Chinese networking telecommunications equipment and services company Huawei has patched a vulnerability in its MBB (Mobile Broadband) product E3272s that if exploited could lead to denial-of-service attacks and remote arbitrary code execution. According to a security bulletin released by the company, "An attacker could send a malicious packet to the Common Gateway Interface (CGI) of target device...

Cyber security is now a board-level risk across the entire spread of industry. However, it is a broad subject with a large number of unknowns, and some might say there's no real way to ever discover or quantify those unknowns. Unfortunately, this can result in cyber security being poorly understood and boards vulnerable to being misled by ‘snake-oil’ solutions. Cyber security is a complex...

This October marks another iteration of National Cyber Security Awareness Month (NCSAM) , a program designed to engage both the public and private sectors on good security practices via activities that encourage awareness and resiliency in the event of a national cyber incident. Sponsored by the Department of Homeland Security ( DHS ) in cooperation with the National Cyber Security Alliance and...

On Tuesday, the European Court of Justice ruled the 'safe harbor' data transfer agreement between the United States and the European Union invalid. According to BBC News , the United States and the EU adopted the 'safe harbor' framework back in 2000 in order to provide a "streamlined and cost-effective" means of transferring data from Europe to U.S.-based firms. Under European data protection laws...

In today's world, our notion of endpoints has evolved from something with a user and a keyboard to something with exploitable vulnerabilities. This conceptualization therefore covers network connections beyond laptops, personal computers and mobile devices. Indeed, vulnerabilities arising from Internet of Things (IoT) appliances; automobiles, such as security holes that ultimately resulted in a...

SQL injection is arguably the most severe problem web applications face. OWASP, an online community devoted to web application security, consistently classifies injection vulnerabilities as number one on their OWASP Top 10 Project . SQL injection vulnerabilities are a favorite amongst a number of “hactivist” groups whose aim is to cause disruption in the corporate community because they are...

A new report reveals that civilian nuclear facilities are not paying adequate attention to developing "cyber security readiness". According to the executive summary of "Cyber Security at Civil Nuclear Facilities: Understanding the Risks", the Royal Institute of International Affairs at well known think tank Chatham House conducted in-depth interviews with 30 industry practitioners, policy-makers...

Businesses have some serious problems on their hands when it comes to security. Major breaches seem to be occurring at an alarming pace – every other week seems to bring headlines of another large company suffering a security breach, and that doesn’t even begin to touch the thousands of breaches that don’t get media attention. With cyber attacks happening with far more regularly than ever before...

According to the 2015 Information Security Breaches Survey , 44 percent of both large and small organizations increased their security expenditure in 2015 compared with 53 percent and 27 percent in 2014, respectively. Despite the increase in expenditure, however, 90 percent of large organizations and 74 percent of small organizations reported that they had suffered a security breach – up from 81...

Our security roundup series covers the week’s trending topics in the world of InfoSec. In this quick-read compilation, we’ll let you know of the latest news and controversies that the industry has been talking about recently. Here’s what you don’t want to miss from the week of September 28, 2015: A massive data breach at Experian – one of largest credit reporting bureaus in the US – has led to the...

Hackers have compromised the personal information of 15 million T-Mobile customers after successfully infiltrating one of Experian's servers. John Legere, CEO of T-Mobile, has published a letter about the incident: "We have been notified by Experian, a vendor that processes our credit applications, that they have experienced a data breach. The investigation is ongoing, but what we know right now...

I recall engaging into a conversation with a fellow security professional this year on the subject of where the CISO role should reside and to whom they should report. My opponent’s opinion was very much contrary to my own, vocalising the value of the CISO having full alignment with the main board and the company executive. I, on the other hand, feel they (the CISO) should be far removed from any...

What a whirlwind the past few months have been for data security, breaches and hacking events. From the Wyndham v. FTC ruling to yet another breach by a BCBS affiliate , there is increasing pressure across the information security industry to push organizations to perform those pesky security risk assessments touted by the National Institute of Standards and Technology (NIST). No matter what...

A Russian antivirus (AV) firm was firebombed back in 2014 as a result of a report it published on a particular malware sample. On December 18, 2013, the AV company Doctor Web published a news item announcing that Trojan.Skimmer.18 had been added to the company's virus database. Later that same day, the company received a threatening email presumably originating from the writers and/or criminal...

The post office email scam is a time-tested method of attack among malicious actors. Indeed, when users see that they have received an email from an actor purporting to be their local post office, most of them buy into the familiarity of this governmental institution and click on a link without taking the time to inspect the sender address. Attackers further exploit users' implicit trust by...

Two security researchers uncovered thousands of medical systems exposed online that are vulnerable to web attacks. On Saturday, September 26, researchers Scott Erven and Mark Collao presented their findings at Derby Con 5.0 in a presentation entitled "Medical Devices: Pwnage and Honeypots." "We know medical devices are exposed to the Internet both directly and indirectly, so just how hard is it to...

Today, a segment will air on Crime Watch Daily where Tripwire Senior Security Researcher Craig Young and I reveal on camera how vulnerable smart homes can be when not properly secured. We show firsthand that the key weaknesses in most smart homes are a combination of insecure networks and default configurations, including systems that installers may say are "unhackable." So, what exactly is an IoT...

Banks have another security headache on their hands, as ATM-infecting malware is becoming increasingly sophisticated in its attempt to help criminals audaciously empty out cash machines on the high street on demand, without having to have previously stolen the payment cards of legitimate customers. Dubbed GreenDispenser by researchers at Proofpoint, the new malware targeting ATMs allows thieves to...

Tripwire recently hosted a webcast entitled, “Talking To The Board: How To Improve Your Board's Cyber Security Literacy -- UK Edition.” For the presentation, Amar Singh , Interim CISO and Founder of both Cyber Management Alliance and Give01Day , an organization that connects volunteer information security professionals together with charities seeking to protect their networks; Ray Stanton , the...

Our security roundup series covers the week’s trending topics in the world of InfoSec. In this quick-read compilation, we’ll let you know of the latest news and controversies that the industry has been talking about recently. Here’s what you don’t want to miss from the week of September 21, 2015: According to independent security journalist Brian Krebs , multiple sources in the banking industry...