Federal IT Contractors Aren’t Using An Email Security Tool That’s Now Mandated For Agencies.

Out of 50 top government information technology contractors, 49 aren’t completely securing their email systems against spoofing and phishing attacks, according to a study released Wednesday. Only one of those contractors, Engility, is rejecting spam and phishing emails that use its domains entirely. Another, Tetra Tech, is warning recipients those emails are questionable and possibly sending […]

Twitter Sold Data Access To Cambridge Analytica

News has surfaced that Twitter sold data access to the Cambridge University academic who also obtained millions of Facebook Inc. users’ information that was later passed to a political consulting firm without the users’ consent. This sort of data sharing will no longer be possible as GDPR comes into force on 25 May, Ilia Kolochenko, CEO of web […]

Why Legitimate Websites Move To The Dark Side With Cryptomining

Check Point researchers have recently discovered a site that although once legitimate has now moved closer to the Dark Side.   Back in 2011, OSDSoft was a site offering its audience free video download software to thousands of users around the world.  Registered under the name of Ivan Koslov, it also had Facebook, Twitter and YouTube […]

GDPR: It’s A Marathon, Not A Sprint

After years of planning and discussion, the General Data Protection Regulation (GDPR) is very nearly upon us. However, despite the fact that this regulation has been climbing the agenda for some time now, it appears as though businesses are still rushing to get everything ready in time for the 25 May deadline. The reality is that many […]

Confessions Of A Hacker-Holic – Unit 42 Opens Up TheBottle

Unit 42 have been doing some really interesting research into TheBottle, the actor behind SquirtDanger. As part of an investigation into the SquirtDanger malware, Unit 42 discovered that the code repository had been posted by Russian cybercriminal TheBottle. While the malware itself proved to be interesting, it was the actor behind it that provided a […]

NHS Switches To Windows 10 In The Wake Of WannaCry

News broke earlier that the UK Department of Health and Social Care has announced that it will transition all National Health Service (NHS) computer systems to Windows 10. Officials cited the operating system’s more advanced security features as the primary reason for upgrading current systems, such as the SmartScreen technology included with Microsoft Edge (a Google […]

Popular Medical Device Security Advisories

Cynerio, a cybersecurity solutions provider specializing in helping healthcare organizations identity and prevent cyberattacks, today commented on a new ICS-CERT advisory of vulnerabilities found in BD Pyxis products, a medication and supply management system. ICS-CERT is the US government agency in charge of the cybersecurity posture of critical infrastructure in the US. Leon Lerman, CEO at Cynerio: “BD, a […]

Positive Technologies: Vulnerabilities In Hirschmann Switches Endanger Industrial Companies

Attackers can interfere with interaction of ICS components German vendor Hirschmann, a Belden company, has published information about fixes for five vulnerabilities in network switches used in energy, chemical manufacturing, transportation, and other industries. The vulnerabilities were discovered by Positive Technologies experts Ilya Karpov, Evgeny Druzhinin, Mikhail Tsvetkov, and Damir Zaynullin. The described issues affect […]

Ponemon Study On Insider Threats

A new Ponemon study* commissioned by ObserveIT reveals that the average cost of an insider-related incident is $8.76 million over the course of a year and it takes more than two months, on average, to contain an insider incident. Justin Jett, Director of Audit and Compliance at Plixer commented below. Justin Jett, Director of Audit […]

The Next Generation Of Phishing Scams Reveal Themselves

Researchers at Check Point and CyberInt, have discovered a new generation of phishing kit that is readily available on the Dark Web. Created by a cyber-criminal known as ‘[A]pache’, the kit makes it simple for those with very little technical ability to carry out their own cyber-attack. By simply downloading this multi-functioning phishing kit and following […]