Adding communications to cars and the transportation infrastructure provides cool new services (e.g., safe driving, faster transit times, etc.). From a security perspective, it also widens the threat landscape. Potentially, a bad actor sitting along the roadside with wireless access might be able to mess with the internal workings of your car or the traffic lights […]
Continue Reading...
Posted in Application Security, Automotive Security, Data Breach | No Comments »
With a technical story like WannaCry, there are bound to be some falsehoods spread as fact. As with any misconception, there is often a kernel of truth. More often though, the answer is more complicated than it first seems. Here are a few important falsehoods that have been circulating in the last 48 hours: WannaCry spreads via […]
Continue Reading...
Posted in Application Security, Data Breach | Comments Off on Don’t fall victim to these 5 WannaCry ransomware misconceptions
Last Friday, a piece of malware known as WannaCry (WanaCrypt0r 2.0/WCry) infected over 200,000 Windows-based machines in over 150 countries. What made this malware different was that it encrypted the hard drive, withholding the contents until the victim paid $300 BitCoins. While ransomware itself is not new, the rapid spread of WannaCry caught many people […]
Continue Reading...
Posted in Application Security, Data Breach | Comments Off on In the wake of WannaCry: What we now know and how to move forward
On Friday, several organizations around the world fell victim to a wave of ransomware that swept the globe. Ransomware is malware that encrypts the hard drives of compromised machines until the owner makes full payment. Such attacks have been persistent but relatively quiet. Until now, ransomware had been confined to limited or one-off events. A […]
Continue Reading...
Posted in Application Security, Data Breach | Comments Off on WannaCry ransomware attack takes the world by storm
A hacking tool leaked in April by a mysterious organization is attacking older Windows boxes, exposing gaps in organizational update and upgrade policies. One researcher estimates that between 100K and 200K boxes may already be compromised worldwide. What’s particularly interesting is that Microsoft issued a patch for the underlying vulnerabilities in March. Shadow Brokers Several […]
Continue Reading...
Posted in Application Security, Data Breach, Vulnerability Assessment | Comments Off on DoublePulsar continues to expose older Windows boxes: What you need to know
Your web application is the face of your business. It is the client-server software exposed to the world. For instance, when you want to book an airline ticket you visit the airline’s website to make the reservation. This public exposure and interaction is highly convenient to current and potential customers. However, it also makes your […]
Continue Reading...
Posted in Application Security, Data Breach | Comments Off on What are the signs your web application has been hacked?
As this year draws to a close, we can look back on 2016 and see what challenges the security industry has had to overcome. Jumping on this bandwagon a bit early, I hope to draw attention to some of the more difficult challenges our industry will face in the coming year. In order to do […]
Continue Reading...
Posted in Data Breach, Internet of Things, Red Teaming, Software Security Testing | Comments Off on Lessons learned from this year’s biggest security breaches
As we near the end of 2016, it’s time to reflect on some of the biggest security issues that we saw this year. 2016 was an interesting year in which many security issues came into focus. We saw many attacks with a goal of financial gain. We saw nation-states threatening cyberattacks around the US election. And, we […]
Continue Reading...
Posted in Application Security, Data Breach | Comments Off on Top cyber security trends of 2016
The data on thousands of computers at the headquarters of the General Authority of Civil Aviation in Saudi Arabia was erased starting in mid-November by malware from “outside the country,” according to a state report. On Thursday, the state-run Saudi Press Agency confirmed that a series of attacks on government systems, especially the transportation sector. […]
Continue Reading...
Posted in Data Breach, Government Security, Industrial Control System Security | Comments Off on Cyberattacks erase Saudi government data
Over the weekend, around 1 million Deutsche Telekom customers experienced interruptions in their Internet services, a denial of service that has now been traced to the Mirai botnet. Mirai leverages flaws in Internet of Things devices to create a compromised network or botnet. The source code for Mirai botnet went public in early October, allowing […]
Continue Reading...
Posted in Data Breach, Internet of Things | Comments Off on Mirai botnet targets Deutsche Telekom routers, causing outages