This week, as part of our new "Infosec Influencer" series, I had the pleasure of sitting down with Bruce Schneier, an internationally renowned security technologist and one of The State of Security's Top Influencers in Security You Should Be Following in 2015. He has written 12 books, including Liars and Outliers: Enabling the Trust Society Needs to...

For just over a week, government departments, research institutes and other high-value targets have been on the sharp end of a sophisticated attack, where fake voicemails are being used to create a diversion while malware infects computer systems. As security researchers at Palo Alto Networks's Unit 42 division detail, it is believed the attack is being...

Two Belgian security researchers have developed a method that allows an attacker to exploit weaknesses found in the RC4 encryption algorithm and subsequently expose information that was once thought to be encrypted. According to a blog post written by Mathy Vanhoef and and Frank Piessens of the University of Leuven, their RC4 NOMORE attack concentrates...

Due to the increased number of reported high-profile attacks, it is likely that you have heard of "phishing". What exactly is phishing? At its core, phishing is the sending of an email to a target with the intent of having the target perform some action that will lead to the attacker gaining some new piece of information or access. While the phishing...

Oracle has released its July 2015 Critical Patch Update that provides fixes for 193 security vulnerabilities, including a zero-day vulnerability recently discovered in Java. According to a post published on Oracle's blog, the update contains patches for a number of applications, such as Oracle Database, for which there are provided 10 security fixes...

Today’s VERT Alert addresses 14 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-623 on Wednesday, July 15th. MS15-058 SQL Server Elevation of Privilege Vulnerability CVE-2015-1761 SQL Server Remote Code Execution Vulnerability CVE-2015-1762 ...

In the past, information technology (IT) and operational technology (OT) were seen as two distinct domains of a business. The former focused on all technologies that were necessary to manage the processing of information, whereas the latter supported the devices, sensors and software that were necessary for physical value creation and manufacturing...

It is always the case that changes – particularly radical changes – to application architectures have a ripple effect across the data center. And ripples turn into waves as they travel away from the epicenter, in this case leaving security professionals swamped. And like a bad “B-side” disaster flick, the danger isn’t coming from just one side; it’s...

Click-fraud is traditionally thought of as a widespread but low-impact online risk. Using this method of attack, criminals steal money away from pay-per-click (PPC) online advertisers by commanding another person or bot to click on an ad for the purposes of generating a charge per click. No actual interest is generated by these fake clicks, and the...

The Bundesrat of Germany – the country’s Federal Council – passed legislation last week requiring critical infrastructure businesses and institutions to implement more robust information security standards. According to reports, the new law will affect more than 2,000 essential service providers, including transportation, health, water, utilities,...

Mozilla has blocked every version of Adobe Flash Player running in its Firefox web browser and will continue to do so until Adobe has patched certain publicly known security vulnerabilities. Firefox users who seek to view videos, adverts, and other Flash-based content will now be required to dismiss a warning that reads, "Flash is known to be vulnerable...

I’ve spent a copious amount of time on the Darknet this year in a quest to gain more understanding on how cybercriminals think. I’ve been studying their communities, how they operate in the Darknetmarkets (such as Silk Road), perusing their forums, analyzing their marketing techniques, and contemplating how they justify their criminal activities. It’s...

Given the recent high-profile breaches, a key challenge facing government agencies and other security-minded organizations is rooting out malware that has already become embedded on key assets. Multiple vendors are offering cloud-based sandbox analytics services, and/or on-premises appliances, that can analyze new binaries to determine if they have...

A DDoS attack continues to affect the Asian Pacific servers of messenger app Telegram as of Monday morning. The attack was first revealed by the company on Twitter early Friday morning. Four hours after its initial announcement, Telegram posted again, stating that the attack had become global and was now affecting users' access worldwide. ...

Microsoft is ending Windows Server 2003 support on July 14, 2015, when the popular platform will no longer receive security updates. End of life migration is a serious transition for organizations, and many will keep the using outdated platforms long after the deadline. How should organizations that are still in transition prepare for the inevitable...

Yet another zero-day Flash exploit has been found in the massive data dump that is the result of a major compromise of Italian espionage software maker Hacking Team. Vulnerabilities CVE-2015-5122 and CVE-2015-5123 are similar to the previous Flash vulnerability (CVE-2015-5119 ) found in the Hacking Team arsenal CVE-2015-5119, however there is currently...

A cyber attack on the United States power grid, causing outages and damage to infrastructure, could have a major impact on the country’s economy, costing up to $1 trillion in the most extreme scenario. A recent report, produced by the University of Cambridge’s Centre for Risk Studies and Lloyd’s of London insurance, outlines the potential implications...

Caspar Bowden, a passionate British privacy advocate, has passed away after a battle with cancer. In 1998, Bowden helped co-found the Foundation for Information Policy Research (FIPR), a prominent think tank for privacy based in the UK. He also became one of the most outspoken dissenting voices with regards to government backdoor surveillance into cloud...

Cyber-attacks are continually increasing in scope and complexity; advanced persistent threats are becoming more difficult to detect; and over the past decade, there has been a growing “detection deficit,” according to the 2015 Verizon Data Breach Report. While 60 percent of attackers are able to gain access within minutes, the detection of attacks is...

Earlier this year, the PCI Security Standards Council officially released PCI DSS 3.1 only months after its predecessor (version 3.0) came into effect. With a typical three-year period between standard revisions, the out-of-band update caught many off guard, especially organizations still in the process of complying with the changes from the previously...