Cyber liability insurance is becoming an increasing necessity for businesses and could easily become a requirement similar to E&O insurance not just for large corporations, but also small- to medium-sized businesses. The challenge, however, is understanding how much coverage, as well as the scope of the coverage organizations need to properly offset...

A security firm has discovered a variant of Android ransomware that masquerades as a pornography app called "Adult Player." According to a post published on Zscaler's blog, the ransomware, which is not found on legitimate app stores like Google Play Store and the Apple App Store, successfully loads onto a device after asking for admin permissions....

The Federal Trade Commission (“FTC”) can now sue a company for failing to adequately protect client data. Let that sink in for a moment. In short, the recent court ruling confirmed the FTC’s authority to create, impose, and enforce data security rules on virtually any business that holds consumer data. QUICK BACKGROUND On August 24, 2015, the US...

The nation is in the midst of a torrent of major data breaches. The most recent breaches include the Ashley Madison breach, the Office of Personnel Management breach, and the theft of millions of dollars from small- to mid-size businesses. In addition to the financial impacts, the breaches include the release of personal-data including social...

According to recent research, employees in the finance and human resources departments are seen as the mostly likely to cause a data breach. The study, which polled more than 500 information technology decision makers and 4,000 employees in the US, UK, Germany and Australia, found that nearly half of respondents (46%) believe finance departments...

As part of Tripwire’s Threat Intelligence University webcast series, we recently had the pleasure of hosting industry expert and renowned author Adam Shostack who shared with us how threat modeling can effectively drive security through your product, service or system. Shostack has championed several security start-ups and previously led Microsoft’s...

It is 2015, and social media is everywhere. It is embedded in your smartphone, and its logos are printed on nearly every product packaging. A few years ago, having an online presence by way of a website for a company was enough. Today, consumers expect a company to have a presence on the App Store, Play Store and every social media platform out...

Every network security manager fights an escalating and asymmetric war against adversaries aiming to penetrate networks or disrupt services hosted there. Symantec reported that major attacker-caused data breaches rose almost 25 percent last year, while Verisign reported almost a 300 percent increase in average DDoS attack size. Asymmetries abound:...

From phishing attacks to ransomware to malicious advertisements, fraudster's methods for obtaining and exploiting our information are varied and, for the most part, well-known among today’s avid Internet users. Even among the less avid Internet users, security is now more of a concern than it used to be after the numerous giant hacks that have...

Imagine a circumstance where a significant investment has been made into a data loss prevention (DLP) solution in which it paves the way for a lip-service approach towards cyber security, with the very real-world association of unknown exposures. As amazing as it may seem, here is such a case in history that may leave you with two opinions, which...

During my talk at DEF CON 23 last week, I discussed my experience developing USB based trojans and highlighted the fact that attempts to patch these vulnerabilities have done little to mitigate the risks associated with this attack vector. The revelation of CVE-2015-0096, which is a continuation of CVE-2010-2568, was believed to have been patched by...

ICANN, the organisation which oversees the internet's domain name system, regulating web addresses and working with registrars around the world, has revealed that it has fallen victim to a hacker attack during which the details of users who had created profiles on the organisation's public website were exposed. Email addresses (which act as...

Yahoo announced that it has paid security researchers one million dollars as part of its bug bounty program. According to a post written by Ramses Martinez, Senior Director and Interim CISO at Yahoo, the company's bug bounty program, which The State of Security named one of our 11 Essential Bug Bounty Programs in 2015, has shown significant growth...

The Internet of Things is gradually but very surely creeping in to impact every sphere of modern life. And that goes as much for people as for business, as much for new industries as for incumbent sectors. This network of physical objects has the ability to play havoc with security and is significantly increasing the challenge of securing Industrial...

In the financial industry, business success and sustainability depends on the health of information systems. Damage to a firm’s information systems can tarnish its reputation, compromise its data, as well as result in legal fines and penalties. Large firms often depend on thousands of such systems interconnected via the internet, which raises a...

Back in April, the London-based insurance market Lloyd's reported a 50 percent increase in the number of data breach insurance submissions filed in the first three months of 2015 as compared to last year. This development challenges some of the arguments offered by leading experts in the field of information security that seek to explain why more...

The Bundesrat of Germany – the country’s Federal Council – passed legislation last week requiring critical infrastructure businesses and institutions to implement more robust information security standards. According to reports, the new law will affect more than 2,000 essential service providers, including transportation, health, water, utilities,...

Donald Trump doesn't appear to be having the best of times. Not only has the business tycoon and (now) Republican presidential candidate been dumped by Macy's, Univision and NBC over his comments on Mexican immigrants, but he is now possibly having to deal with the aftermath of a hacker attack too. Criminal hackers may have added to the headaches of...

In the beginning, there were stack buffer overflows everywhere. Overflowing data on the stack made for a quick and easy way to subvert a program to run code provided by an attacker. Initially, this meant simply overwriting the saved return address on the stack with the location of shellcode typically on the stack and perhaps prefaced by a NOP sled,...

Most of us in the cybersecurity industry are familiar with a recent “tweet heard around the world.” Yes, I’m referring to the infamous tweet that caused Chris Roberts to be removed from a United Airlines flight. This incident has undoubtedly generated much criticism aimed at both Roberts and the airline industry. I am not writing this article to...