What’s the best way to stop ransomware? Make it riskier and less lucrative for cyber criminals. Nearly all intruders prefer to collect a ransom in cryptocurrency. But it’s a double-edged sword since even crypto leaves a money trail. Recovering ransomware payouts could lead to a sharp decline in exploits. Ransomware is still today’s top att

p>People up to no good get themselves caught in an endless number of ways. This has always been the case in the real world, and continues to be true online. No matter how talented, how daring the schemes, greed and the desire for fame often win out. This has disastrous consequences for those caught, and a little more illumination for those of us taking part

As more services move ever cloud-wards, so too do thoughts by attackers as to how best exploit them. With all that juicy data sitting on someone else’s servers, it’s essential that they run a tight ship. You’re offloading some of your responsibility onto a third party, and sometimes things can go horribly wrong as a result. Whether it’s the third party being

Hackers: They’ll turn your computer into a BOMB! “Hackers turning computers into bombs” is a now legendary headline, taken from the Weekly World News. It has rather set the bar for “people will murder you with computers” anxiety. Even those familiar with the headline may not have dug into the story too much on account of how silly

It’s the holiday season, and if you are an IT security professional like me, going home for the holidays often means you are the designated briefing correspondent on all things data breaches. This year, instead of trying to explain IT jargon to my friends and family, I decided to compile a list of 2016 breaches and security incidents that will be sure

Breaches involving stolen credentials don’t surprise anyone these days. Those of us in infosec know too well that it’s a thousand times easier for the bad guys to gain access to a network and fly under the radar with a stolen login—often obtained through social engineering—than it is to get through cyber defenses. From the bad actors’ perspective, why pick t

Earlier this week, mass panic ensued when a security firm reported the recovery of a whopping 272 million account credentials belonging to users of Gmail, Microsoft, Yahoo, and a variety of overseas services. "Big data breaches found at major email services" warned Reuters, the news service that broke the news. Within hours, other news services were running

Update Comcast’s Xfinity Home Security System is vulnerable to attacks that interfere with its ability to detect and alert to home intrusions.Researchers at Rapid7 today disclosed the issue after fruitless attempts to contact and report the problem to Comcast dating back to Nov. 2; Rapid7 did disclose the vulnerability to CERT, which is expected to iss

Well, if you thought you had it rough in 2014 because of big, bad Poodles and an irritating case of Heartbleed, things only got worse this year. Rather than intrusions permeating our IT systems and stealing our data, attacks got a bit more personal in 2015. Not only were privacy and civil liberties put at risk by legislators pushing overbearing rules based o

A relatively small number of Twitter users, including a few connected to security and privacy advocacy, have been informed that their accounts have been targeted by state-sponsored hackers.Notifications began appearing in the inboxes of affected users two days ago, with very little concrete information accompanying the warning. Twitter said in the notifica

An unusual DDoS amplification attack was carried out 10 days ago against many of the Internet’s 13 root name servers, the authoritative servers used to resolve IP addresses.The attacks happened on Nov. 30 and again on Dec. 1, and each time, massive volumes of traffic, peaking at five million queries per second, were fired at the servers. A note from th

An APT gang linked to China and alleged to be responsible for targeted attacks against foreign governments and ministries, has now pointed its focus inward at China’s autonomous territory Hong Kong.An August attack against several media companies in Hong Kong was carried out shortly after a high-profile controversy over an appointment at the prestigiou

Lenovo has patched two serious vulnerabilities that hackers could abuse in targeted attacks, or at scale, to easily guess administrator passwords on a compromised device, or elevate privileges to Windows SYSTEM user.The vulnerabilities were patched last Thursday by the manufacturer and details were disclosed Tuesday by researchers at IOActive, who privately

The FBI has put law enforcement and high-profile public officials on notice that they could be targeted by hacktivists following the recent doxing of CIA director John Brennan by the hacktivism collective called Crackas With Attitude.Brennan’s AOL email account was taken over by a teen associated with the group who posed as a Verizon employee to steal

Barcodes’ pervasiveness in retail, health care and other service industries notwithstanding, hackers really haven’t paid much attention to these tiny lines of data.But like other technologies supporting the so-called Internet of Things, there are bound to be vulnerabilities and there are bound to be white hats and black hats poking about. Case