Industry News

US National Vulnerability Database Hacked

Thursday, 14 March 2013 14:22

The US government's online catalog of cyber-vulnerabilities has been taken offline – ironically, due to a software vulnerability. The National Institute of Standards and Technology's National Vulnerability Database's (NVD) public-facing website and other services have been offline since Friday due to a malware infection on two web servers, it emerged on Wednesday.

High Definition Surveillance Solutions

Tuesday, 15 January 2013 17:53

I’ve always wondered what my cat did while I was away from home. Did she devour the leaves of the plant in the living room or merely nibble them? How often did she jump up on the kitchen counter to forage for food? Did she dash out through the open window to patrol the ledge from four stories up?

Plenty of video monitoring cameras offer home surveillance solutions, but they are either expensive or the video resolution is low. At $150, the Dropcam HD aims to hit the middle ground, serving as a decent child monitor or home security camera. As I was getting ready to head out of town on vacation, I was eager to try it out.

Last week's terrorist attacks on the United States are expected to shift government and legislative priorities on a host of technology issues. Internet privacy, for instance, the top technology policy issue barely more than a week ago, will likely be replaced by critical-infrastructure protection as the United States seeks to retaliate against what President Bush has called "an act of war." What this means is that pending legislation to protect corporate data about security incidents, voluntarily shared with the government, will likely be fast-tracked. Antispam legislation, on the other hand, may get pushed aside, according to officials at trade and privacy groups, as well as congressional sources.

Cyber-Criminals Eye Olympic Gold

Thursday, 10 January 2013 17:30

By Taylor Armerding

August 08, 2012 — CSO — The public's appetite for scandal around the world is practically insatiable. Not surprisingly, cybercriminals try to take advantage of it, especially during an event like the 2012 Olympic Games.

But the good news, say experts, is that the bulk of the scams are unsophisticated, looking to take advantage of so-called "low-hanging fruit."

Hackers Infiltrate New York Times

Thursday, 10 January 2013 16:56

From The New York Times

SAN FRANCISCO — For the last four months, Chinese hackers have persistently attacked The New York Times, infiltrating its computer systems and getting passwords for its reporters and After surreptitiously tracking the intruders to study their movements and help erect better defenses to block them, The Times and computer security experts have expelled the attackers and kept them from breaking back in.

The timing of the attacks coincided with the reporting for a Times investigation, published online on Oct. 25, that found that the relatives of Wen Jiabao, China’s prime minister, had accumulated a fortune worth several billion dollars through business dealings.

News Feed

CSO Online Social Engineering

  • The massive WannaCry outbreak caused an estimated $1 billion in damage costs in just its first four days, according to Stu Sjouwerman, CEO at KnowBe4.The WannaCry ransom payouts, however, have been minimal. Various media reports peg the payouts at anywhere from five figures to a few hundred thousand dollars. Even if everyone affected coughed up the $300 ransom demand, the total payouts would be roughly $60 million.To read this article in full or to leave a comment, please click here

  • When the WannaCry malware hit, many users were scrambling for fixes -- but some of the proffered solutions were actually just more malware, in disguise.Security experts recommend that companies stick with their existing security vendors and established update processes, and be careful about downloading fixes that they come across on the Internet."They're really exploiting everyone's fears," said Adam Malone, director of cyber investigations and breach response at New York-based PwC.Legitimate vendors aren't going to send out alerts via viral social media posts, he said. And patches usually don't require a download.To read this article in full or to leave a...

  • Got hit by WannaCry or worried that your organization will be?It goes without saying (hopefully!) that by now all IT organizations have read Microsoft's customer guidance for Wannacrypt attacks, and they will immediately deploy Microsoft Security Bulletin MS17-010.Beyond that patching, here are the top three pieces of advice for IT security pros and anyone concerned with WannaCry or any ransomware strain to heed:To read this article in full or to leave a comment, please click here

  • What's it like to be held hostage? I never want to find out and I'll bet you don’t either.  But given today's environment executives might find themselves held hostage in a way they never expected. Ransomware, as it is known because it holds your entire computer system hostage, is quickly becoming the hacker's method of choice because it's simple, fast and virtually untraceable. For the most part companies that are victims have little choice (unless they're properly prepared – more on that later) than to pay the ransom, whatever it is, to alleviate the attack. In fact, up until very recently...

