Smart television sets made by Samsung may be capturing personal information spoken by their owners and subsequently transmitting it to a third-party. This warning is based off the research of The Daily Beast , which in reviewing the SmartTV supplement to Samsung’s privacy policy discovered the following sentence: “Please be aware that if your spoken words include personal or other sensitive...

Last week, we investigated the story of Vladislav Anatolievich Horohorin , a Ukrainian hacker who was well known online for managing several web forums where cyber criminals could dump and sell users’ stolen payment card credentials. Tripwire now continues its series on some of the most notorious cyber criminals brought to justice with Vladmir Drinkman, a Russian hacker whose exploits in...

Chipotle's website and official Twitter account were compromised late Saturday evening and into Sunday morning. The website was redirected on Saturday around 6PM (PST) to Chipotle's official twitter account @chipotletweets and was then unresponsive. The Chipotle domain's technical and administrative contacts for the domain have been updated with a message from the attacker(s). The @chipotletweets...

According to the Associated Press , the attackers who targeted and exfiltrated more than 80 million customer records from Anthem Inc, were able to commandeer the credentials of at least five different employees. We know from Anthem themselves that at least one admin account was compromised, as the admin himself noticed his credentials being used to query their data warehouse. Looking at job...

The Portland-based sportswear giant Nike has been accused by MasterCard Inc. of “conspiring” to steal its cyber security talent after recruiting two top information security managers. According to a report by Bloomberg , ex-MasterCard Chief Information Security Officer William E. Dennings and former Senior Engineering Manager Ryan Fusselman were urged to resign and break their contracts with the...

The U.S. Chamber of Commerce and 16 other business lobbies have sent a letter to Washington officials urging them to oppose China’s new cyber security regulations. In the letter, technology vendors argue that China’s new regulations would require them to hand over their source code and adopt China’s encryption algorithms , measures which could potentially undermine the security of their customers...

It seems only fitting that 2014 should have ended with the much publicized hacking of Sony as the American public was inundated all year with one sensational account after another of damaging data security breaches. Those surrounding Target , UPS, K-Mart, Staples, Dairy Queen and Home Depot have certainly received the full attention of the media, as it should given its magnitude. However, this...

Patch Tuesday, the unofficial day on which Microsoft regularly releases security updates for its software products, has long been a staple of the information security community. On the second (and sometimes fourth) Tuesday of every month, Microsoft releases a unique set of security bulletins that provide patches for a range of new Common Vulnerabilities and Exposures (CVEs) – flaws which are...

Sony’s projected third quarter earnings suggest that a cyberattack back in November of 2014 will have a lower financial impact on the conglomerate than originally expected. As of this writing, Sony was posed to announce a net profit of ¥31.91 billion ($269.54 million) for Quarter 3 in 2014, compared to a net profit of ¥27 billion a year earlier. This is in spite of an attack that compromised the...

Anthem, the second largest health insurer in the United States, has admitted that hackers broke into its servers and accessed databases containing sensitive customer information. According to a statement issued by Anthem, who were formerly known as Wellpoint, both current and former customers are at risk after the hackers managed to gain access to systems containing names, birthdays, medical IDs...

On any journey we take as we progress through life, occasions will arise when we arrive at a juncture where we recognise that somewhere way-back, we may have taken a wrong turn, which has brought us to a less than ideal place – an imposition which I believe we find ourselves in today with mitigating cyber crime and its associated threats. So, first of all let’s take a big deep breath and apply a...

Last week, I presented a talk at OWASP's AppSec California titled "We All Know What You Did Last Summer," where I spoke on the topic of privacy, security and the "Internet of Things." My primary focus was not necessarily on the privacy and security of devices themselves, but more regarding the security implications of the data they generate. I used several criminal cases I have been involved with...

Security firm Avast has identified a new type of malware that is posing as mobile games on Google Play. In an article posted to Avast’s blog , security researcher Filip Chytry discusses how a number of games, including a card game, an IQ test app, and a history app, all come preloaded with the same malicious software. The malware first came to the attention of Avast when one Andrei Mankevich wrote...

In today’s corporations, information security managers have a lot on their plate. While facing major and constantly evolving cyber threats, they must comply with numerous laws and regulations, protect the company’s assets and mitigate risks as best as possible. To address this, they have to formulate policies to establish desired practices that avoid these dangers. They must then communicate this...

Cross-Site Scripting (XSS) vulnerabilities can, unfortunately, be found in all types of web-based applications. Indeed, they appear to be rather ubiquitous across the web. XSS falls into the category of code injection vulnerabilities and is a result of web-based applications consuming user-supplied input without proper filtering and sanitization. Although XSS attacks exist due to web application...

A security firm has identified a new method of attack in which hackers encrypt the data stored on website servers and demand a ransom payment for the decryption key. In an article posted on its blog , High-Tech Bridge explains how its security experts first detected the attack back in December of 2014. According to the firm’s research, the attackers were able to successfully compromise a web...

Last month, we interviewed Thom Langford , the Director of Sapient’s Global Security Office. Among other things, he explained to us how critical people are to an organization’s cyber security success, not to mention how the CISO is instrumental in framing security issues so that different target audiences can understand them. As part of our ongoing “The Voice of the CISO” series, we now interview...

Tripwire Enterprise isn’t just a change detection and compliance tool. The core ability to execute commands on agent boxes and network devices, capture the results and run the results through a series of tests can be applied to other use cases, as well. These use cases are limited only by the imagination of the user. One such use case is certificate management. A couple of years back, I was...

Raptr, a popular gaming social network website, has urged all of its users to change their passwords following a recent hack . In a security update message posted on Raptr’s site, Founder and CEO Dennis Fong disclosed the incident to the Raptr community: “Maintaining the highest level of security around your Raptr account information is of the utmost importance to us, so we're very sorry to inform...

The premise of a January 27, 2015, article by CNBC is that there is good evidence that a cyber attack against nearly any country’s critical infrastructure could be imminent . T his kind of reporting has become so commonplace, but this doesn’t seem like just more FUD (fear, uncertainty, and doubt) journalism. According to Eugene Kaspersky, CEO of global IT security firm Kaspersky Labs, the evidence...