0 Comments
The challenges of running an information security program can be overwhelming with so many areas to address –… from encryption, to application security to disaster recovery. The complication of compliance with regulatory requirements such as HIPAA, PCI DSS and Sarbanes-Oxley, to name a few, adds to the mix. How should security professionals organize and prioritize
0 Comments
On Wednesday, Checkers Drive-In Restaurants alerted customers that it had been dealing with a data security issue involving “malware at certain locations.” On its website, the restaurant group announced that after discovering the issue, it “engaged leading data security experts to conduct an extensive investigation.” Federal law enforcement authorities have also been informed in order
0 Comments
Millions of files that are sitting out in the open across various file storage technologies are actually encrypted by ransomware More than 2.3 billion files have been found inadvertently exposed online over the past year, reads a report from threat intelligence outfit Digital Shadows. The firm’s new ‘Too Much Information: The Sequel’ report follows up
0 Comments
An unsecured Elastic database associated with dating apps has been discovered by a security researcher, making easily identifiable data exposed. Jeremiah Fowler, who has been working in the security software industry for over 10 years, found the database that held information about US data app customers, including their sexual preferences, lifestyle choices, and whether they were
0 Comments
Online graphic design tools are extremely useful when it comes to creating resumes, social media graphics, invitations, and other designs and documents. Unfortunately, these platforms aren’t immune to malicious online activity. Canva, a popular Australian web design service, was recently breached by a malicious hacker, resulting in 139 million user records compromised. So, how was
0 Comments
Private equity firm Insight Partners has acquired a controlling stake in Recorded Future, a threat intelligence firm based in Somerville, Mass., for $780 million. Founded in 2009, Recorded Future employs machine learning techniques to generate threat intelligence and provide a comprehensive view of the threat landscape. Early investors in the company include Google’s venture arm,
0 Comments
Insight Venture Partners has agreed to acquire a controlling interest in Recorded Future, a threat intelligence company, in addition to the minority stake it already owns. The all-cash transaction puts the value of Recorded Future at more than $780 million.  According to its press release, Recorded Future is the largest privately held threat intelligence software company
0 Comments
by John E Dunn One of computer security’s special frustrations is the phenomenon of malware that keeps re-infecting a system no matter how many times defenders think they’ve cleaned it. This was the puzzle that recently confronted Sophos Support when it was called in to investigate the mystery of an internet-facing Apache Tomcat web server
0 Comments
McAfee Advanced Threat Research recently released a blog detailing a vulnerability in the Mr. Coffee Coffee Maker with WeMo. Please refer to the earlier blog to catch up with the processes and techniques I used to investigate and ultimately compromise this smart coffee maker. While researching the device, there was always one attack vector that
0 Comments
ESET researchers analyze new TTPs attributed to the Turla group that leverage PowerShell to run malware in-memory only Turla, also known as Snake, is an infamous espionage group recognized for its complex malware. To confound detection, its operators recently started using PowerShell scripts that provide direct, in-memory loading and execution of malware executables and libraries.
0 Comments
Cyberwarfare is computer- or network-based conflict involving politically motivated attacks by a nation-state on another nation-state. In these types of attacks, nation-state actors attempt to disrupt the activities of organizations or nation-states, especially for strategic or military purposes and cyberespionage. Although cyberwarfare generally refers to cyberattacks perpetrated by one nation-state on another, it can also
0 Comments
Cyber Security researchers at Guardicore Labs today published a detailed report on a widespread cryptojacking campaign attacking Windows MS-SQL and PHPMyAdmin servers worldwide. Dubbed Nansh0u, the malicious campaign is reportedly being carried out by an APT-style Chinese hacking group who has already infected nearly 50,000 servers and are installing a sophisticated kernel-mode rootkit on compromised
0 Comments
Netflix’s chief content officer Ted Sarandos said the streaming service (which is spending billions of dollars on an ever-growing catalog of original content) will “rethink [its] whole investment in Georgia” if a recently-signed abortion law goes into effect. Sarandos’ statement was first published in Variety. The industry publication said it reached out to the major studios