Hacking smart cities: Dangerous connections
Once just a curiosity for technology enthusiasts, the Internet of Things (IoT) has become mainstream. In fact, the IoT security market is estimated to grow from USD 7.90 …
Sn1per: Automated pentest recon scanner
Sn1per is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. “I originally created Sn1per because I didn’t want …
Lack of security talent is a threat to corporate safety
Large businesses with a small amount of full-time security experts pay almost three times more to recover from a cyberattack than those businesses with in-house expertise, …
Five tips to help execute an employee training program
One of the best ways to reduce the risk of data breaches is employee training. This is particularly important during the fall “back to business” season when many …
New wave of targeted attacks focus on industrial organizations
Kaspersky Lab researchers discovered a new wave of targeted attacks against the industrial and engineering sectors in 30 countries around the world. Dubbed Operation Ghoul, …
Spammers modify sites’ core WordPress files for long-lasting compromise
In their quest to compromise WordPress installations and prevent site owners from discovering it and cleaning up the website, blackhat SEO spammers have turned to modifying …
Leaked hacking tools can be tied to NSA’s Equation Group
The batch of data released by the Shadow Brokers, an entity that claims to have hacked the Equation Group, contains attack tools that can be tied to the group. Equation Group …
Organizations still unprepared for malicious insiders
Organizations globally believe they are their own worst enemy when it comes to cybersecurity, with 45 percent saying they are ill-equipped to cope with the threat of malicious …
The inner workings of the Cerber ransomware campaign
Check Point’s research team has analysed the inner workings of Cerber, the world’s biggest ransomware-as-a-service scheme. Cerber execution flow Cerber is a ransomware …
Bug in Rockwell’s PLCs allows attackers to modify firmware
There is an undocumented SNMP community string in Rockwell Automation’s MicroLogix 1400 programmable logic controllers that can be exploited by attackers to remotely …
Subverting protection into DDoS attacks
On average, DNSSEC reflection can transform an 80-byte query into a 2,313-byte response, an amplification factor of nearly 30 times, which can easily cause a network service …
Shark Ransomware-as-a-Service: A real threat, a scam, or both?
A new Ransomware-as-a-Service project has sprung up, and the “service providers” are allowing others to use it for free, but take a 20 percent cut out of every …