May 30, 2016

With a target as big as SWIFT, you’d expect them to be prepared for breaches originating from within trusted banks

If you were an attacker looking for the biggest financial return on your investment in evil criminal schemes, you would probably look at international banking transfer systems as being a nice, big target. In fact, a security investigation company revealed that at a number of banks connected to the Society for Worldwide Interbank Financial Transactions (SWIFT) network were recently targeted in massive fraud attacks. It may seem surprising, but the attackers were able to easily cover their tracks on the systems they accessed after submitting bogus transfer request messages.
May 30, 2016

Even with isolated networks, nuclear power plants are still infested with malware

You might imagine nuclear power facilities to have state-of-the-art security, with locked-down computers that can only run software that the installers authorized. Well, this doesn’t seem to be the case in some facilities. At a nuclear power-plant 75km from Munich, Germany, employees discovered serious pieces of malware, including Conficker and Ramnit. In addition, they discovered 18 USB drives that had malware on them in the facility. And this isn’t the only case.
May 30, 2016

When there's a choice between privacy and sizzle Google usually goes with sizzle by default

Google is offering an innovative messaging product called Allo to compete with other mobile messaging apps. It has features like suggesting responses to messages from your friends, to save you time. But to do this, it needs access to all of the message content. On the other hand, you will have an option to turn on end-to-end encryption, which uses the secure SIGNAL protocol... On the other hand, if you do turn on the end-to-end encryption feature, you won't get the "sizzle" features like the message reply suggestions. So, let's just be clear about privacy versus convenience.
June 9, 2016

It just got more expensive to lose your personal information to identity theft

In one sense, it’s hard to believe it’s taken so long for identity theft to get to this point. At least, up until now, most of […]
June 26, 2016

Many LinkedIn users don't seem to be aware of risks from fake connection requests

By now, you might think that employees are able to distinguish between legitimate LinkedIn connection requests and those from people using faked profiles. Unfortunately, recent statistics […]
June 30, 2016

This old email attachment icon signals a new danger

We all tend to know that email message attachments can be dangerous. There are many file types and associated icons we should actually be careful with. […]
July 27, 2016

How not to behave responsibly when you're hacked by a foreign government

When the Inspector General at the US Federal Deposit Insurance Corporate (FDIC) pulled on a loose thread during an internal investigation of a significant data breach […]
July 29, 2016

Think your mobile device can't be held hostage? Think again.

Ransomware has evolved as a very dangerous threat to computers and networks. Becoming infected with ransomware is especially costly for businesses that rely on databases of constantly changing information for their daily operation, like hospitals and universities. So, we tend to think that only databases with very sensitive information are likely to be targeted for this kind of extortion by attackers. On desktop computers, there were many ways in which attackers can get malware to encrypt your files and hold your computers hostage. But, while it’s somewhat harder for attackers to encrypt critical data on your mobile device there are a couple of new kinds of extortion that could hit you closer to home – forcing you to pay up to regain access to your mobile phone or tablet.
July 29, 2016

When this popped up in a DNC worker's webmail session, it should have given pause

Sometimes we are so well trained to ignore suspicious pop-up messages while using a web browser that we may miss some important clues about imminent risks […]
August 30, 2016

Getting rich by betting against insecure medical device suppliers

Just a few months ago, I highlighted the fact that many medical devices at hospitals and health-care institutions were accessible and often open to attack from […]