The Verizon Data Breach Report has consistently said, over the years, passwords are a big part of breach compromises. Dr. Lori Cranor, and her team, at CMU has done extensive research on how to choose the best password policies verses usability. What about passwords leaked in the organization you are defending?
Because there's technology out there that can measure our typing characteristics, on the scale...
Security advocates have been bringing up privacy concerns surrounding wearable devices in the...
Some strains of Bartalex malware, a macro-based malware that first surfaced earlier this year, have recently been spotted dropping Pony loader malware and the Dyre banking Trojan.
While the practice of bite mark matching has been roundly criticized by the scientific community for lacking any of the basic principles of the scientific method, some critics of bite mark evidence were concerned that the subcommittees under NIST that were charged with looking into the field had been stacked with bite mark analysts and their allies. But this week, the fate of bite mark evidence took a much different turn.
America has been abuzz about the new revelations about OPM’s incredible loss of personal data — it’s being called a “hack,” the “biggest cyber attack in U.S. history.” Yet despite calls for retaliation and questions about whether this is a new high-water mark in “cyberwar,” the “OPM Hack” seems to have not been a real hack — let alone a cyber attack.
The FBI has once again launched its harpoons into the Deep Web, piercing the anonymizing layers of Tor to drag out the identities of two New York men who were indicted earlier this month on charges of possessing child abuse images.
Big-three credit bureau Experian is the target of a class-action lawsuit just filed in California. The suit alleges that Experian negligently violated consumer protection laws when it failed to detect for nearly 10 months that a customer of its data broker subsidiary was a scammer who ran a criminal service that resold consumer data to identity thieves.
Gone are the days when hackers only used American-made tools written only in English. Recently, native language tools and exploits started gaining momentum in the ever growing sphere of multinational cyber crime.
Can specialized intrusion technology be reasonably controlled in terms of who has access to it? Can international agreements on export controls that were created to limit land-mines and nuclear bombs be applied successfully to digital warfare? Would these regulations really be able to curb human rights abuses?
By now, many KrebsOnSecurity readers have seen stories about the coordinated global law enforcement takedown of Darkode.me, an English-language cybercrime forum. This post is an attempt to distill several years’ worth of lurking on this forum into a narrative that hopefully sheds light on the individuals apprehended in this sting and the cybercrime forum scene in general.
In the face of mounting cyber crime, hacktivism and espionage, network defenders need to transform their tactical IR groups into full-scale cyberintelligence teams.
Threat feeds in the industry are a valuable way to gather information regarding adversaries and their capabilities and infrastructure. Threat feeds are usually not intelligence though.
For the third time in a week, researchers have discovered a zero-day vulnerability in Adobe’s Flash Player browser plugin. Like the previous two discoveries, this one came to light only after hackers dumped online huge troves of documents stolen from Hacking Team — an Italian security firm that sells software exploits to governments around the world.
When it comes to iOS, public reports to-date have claimed that the Hacking Team spyware can only infect jailbroken iOS devices. In an effort to educate iOS users about the potential risks, we did some additional research and determined this is not the case.
Security researchers the world over have been digging through the massive HackingTeam dump for the past five days, and what we’ve found has been surprising. I’ve heard this situation called many things, and there’s one description that I can definitely agree with: it’s like Christmas for hackers.
So far, the cybersecurity war has been a lopsided rout. And it’s the bad guys who are on an epic winning streak.
While much attention has been paid to the very public attacks on government agencies, particularly the breach at the Office of Personnel Management, less has been made of the whereabouts of the exfiltrated data. So how easy is it for John Doe to get his hands on the information let loose in these attacks? Extremely, it seems, according to one recent report.