August 26th, 2015
A cross-site scripting (XSS) flaw on PayPal’s website could have been used by hackers to phish for your login credentials, and even steal your unencrypted card details.
August 17th, 2015
Sysadmins – if you don’t change the default settings, there’s a danger that you could be exposing your company’s secret data to the rest of the world.
August 17th, 2015
Industrial Control Systems (ICS) are the computer systems and networks used to control industrial plants and infrastructures. The term includes Supervisory Control and Data Acquisition (SCADA), Distributed Control Systems (DCS), and Programmable Logic Controllers (PLC). These systems are used in many sectors classified as critical by the U.S. and other governments. This includes emergency services, […]
August 14th, 2015
Industrial Programmable Logic Controllers (PLCs) are devices used to control key manufacturing and infrastructure systems around the world. A PLC is a fully customizable device which can take just about any data in, perform any combination of logical operations on it, and create an almost unlimited number of output scenarios. They’re common on manufacturing lines […]
August 12th, 2015
Once again, Microsoft finds itself patching Windows against attacks that can strike at your PC through the USB drive.
August 8th, 2015
Anata no joho sekyuritei konshu no haiku Mac Users Beware – Thunderstrike and Zero-Day Are Lookin’ For You! ### Notes ### * Thanks to Ms. Etsuko vdH for the translation. * Thanks to everyone who’ve contributed their haikus … watch this space to see if yours is published. * Submit Your Own … if yours […]
August 5th, 2015
If you needed any more convincing as to just how big a deal the recently discovered Stagefright vulnerability is on Android devices, just take a look at how Google and Samsung are responding.
July 27th, 2015
A researcher has found a serious Android vulnerability that requires no interaction at all by the user to hijack their device. In fact, the vulnerability could allow a hacker to infect your mobile phone, while you’re fast asleep.
July 13th, 2015
Operation Pawn Storm is up to its dirty tricks again, this time with what is claimed to be the first new Java zero-day vulnerability in two years.
June 19th, 2015
It’s all very well having a bug bounty program, argues LinkedIn, but how is your organisation going to cope if it is bombarded with hundreds of meaningless and useless reports, that your security team cannot act upon?
June 1st, 2015
Over the last couple of weeks I’ve seen a pattern of companies frustrating an individual to the point where the person gives up trying to communicate with the company and hacks them in a major way instead. I guess you could call it Revenge Hacking. In each case, the company was communicating with the person […]
May 25th, 2015
You’ve probably heard the idiom “No good deed goes unpunished.” It looks like that phrase will survive even the cyber age. There have a been few news stories about how vulnerability disclosures were handled, or mishandled. Some made me laugh, some made me cringe. When IT Security professionals find a vulnerability, they know what to […]
May 20th, 2015
Researchers discover a new attack against encrypted communications on the internet.
May 18th, 2015
A few weeks ago a story appeared on Slashdot about a new marketplace on the Dark Web called The Real Deal. Since it’s already in the press, hopefully there’s no harm in describing it here. I do risk being banned from the site for discussing it, but I’m optimistic they’ll see it as free publicity rather […]
April 17th, 2015
If a security researcher finds a vulnerability in your software, please don’t ignore them. Instead, be grateful that someone who has found a flaw in your product has chosen to let you know about it, rather than selling it (for probably more cash than you’ll offer them as a bug bounty) to some nefarious ne’er-do-well […]