who they believed had been using the notorious DroidJack malware to spy on Android users. Now attention has been turned on to another piece of software that can spy on communications, secretly record conversations, snoop on browsing histories and take complete control of a remote...

A blind spot is defined as “an area where a person's view is obstructed.” As a longstanding professional in the industry, seeing the rhetoric change over the years, from Information Security, through Information Assurance and now to “cyber security,” what is occurring is the creation of a significant and worrying blind spot. Sadly, what people...

British Gas has emailed approximately 2,200 customers urging them to change their passwords after their login credentials were posted online. According to The Guardian, the account details were posted to the online text-sharing service Pastebin and, if accessed, could have allowed an attacker to view the names, addresses, and previous energy bills...

We are very proud to announce the release of Version 6 of the Center for Internet Security Critical Security Controls for Effective Cyber Defense. This is a set of security practices developed and supported by a large volunteer community of cybersecurity experts. Based on an ongoing analysis of attacks, vulnerabilities and defensive options, the CIS...

Although associating with third parties and outsourcing certain processes provides many benefits – from reducing costs to leveraging their expertise – many organisations choose to overlook the security risks accompanying these benefits. According to a recent survey conducted by Tripwire at the IP EXPO Europe in London earlier this month, 63 percent of...

Defensible and defended are not the same thing. There are characteristics of an environment that make it more or less defensible. While IT and OT environments both have some mixed results, in general, OT environments are more defensible than IT environments. My hypothesis, as a reminder, is that a more defensible network is one in which currently...

In continuing our VERT Vuln School series on SQL Injection vulnerabilities, we’re going to take a look at how attackers can leverage this vulnerability to steal and exfilitrate data. Once we views bob’s account balance page, we notice that there’s another input-field that might be of interest, the...

A new report reveals that cyber insurance premiums are on the rise in response to a growing number of high-profile hacks and breaches. According to Timetric's Insight Report: The Future of Cyber Risk Insurance, insurers are raising the deductibles on existing companies' information security policies, whereas others are limiting the amount of...

This October marks another iteration of National Cyber Security Awareness Month (NCSAM), a program designed to engage both the public and private sectors on good security practices via activities that encourage awareness and resiliency in the event of a national cyber incident. Sponsored by the Department of Homeland Security (DHS) in cooperation...

On Tuesday, the European Court of Justice ruled the 'safe harbor' data transfer agreement between the United States and the European Union invalid. According to BBC News, the United States and the EU adopted the 'safe harbor' framework back in 2000 in order to provide a "streamlined and cost-effective" means of transferring data from Europe to U.S....

SQL injection is arguably the most severe problem web applications face. OWASP, an online community devoted to web application security, consistently classifies injection vulnerabilities as number one on their OWASP Top 10 Project. SQL injection vulnerabilities are a favorite amongst a number of “hactivist” groups whose aim is to cause disruption in...

What a whirlwind the past few months have been for data security, breaches and hacking events. From the Wyndham v. FTC ruling to yet another breach by a BCBS affiliate, there is increasing pressure across the information security industry to push organizations to perform those pesky security risk assessments touted by the National Institute of...

Banks have another security headache on their hands, as ATM-infecting malware is becoming increasingly sophisticated in its attempt to help criminals audaciously empty out cash machines on the high street on demand, without having to have previously stolen the payment cards of legitimate customers. Dubbed GreenDispenser by researchers at Proofpoint,...

The United States Navy has announced it is currently working on developing a new system aimed at protecting its ships from pervasive Internet attacks, often leading to network spying and confidential data theft. Codenamed the Resilient Hull, Mechanical, and Electrical Security (RHIMES) system, the Office of Naval Research (ONR) revealed the enhanced...

Today, enterprises must grapple with a panoply of numerous and highly sophisticated threats. In response to this dangerous landscape, it is no wonder that businesses are increasingly turning to security dashboards – a powerful communication vehicle for all information security professionals. An effective security dashboard provides personnel,...

Earlier this week, a U.S. judge ruled that banks can proceed with a class action suit filed against Target for a data breach that occurred in 2013. A U.S. District Court judge in St. Paul Minnesota affirmed Target's negligence in the data hack, which compromised upwards of 40 million credit cards. This decision enables the $5 million class action to...

Cyber liability insurance is becoming an increasing necessity for businesses and could easily become a requirement similar to E&O insurance not just for large corporations, but also small- to medium-sized businesses. The challenge, however, is understanding how much coverage, as well as the scope of the coverage organizations need to properly offset...

A security firm has discovered a variant of Android ransomware that masquerades as a pornography app called "Adult Player." According to a post published on Zscaler's blog, the ransomware, which is not found on legitimate app stores like Google Play Store and the Apple App Store, successfully loads onto a device after asking for admin permissions....

The Federal Trade Commission (“FTC”) can now sue a company for failing to adequately protect client data. Let that sink in for a moment. In short, the recent court ruling confirmed the FTC’s authority to create, impose, and enforce data security rules on virtually any business that holds consumer data. QUICK BACKGROUND On August 24, 2015, the US...

The nation is in the midst of a torrent of major data breaches. The most recent breaches include the Ashley Madison breach, the Office of Personnel Management breach, and the theft of millions of dollars from small- to mid-size businesses. In addition to the financial impacts, the breaches include the release of personal-data including social...