April 5, 2017

FTC Takes Over as Top Cybersecurity Enforcer

Charlie Mitchell,, April 3, 2017

The Federal Communications Commission’s role as a driver of national cybersecurity policy, promoted by former Chairman Thomas Wheeler, was effectively scrapped last week when Congress passed a measure killing the commission’s 2016 cybersecurity and privacy rules.

Read More

How Our Pen Testers Get Through Your Mail Appliances

Paul Brandau,, March 31, 2017

For the final blog post in our series on lessons learned from 2016 security assessments, we’ll discuss a high-risk issue our penetration testers and consultants often come across: filtering malicious emails.

Read More

Insider Threat Fear Greater Than Ever, Survey Shows

Jai Vijayan,, March 29, 2017

More than half of security pros say insider threat incidents have become more frequent in the past 12 months.Despite continued spending on security measures for controlling and monitoring access to sensitive data, more organizations than ever feel vulnerable to breaches caused by insiders with legitimate access to enterprise systems.

Read More

Let’s Encrypt Issues Certs to ‘PayPal’ Phishing Sites: How to Protect Yourself

Bill Brenner,, March 30, 2017

The modus operandi for phishing attacks is straightforward: thieves spam out legitimate-looking messages with malicious links that, when clicked, dupe the victim into giving up passwords, credit card numbers and the like.

Read More

IRS Investigating Possible Breach of Data Retrieval Tool

Billy Mitchell,, March 27, 2017

Identity thieves may have used the IRS’s data retrieval tool to obtain taxpayers’ sensitive information connected to the Education Department’s federal student aid application. The IRS is investigating how many people may have been affected by “questionable use” of the data retrieval tool, according to a joint announcement Thursday from the IRS and Education Department.

Read More

Malware Campaign Targets Open Source Developers on GitHub

Graham Cluley,, March 30, 2017

Be on your guard if you’re a developer who uses GitHub – someone could be trying to infect your computer with malware. Reports have emerged that malicious hackers are attempting to infect open source programmers’ computers with a Trojan horse, by launching a targeted malware campaign via email against GitHub developers.

Read More

One of the Most Dangerous Forms of Ransomware Has Just Evolved to be Harder to Spot

Danny Palmer,, March 27, 2017

One of the most common forms of ransomware is evolving a new technique in order to become even more effective and harder to detect: the ability to evade detection by cybersecurity tools which use machine learning to identify threats.

Read More

Not Just a Load of Old COBOLers: Systems are Still Running on Old Code

Guy Claperton,, March 31, 2017

So, we started with a report on “legacy” COBOL systems still being in use and a report suggesting this represented a security risk, since the writers of those systems have retired and are dying off. We wanted a quick sanity check and found ourselves pinned to a wall of naivete pretty quickly. One technology journalist we spoke to, for example, reckoned there might be a few machines out there running Windows XP but only a handful, and nothing older.

Read More

IT Leaders Share How They Quell Cybersecurity Attacks

Clinton Boulton,, April 4, 2017

Ask CIOs and CISOs what cybersecurity fears keep them up at night and you’ll hear a range of responses — from social engineering hacks such as phishing, as well as malware that enables perpetrators to hijack users’ websites — the dreaded ransomware — and denial-of-service attacks. Depending on their business you might hear them say “all of the above.”

Read More
Infosecurity Newsletter Archive