  • The United States is under attack and we can expect such to remain the situation for the foreseeable future.  That's my summation of Director National Intelligence (DNI), Daniel R. Coats' presentation, "Worldwide Threat Assessment of the US Intelligence Community," on  May 11, 2017 to the Senate Select Committee on Intelligence (SSCI).Coats walked the SSCI through the various avenues by which the security of the United States was being placed in jeopardy: Cyber Threat, Emerging and Disruptive Technologies, Terrorism, Weapons of Mass Destruction and Proliferation, Space and Counterspace, Counterintelligence, Transnational Organized Crime, Economics and Natural Resources, and Human Security (SSCI - DNI...

  • On Tuesday, Gizmodo published a story about how easy it was to get Trump Administration officials and associates to click a Phishing link. In order to do this, the Gizmodo Special Projects Desk developed a fake Google Docs email, complete with a false sign-in page.During the elections last November, President Trump and his staff often pointed to the risks associated with Hillary Clinton's personal email server. The campaign was also full of discussions around the DNC hack, which started via a Phishing email.In my opinion, I think the point Gizmodo was attempting to make with this story is that officials...

  • An updated advisory form the FBI says that Business Email Compromise (BEC) attacks have become a multi-billion-dollar scam worldwide, as criminals take advantage of lax policies and human nature. Victims include businesses both large and small, operating in any number of vertical markets, proving that the criminals aren't picky about who they'll target.At their core, BEC attacks are a variation on Social Engineering, designed to target a person's normal routine. Social Engineering isn't easily detected or defeated, so when the criminals ask for something that isn't unusual or out of victim's comfort zone, the attack is often successful.To read this...

  • Our director of marketing caught the first one. "Hey, check this out," he wrote at the top of the forwarded email. Beneath was a quick message letting him know that one of his contacts had shared a Google doc with him. The email looked squirrelly, not least due to a recipient email that was nothing but a string of h's.It's always great when someone in the company forwards a suspicious email to me, especially since that's what I've asked everyone to do over a year-long course of phishing awareness training. But the director of marketing is very tech savvy and...

  • On Wednesday afternoon, social media exploded with reports of a new Phishing attack targeting users of Google Docs. The attack was clever, centered on getting the victim to grant permissions to an application called Google Docs before spreading to the victim's contacts.Fortunately, the attack didn't last long, thanks to the efforts of thoughtful users, Google, and Cloudflare.Officially, Google issued a brief statement on the matter via Twitter and to various members of the media: "We have taken action to protect users against an email impersonating Google Docs & have disabled offending accounts. We’ve removed the fake pages, pushed updates through Safe...

  • Fraud is prevalent in our digital world. Unfortunately, in both our social and professional lives, we can't always trust that those who present themselves as authentic are actually who they claim to be.Lots of end users have learned this truth the hard way, having fallen victim to social engineering, but these scammers are tangling wider nets of deception preying upon a new category of vulnerable targets--the job seekers.A new blog/whitepaper from ZeroFOX, talks about the concept of recruiter scams. In short, hackers are impersonating company recruiters by using their logo and providing a contact form about job opportunities via email.To read...

  • Last August a Baltimore substance abuse treatment facility had its database hacked. Patient records subsequently found their way onto the Dark Web, according to The group noticed such things as dates of admission, whether the patients are on methadone, their doctors and counselors, and dosing information.In the blog, the hacker “Return,” who they think is Russian, described how he compromised the Man Alive clinic: “With the help of the social engineer, applied to one of the employees. Word file with malicious code was downloaded.”To read this article in full or to leave a comment, please click here

  • Call centers in foreign countries can be at times ripe for social engineering. Most operators are supposed to stick to a script. But when dealing with a boisterous voice on the other end of the phone who is speaking in your second language, it can be intimidating.That is exactly what happened to the U.S-based digital marketer, who asked to remain anonymous. This person's bank account was compromised when a hacker called a call center in India stating he forgot his password and was unable to access an account. The call center operator eventually handed over the password after being pressured....