Latest News

How To Figure Out When Your Company Should Hire A CISO

How To Figure Out When Your Company Should Hire A CISO

Most companies build their cybersecurity teams organically, albeit in different ways depending on the industry, product or service provided. For example, smaller venture capital-backed tech startups often bring on a security architect or a security generalist as their dedicated first hire. Whereas highly regulated industries such as finance or healthcare are likely to have hired a compliance...

MongoDB Ransomware Available for Sale Online

MongoDB Ransomware Available for Sale Online

One of the groups that targeted the popular MongoDB database software, called Kraken0, is now selling their exploit code, in a move that all-but guarantees to increase the number of actors targeting the platform. Included in the package is malware for both MongoDB, as well as Elastic Search, which has similarly been the target of ransomware attacks over the past month. Also thrown in is a list...

To Demonstrate Cyber Vulnerabilities, Hacking Group Infiltrates Utility

To Demonstrate Cyber Vulnerabilities, Hacking Group Infiltrates Utility

Companies are smart if they understand they need a stronger security posture, says a hacking firm that has demonstrated the ease by which it fully compromised a power company. In a 16-minute YouTube video produced by Tech Insider, St. Paul, Minn.-based RedTeam Security Consulting shows how at risk critical infrastructure can be when contracted by a Midwestern energy provider to test their...

In Farewell Press Conference, Obama says ‘New Cyber Age’ Will Need New Tools

In Farewell Press Conference, Obama says ‘New Cyber Age’ Will Need New Tools

In the wake of a presidential campaign marred by hacking and social-media skulduggery, President Barack Obama says America’s digital architecture will have to be fine-tuned to preserve democracy. He said “In this new cyber age, we’re going to have to make sure that we continually work to find the right balance of accountability and openness and transparency that is the hallmark of our...

The US Postal Service Wants to Bring Down Dark Web Criminal

The US Postal Service Wants to Bring Down Dark Web Criminal

The FBI isn't the only US law enforcement agency on the dark web. Considering that the digital drug trade relies on snail mail to transport goods, the US Postal Inspection Service (USPIS) works on related investigations too, and is now looking to expand its intelligence operations with more analysts. USPIS is the law enforcement arm of the US Postal Service (USPS). The U.S. Postal Inspection...

Enisa Helps Firms Strengthen Blockchain Tech

Enisa Helps Firms Strengthen Blockchain Tech

EU security agency Enisa has waded into the debate over the future of public ledger technology blockchain with a new report designed to highlight security challenges and best practices for those in financial services. The report also warned of attacks on sidechains, DDoS brought about by rogue digital wallets spamming the network and software errors in the smart contract programs which run on...

Connected Devices Give Spies a Powerful New Way to Snoop

Connected Devices Give Spies a Powerful New Way to Snoop

The potential use of the IoT for surveillance is gaining recognition from the US intelligence community.  The idea behind the IoT is that everyday items can now collect and transmit data wirelessly. The potential use of the IoT for surveillance is gaining recognition from the US intelligence community. Former US national intelligence chief James Clapper  told the Guardian last year that...

  • More at Wired
  • |
  • |
Responsible Disclosure - Crucial for Security, Crucial for Intelligence

Responsible Disclosure - Crucial for Security, Crucial for Intelligence

First and foremost, not adhering to responsible disclosure has the potential to amplify the threats posed by certain vulnerabilities and incidents. By publicly exposing a zero-day vulnerability without giving the affected company sufficient time to address it, you also expose the vulnerability to threat actors who could potentially take advantage of it before a patch becomes available. And given...

DOD Cyber Policy Chief: We have Deterred Destructive Cyberattacks

DOD Cyber Policy Chief: We have Deterred Destructive Cyberattacks

When President Barack Obama took office, one of intelligence officials’ top fears was a “cyber Pearl Harbor,” a catastrophic and destructive cyberattack that resulted in mass casualties and destruction of property. One major reason that hasn’t happened is because the massive power and stated policy of the U.S. military—cyber and otherwise—have deterred any would-be attacker, says...

Spora Ransomware Could Become the New Locky

Spora Ransomware Could Become the New Locky

Spora is a ransomware (meaning “spore” in Russian) which is spread by email, but it can also spread via USB drives. It was first spotted some ten days ago. It targets Russian users, uses well made ransom payment sites and online decryption service, and some very good encryption. Unlike most ransomware, Spora is able to work offline and does not generate any network traffic to online...

Computers in St. Louis City Public Library System Crash After Ransomware Attack

Computers in St. Louis City Public Library System Crash After Ransomware Attack

All 700 computers in the St. Louis City Public Library system went down this week in an apparent ransomware attack, officials announced Thursday. Every computer in city’s 16 branches has been shut down as the library looks into a hack that hit the whole system. PR manager Jen Hatton told KSDK a hacker group blocked the library’s servers and demanded $35,000 to release them back. The motive...

Translation Firm Breached; Provides Services to Google, Boeing, USPS

Translation Firm Breached; Provides Services to Google, Boeing, USPS

A California-based translation and interpreter company has confirmed a massive data exposure, which if abused could have let hackers raid the company's systems and email accounts, and ransack other sensitive corporate and financial information. Security researchers at MacKeeper discovered an internet-connected backup drive with no password protection, allowing anyone to view or download the...

  • More at ZDNet
  • |
  • |
Event : World Cyber Security Congress 2017

Event : World Cyber Security Congress 2017

The World Cyber Security Congress focuses on innovative networking opportunities such as round table discussions, 1-2-1 partnering opportunities, speed networking, an interactive networking portal and our relaxed evening drinks reception. It will feature industry leaders and gurus and will raise the profile of cyber security applications across the globe. Here is you chance to meet CISOs, CIOs,...

Ransomware; Cyber Scum Suckers Hit Cancer Agency, Threaten to Contact Families

Ransomware; Cyber Scum Suckers Hit Cancer Agency, Threaten to Contact Families

Some cyber scum suckers sunk to an all-time low, hitting an Indiana Cancer Services agency with ransomware before threatening “to contact family members of living and deceased cancer clients, donors and community partners” if the $43,000 ransom was not paid. Cancer Services of East Central Indiana-Little Red Door, an independent, non-profit agency based in Muncie, Indiana, became a victim of...

Ransomware Attacks on Elasticsearch Now Number in Thousands

Ransomware Attacks on Elasticsearch Now Number in Thousands

Since last week, ransomware attacks on Elasticsearch have quadrupled. Just like the MongoDB ransomware assaults of several weeks ago, Elasticsearch incursions are accelerating at a rapid rate. There are an estimated 35,000 Elasticsearch clusters open to attack. Of these, Niall Merrigan, a solution architect who has been reporting on the attack numbers on Twitter, states that over 4,600 of them...