Earlier this week, a U.S. judge ruled that banks can proceed with a class action suit filed against Target for a data breach that occurred in 2013. A U.S. District Court judge in St. Paul Minnesota affirmed Target's negligence in the data hack , which compromised upwards of 40 million credit cards. This decision enables the $5 million class action to be maintained under the representation of the...

Cyber liability insurance is becoming an increasing necessity for businesses and could easily become a requirement similar to E&O insurance not just for large corporations, but also small- to medium-sized businesses. The challenge, however, is understanding how much coverage, as well as the scope of the coverage organizations need to properly offset cyber risk. KPMG recently conducted a survey...

A recent report by Panda Security revealed a record high in the creation of new malware samples, reaching more than 21 million new threats over the course of just three months. In the second quarter of 2015, the Spanish security firm saw an average of 230,000 new types of malware each day – an increase of 43 percent compared to the same period last year. “A large number of the new types of...

A Russian hacker has pleaded guilty to stealing 160 million credit cards numbers and to attacking several large American companies. On Tuesday, Vladmir Drinkman , 34, admitted in federal court in Camden, New Jersey that he and four other individuals conspired to steal credit card numbers from Heartland Payment Systems Inc., 7-Eleven Inc., and the Hannaford Bros. grocery chain. The group's attack...

Content loading... More than half (55 percent) of information security professionals anticipate cybersecurity will factor as a key issue in the 2016 U.S. Presidential race. Last month, as part of Black Hat USA 2015 , Tripwire conducted a survey of 210 information security professionals. Of those respondents, more than a third (39 percent) revealed their expectation that cybersecurity would become...

All too often, I find that vendors discount the risks associated with attack vectors involving cross-site request forgery (CSRF). Naturally, remediation of vulnerabilities involving user-interaction should generally take a back seat to those that are exposed to completely remote/unauthenticated exploitation, but that doesn’t mean it is OK to simply forget about vectors like CSRF. A quick review of...

Modern cryptography, including elliptic curve cryptography , is being used extensively for securing our internet payments, banking transactions, emails and even phone conversations. The majority of today's cryptographic algorithms are based on public-key encryption, which is considered to be secure against attacks from modern computers. Quantum computing can simply break this security by reverse...

In 1985, around the time that the Internet was just beginning to take shape, there were six top-level domains (TLDs) in existence. These were ".com", ".net", ".org", ".gov", ".mil", and ".edu". Along with some 100 country codes, those TLDs led the evolution of the web for over a decade. But then things changed. As the Internet continued to expand in size, TLDs started to diversify and increase in...

For most organizations who manage information technology and/or information security programs, personnel are constantly on the lookout for the best ways to train their technology superstars and provide them with the best academic and hands-on learning resources available. Capture the Flag (CTF) events integrate both aspects of this into a single experience. In the educational and professional...

FireEye filed an injunction against German IT security research firm ERNW GmBH last month in order to protect its intellectual property. According to CIO , ERNW first contacted FireEye, a former intern of which recently pleaded guilty to selling Dendroid malware on Darkode, back in April of this year after its researchers discovered five vulnerabilities in the company's Malware Protection System...

Ransomware is on the rise. According to the McAfee Labs Threat Report: May 2015 , this threat saw a 165% increase in the first quarter of 2015 alone. In response, security researchers have periodically released removal kits designed to help victims of crypto-ransomware variants recover their encrypted files. However, given the diversification of ransomware, including their incorporation of popular...

Earlier this year, I focused on the emerging trend of Sakawa scams originating from the west coast of Africa. If you've never heard this term before, there is some learning for you to do! Sakawa, or JuJu, scams are a subsection of traditional online cyber crime. Whilst many scams originating from all over the world could be classed as 'sakawa,' the term is associated with a lifestyle, culture and...

With security breaches such as Sony , WHSmith and Ashley Madison hitting the headlines every week, the level of security awareness among the general public has never been higher. You could therefore be forgiven for thinking that (at least theoretically) it would be an easy task to impress the importance of information security matters on a board of directors. But company directors have a lot on...

Security researchers have spotted a sophisticated type of malware that is capable of bypassing CAPTCHA authentication systems in the Google Play Store. According to a blog post written by Bitdefender security researcher Liviu Arsene, the malware, which has been identified as Android.Trojan.MKero.A, seems to have somehow found its way into legitimate apps hosted on the Play Store and simultaneously...

Today’s VERT Alert addresses 12 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-632 on Wednesday, September 9th. Ease of Use (published exploits) to Risk Table Automated Exploit Easy Moderate Difficult Extremely Difficult No Known Exploit MS15-103 MS15-096 MS15-094 MS15-095 MS15-098 MS15-100 MS15...

Yes, simulated humans exist. And even if they don't quite walk amongst us, they do lie in beds in hospitals, helping medical students get valuable experience in caring for patients without the worry that one wrong step might result in a real human life being lost. Don't know what I'm talking about? Then meet iStan , the "most advanced wireless patient simulator on the market" according to its...

A security firm has discovered a variant of Android ransomware that masquerades as a pornography app called "Adult Player." According to a post published on Zscaler's blog, the ransomware, which is not found on legitimate app stores like Google Play Store and the Apple App Store, successfully loads onto a device after asking for admin permissions. It then uses a technique known as reflection to...

The Federal Trade Commission (“FTC”) can now sue a company for failing to adequately protect client data. Let that sink in for a moment. In short, the recent court ruling confirmed the FTC’s authority to create, impose, and enforce data security rules on virtually any business that holds consumer data. QUICK BACKGROUND On August 24, 2015, the US Court of Appeals ruled that the FTC has the...

The nation is in the midst of a torrent of major data breaches. The most recent breaches include the Ashley Madison breach , the Office of Personnel Management breach , and the theft of millions of dollars from small- to mid-size businesses. In addition to the financial impacts, the breaches include the release of personal-data including social security numbers, health and financial records, and...

Our security roundup series covers the week’s trending topics in the world of InfoSec. In this quick read compilation, we’ll let you know of the latest news and controversies that the industry has been talking about recently. Here’s what you don’t want to miss from the week of August 31st, 2015: On the one-year anniversary of ' The Fappening ,' an incident in which hundreds of explicit images of...