U.K. Center of Security Excellence Hit by Ransomware
One of the world’s top ten universities, awarded the status of “centre of excellence in cyber-security research” by the UK’s GCHQ, has been hit by a so-far unrecognized strain of ransomware. This comes just one month after many UK health trusts were struck by the global WannaCry ransomware. In a statement originally issued yesterday and…
Relentless Attackers Try Over 100,000 Times Before They Breach a System
New report from startup tCell shows XSS attempts a noisy reminder of the overwhelming scale of automated attack techniques. One of the big reasons why security teams struggle to keep up with threats is because the bad guys are relentless with their attack attempts. The security community has long warned enterprises of the scope of…
Flying Under the Radar: How Hackers Use Protection Strategies for Attack
It’s a recurring theme in sports movies, war stories and crime stories alike: In order to defeat the enemy, one must think like the enemy. This approach has been taken – oftentimes quite successfully – in an array of settings, including the cybersecurity realm. Security researchers are constantly working to pinpoint and better understand the…
Mobile app developers: Make sure your back end is covered
Application security isn’t just a developer’s problem. IT staff and the security team also have roles to play in setting up the infrastructure and implementing security controls. When IT administrators forget the security basics for the app’s back-end servers, they undermine the developer’s good security decisions. Researchers at mobile security company Appthority recently analyzed apps…
IDG Contributor Network: “Security should be invisible”
In the world of security startups, there are those crazy ones. As that Apple ad goes, they are the misfits, the rebels, the troublemakers. The round pegs in the square holes. The ones who see things differently. They’re not fond of rules. And they have no respect for the status quo. Society should celebrate entrepreneurs…
After a cyberattack, companies remain vulnerable. What CIOs can do to protect their brands
Here’s a security scenario that’s all too common: A company suffers from a cyberattack, then responds to it promptly and alerts its customers, warning them to change their passwords. But the company remains vulnerable through the very means it uses to alert those customers: Email. In fact, attackers can exploit that vulnerability using email that…
Philippine Bank Chaos as Money Goes Missing From Accounts
A major Philippine bank shut down online transactions and cash machines on Wednesday after money went missing from accounts, triggering fears it had been hacked even as company officials said it was an internal computer error. Customers of Bank of the Philippine Islands (BPI) were shocked on Wednesday morning to see unauthorized withdrawals and deposits…
How computer security pros hack the hackers
The long, awkward silence is always the first sign that a previously over-confident hacker realizes he’s suddenly become the victim. It happens every time. The malicious hacker had been firing his “ion cannon” at my network address trying to overwhelm my home computer and internet connection. I had sent him an email the day before…
Vulnerability opens FreeRADIUS servers to unauthenticated attackers
There is currently no indication that the flaw is being exploited in the wild, but as the existence of the flaw has been made public, the likelihood of attacks rises. The good news is the FreeRADIUS Development Team has plugged the hole in version 3.0.14 of the FreeRADIUS suite (pushed out on Friday), and administrators…
Healthcare industry continues to struggle with software security
67% of medical device manufacturers and 56% of healthcare delivery organizations (HDOs) believe an attack on a medical device built or in use by their organizations is likely to occur over the next 12 months. According to the results of a recent survey, roughly one third of device makers and HDOs are aware of potential…