Come get your hands dirty with embedded device hacks during my DEF CON 24 workshop. Brainwashing Embedded Systems will be held in Las Vegas Ballroom 3 on Saturday, August 6, from 10AM - 2PM. This workshop is a condensed version of the full-day training offered at the 2016 AusCERT and SecTor conferences. During the workshop, you will learn about the...

Digital attackers are constantly looking for ways to infiltrate organizations' IT environments. One of the easiest modes of entry is for an actor to exploit a weakness in an endpoint, a network node which according to Dark Reading remains "the most attractive and soft soft target for cyber criminals and cyber espionage actors to get inside." Under the...

A security audit evaluating many best-selling fitness trackers and wearable devices, including the Apple Watch, revealed that some manufacturers are continuing to make blatant security errors. Conducted by AV-TEST, the new study found several security flaws in Android-powered fitness trackers. The organization tested the following devices: Basis...

A security breach at Ubuntu Forums exposed the information of as many as two million users. Jane Silber, CEO of Canonical, which is the company that produces the Debian-based Linux operating system Ubuntu, published a statement about the hack on Friday: "At 20:33 UTC on 14th July 2016, Canonical’s IS team were notified by a member of the Ubuntu...

You’ve managed fine on your own for years, but suddenly there’s a new security data scientist in your life. You’re excited at the possibilities, but can you really make it work? Here are five sure-fire ways to turn that initial buzz into a perfect partnership, so that your data scientist can deliver the insights you’re looking for. Together, you can...

Fiat Chrysler Automobiles (FCA) announced on Wednesday the launch of its own bug bounty program, rewarding researchers for disclosing security vulnerabilities in its connected cars. As the seventh-largest automaker in the world, Fiat Chrysler is among the first major vehicle manufacturers to offer ...

You visit a company on business, and want to print something out. You visit another department in your office and need a hard copy of a document in your email. You're a guest at someone's home and want to print off directions to the airport. What do you? Simple. You get Windows to quickly search for and add a printer hosted on the network, and off...

Today’s VERT Alert addresses 11 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-680 on Wednesday, July 13th.Ease of Use (published exploits) to Risk TableAutomated Exploit Easy Moderate Difficult Extremely Difficult No...

WordPress (WP) is the most popular and widely used blogging platform. It supports every kind of website, from a simple blog to a full-featured business website. Twenty-six percent of all websites globally use WordPress. As a result of this popularity, hackers and spammers have taken keen interest in breaking the security of WP-operated sites. In this...

According to a new survey, 80 percent of IT security professionals believe that their organization will be threatened with a DDoS ransom attack in the next 12 months. Conducted by Corero Network Security, the research includes the responses of 100 security professionals at the Infosecurity Europe conference in London earlier this year. Even more...

A security researcher has disclosed two zero-day vulnerabilities in the online service web applications of the German luxury automobile company BMW. The first issue exists in the web application for BMW ConnectedDrive, a suite of services which includes real-time traffic updates, on-board app connectivity, and other functions built into each...

An new exploit kit campaign is targeting websites running on out-of-date versions of the Joomla! and WordPress content management system (CMS). Researchers at Sucuri have been tracking the campaign for the past several weeks. They've codenamed it "Realstatistics" because it injects fake analytics code for "realstatistics[.]info" or "realstatistics[....

As is often the case in cybersecurity, just when you think you are writing or talking about the "issue of the day" (most recently ransomware), some other issue comes up that makes you shake your head and wonder why each of us is working so hard to secure our networks when it appears so easy for attackers to steal important data or money. That is...

Researchers have called for users to patch and upgrade their vulnerable software as soon as possible after three severe vulnerabilities were found in libarchive, a widely-used open source compression library. The libarchive programming library was originally developed for the FreeBSD project but is now used by software coders around the world to...

It’s safe to say that cybersecurity is a common issue for all industries. But what is the cybersecurity state of affairs for Industrial Control Systems (ICS), and why should we care? ICS monitor and control industrial and physical infrastructure processes that are crucial for industries like manufacturing, transportation, energy, oil and gas, and...

Just as having a larger family inevitably results in more children forgotten at swim practice, the bigger your software project, the harder it becomes to find every bug, security vulnerability and logic flaw. In-house enterprise developer teams can become overwhelmed by the number of branches in a project and bugs can go unnoticed until the worst...

In today’s world, where technology is becoming an ever greater part of our everyday lives, it appears we aren’t quite keeping up with it. Believe it or not, we still tend to underestimate the importance of cyber security, as a recent survey by Soha System’s Third Party Advisory Group has shown. According to the survey, less than two percent of IT...

Today’s VERT Alert addresses 16 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-675 on Wednesday, June 15th. Ease of Use (published exploits) to Risk Table Automated Exploit Easy ...

Back in 2011, Facebook launched its bug bounty program in an effort to provide recognition and compensation to security researchers for practicing responsible disclosure. The program is not bound by a maximum bounty reward. Instead, it awards monetary rewards based on the severity of each disclosed vulnerability, with $500 USD serving as the minimum...

German engineering company Siemens has patched two vulnerabilities affecting some of its SIMATIC controllers. The first vulnerability (CVE-2016-3949) is a denial-of-service (DoS) bug that affects SIMATIC S7-300 CPU, a product which is used by companies worldwide to manage process control in various industrial environments including Chemical, Energy,...