August 26th, 2015
A cross-site scripting (XSS) flaw on PayPal’s website could have been used by hackers to phish for your login credentials, and even steal your unencrypted card details.
August 17th, 2015
Sysadmins – if you don’t change the default settings, there’s a danger that you could be exposing your company’s secret data to the rest of the world.
August 17th, 2015
Industrial Control Systems (ICS) are the computer systems and networks used to control industrial plants and infrastructures. The term includes Supervisory Control and Data Acquisition (SCADA), Distributed Control Systems (DCS), and Programmable Logic Controllers (PLC). These systems are used in many sectors classified as critical by the U.S. and other governments. This includes emergency services, […]
August 14th, 2015
Industrial Programmable Logic Controllers (PLCs) are devices used to control key manufacturing and infrastructure systems around the world. A PLC is a fully customizable device which can take just about any data in, perform any combination of logical operations on it, and create an almost unlimited number of output scenarios. They’re common on manufacturing lines […]
August 13th, 2015
[Originally published in the Spiceworks IT Community.] A Google security research paper was recently published on the best safety practices that hundreds of security experts recommend. This paper outlines the results of two surveys — one with 231 security experts, and another with 294 web-users who aren’t security experts — in which both groups were asked what […]
August 12th, 2015
Once again, Microsoft finds itself patching Windows against attacks that can strike at your PC through the USB drive.
August 11th, 2015
Despite the launch of Windows 10 and all the talk about mandatory updates, today is still Patch Tuesday. And this month, everyone should pay attention. Microsoft shared a vulnerability smorgasbord today – offering a little something for everyone. From office and browser applications to desktops and servers, Microsoft covered them all with 14 bulletins. Some […]
August 9th, 2015
On August 5th Black Hat participants gathered at the Mandalay Bay for the 2015 annual presentation of The Pwnie Awards. The Pwnie Awards began in 2007 and have honored the most magnificent achievements and failures of the information security industry ever since. The winners aren’t [yet] posted on the official pwnies website. There has been […]
August 7th, 2015
As of August 1, ComputerWorld reported Windows 10 global usage had climbed to 2.5%. Not too shabby for the OS that was launched just three days earlier on July 29. Those numbers easily beat early adoption rates for Windows 8.1 but, I wonder how those users are faring? A quick read of headlines shows a […]
August 5th, 2015
If you needed any more convincing as to just how big a deal the recently discovered Stagefright vulnerability is on Android devices, just take a look at how Google and Samsung are responding.
August 3rd, 2015
Black Hat USA 2015 is underway in Las Vegas. The Black Hat conferences are an opportunity for IT Security professionals to learn new techniques and vulnerabilities from each other. They also provide ethical hackers a platform from which they can demonstrate the seriousness of the security flaws they find most important. This year no less […]
July 29th, 2015
Unless you’re still buried under snow in Buffalo, you probably know that Microsoft released its newest operating system today. Windows 10 is the latest and greatest from Redmond, and as one pundit put it: Vista was awful, Windows 7 was okay, and the less said of Windows 8 the better, but Windows 10 looks to […]
July 27th, 2015
A researcher has found a serious Android vulnerability that requires no interaction at all by the user to hijack their device. In fact, the vulnerability could allow a hacker to infect your mobile phone, while you’re fast asleep.
July 27th, 2015
Over the last several weeks I’ve written about ransomware primarily as it relates to individual machines or mobile devices. There is another very sneaky variant of ransomware which you should be aware of. It’s specifically crafted to hold websites hostage. It’s called RansomWeb. It’s methodology is slow and diabolical, and I believe it’s out there […]
July 22nd, 2015
No sooner have you digested the latest Patch Tuesday releases than you’re hit by a relatively rare out-of-band patch from Microsoft. As Russ said in his post, it’s definitely a crazy month! This emergency patch corrects a remote code execution (RCE) vulnerability found in all supported versions of Windows – including the soon-to-be released Windows […]
July 21st, 2015
In my previous two posts How Does Ransomware Work? Part 1 and Part 2 I described the process ransomware goes through to get on your systems, encrypt your files, and collect your money. Like any malware, all of the steps in the process need to be successful in order for ransomware to work. In the case of […]