This document aims to analyse and explore data collected from technical assurance engagements during 2016. The original piece of data analysis was performed by two of our interns (Daniel and Chris) as part of Cisco’s intended contribution to the next Top 10 publication from OWASP however due to time constraints, our data points were not submitted. As a

Hackers breached the systems of anti-adblocking solutions provider PageFair and used the access to deliver malware via the publishers that rely on the company’s services.PageFair helps web publishers measure and recover revenue lost due to ad blockers, which have become increasingly problematic for the advertising industry. The company says it serves more th

A report published on Tuesday by Trend Micro provides a detailed view of Japan’s cybercriminal underground which, despite being in its infancy, has all the elements needed to thrive.Japanese individuals and organizations have often been targeted by both APT actors and profit-driven cybercriminals. While some of these threats have been traced to other countri

A new report from FireEye details the activities of a threat actor whose mission has been to gather valuable information on individuals and organizations opposing Syrian President Bashar al-Assad.According to the security firm, the attackers targeted military information, humanitarian activities and financing, media and communications, political info

Symantec has published a new whitepaper detailing the activities of a threat group dubbed by the security firm “Waterbug.”Waterbug is the attack group previously known for cyber espionage campaigns leveraging toolkits such as Turla (also known as Snake or Uroburos) and Epic Turla (also known as Wipbot or Tavdig).The group is believed to be active sin

IBM today released research and intelligence reports on data breaches in the retail sector and trends for the Black Friday/Cyber Monday period.According to the company, a total of more than 61 million retail records were stolen, lost or leaked in the United States last year, which is less than the over 70 million records compromised in 2013.There hav

Hacking back – should it be a legal right for those under cyberattack? At the beginning of May 2013 the Dutch government proposed a new law that brought fresh impetus to an old idea: law enforcement’s right to hack back. “The controversial proposal[1],” said Dutch cyber rights organiza

Automated vs hybrid vulnerability scanning A CIO’s experienceAleksandr Kirpo, CSO of the credit card processing Ukranian Processing CenterYou will have heard about programs that perform automated security scanning for website safety assessments. Such scanning software was developed in