FDA, DHS Investigating St. Jude Device Vulnerabilities

The U.S. government has entered into the St. Jude-MedSec-Muddy Waters fray with an investigation into claims St. Jude medical devices are vulnerable to cyberattacks. The Food and Drug Administration and Department of Homeland Security also apparently disapprove of the approach taken by MedSec and...

SWIFT Warns Banks Of More Cyberattacks

Reports of additional attacks against banks that use SWIFT, the global financial transaction messaging network, came to light Wednesday. The attacks were reportedly persistent, sophisticated and in some cases successful, impacting an undisclosed number of financial institutions. It’s the latest...

Two US State Election Systems Hacked to Steal Voter Databases — FBI Warns

A group of unknown hackers or an individual hacker may have breached voter registration databases for election systems in at least two US states, according to the FBI, who found evidence during an investigation this month. Although any intrusion in the state voting system has not been reported, t...

EU Struggles to Determine Growing Cost of Cyberattacks

After painstakingly calculating the true cost of cybercrime in the European Union researchers conclude it’s nearly impossible to come up with hard numbers. In a study released this week by the European Union Agency For Network And Information Security ENISA researchers assert that it’s vitally...

Coalfire Contributes to New Book on Cybersecurity

Today marks the launch of a new book published by the New York Stock Exchange and Palo Alto Networks called, "Navigating the Digital Age: The Definitive Cybersecurity Guide for Directors and Officers." Im proud to have worked with my predecessor, the late Rick Dakin, to contribute a chapter to th...

Github Mitigates DDoS Attack

Code repository Github mitigated a distributed denial-of-service attack, restoring services this morning around 9 a.m. Eastern time. According to a Github status log, connectivity problems began today around 5:30 a.m. with Github declaring it was under a DDoS attack an hour later. A request for...

Microsoft LAPS Tool Addresss Local Admin Password Problem

Microsoft’s release last week of the Local Administrator Password Solution LAPS takes some steps to address an old question of what to do with local admin passwords, but doesn’t provide a complete answer, experts said. Windows admins have long used a common local account with the same password on...

DDoS Attack on GitHub Linked to Earlier One Against GreatFire.org

The ongoing DDoS attack on GitHub, which has made the social coding site intermittently unresponsive since March 25, is essentially a side effect of an older operation from the Chinese government against a site run by the anti-censorship project GreatFire.org. Officials at GreatFire said that the...

Lenovo Shipping PCs with Pre-Installed 'Superfish Malware' that Kills HTTPS

One of the most popular computer manufacturers Lenovo is being criticized for selling laptops pre-installed with invasive marketing software, or malware that, experts say, opens up a door for hackers and cyber crooks. The software, dubbed ‘Superfish Malware’, analyzes users’ Internet habits and...

A Call for Better Coordinated Vulnerability Disclosure

For years our customers have been in the trenches against cyberattacks in an increasingly complex digital landscape. We’ve been there with you, as have others. And we aren’t going anywhere. Forces often seek to undermine and disrupt technology and people, attempting to weaken the very devices and...

General Availability for Enhanced Mitigation Experience Toolkit (EMET) 5.0

Today, we are excited to announce the general availability of Enhanced Mitigation Experience Toolkit EMET 5.0. EMET is a free tool, designed to help customers with their defense in depth strategies against cyberattacks, by helping block and terminate the most common techniques adversaries might u...

Announcing EMET 5.0

Today, we are excited to announce the general availability of the Enhanced Mitigation Experience Toolkit EMET 5.0. As many of you already know, EMET is a free tool, designed to help customers with their defense in depth strategies against cyberattacks, by helping detect and block exploitation...

Digital First Aid Kit Guide For Activists, First-Responders

A coalition of worldwide non-governmental organizations has compiled a guide for individuals at risk for cyberattacks as well as for anyone charged with helping activists, human rights organizations and journalists identify and respond to threats. The Digital First Aid Kit is available on Github...

GAO Shipping Port Cybersecurity Report

The U.S. Department of Homeland Security, Coast Guard and Federal Emergency Management Agency FEMA have been taken to the woodshed in a General Accounting Office GAO report on maritime cybersecurity. The GAO said the response to mandates to improve computer security efforts to protect the network...

U.S. Indicts Five Chinese Army Officers for Alleged Cyberespionage Operations

The United States government on Monday made an unprecedented move in its efforts to combat cyberespionage operations against American companies, efforts that until now had mainly consisted of strongly worded statements and diplomacy. The Department of Justice indicted five officers of the Chinese...

Model Predicts Optimal Timing of a Cyber Conflict

Security researchers from the Ford School of Public Policy at the University of Michigan have published a mathematical model they said will produce the proper timing for the delivery of offensive cyberweapons. Defenders can also make use of the model to understand attackers and when an targeted...

22 million Yahoo IDs stolen from their Japanese Server

22 million Yahoo! Japan's user IDs may have been stolen during an unauthorised attempt to access the administrative system of its Japan portal. "We don't know if the file of 22 million user IDs was leaked or not, but we can't deny the possibility given the volume of traffic between our server and...

22 million Yahoo IDs stolen from their Japanese Server

22 million Yahoo! Japan's user IDs may have been stolen during an unauthorised attempt to access the administrative system of its Japan portal. “We don’t know if the file of 22 million user IDs was leaked or not, but we can't deny the possibility given the volume of traffic between our server and...

Syrian Internet Connection Cut Off Again

For the second time this month, the civil war-torn nation of Syria lost its connection to the Internet this morning before emerging from the Internet blackout several hours later, according to information provided by Arbor Networks. Google’s Transparency report webpage revealed that at around 2:5...

Google Strong Authentication Strategy Eliminates Passwords

Gmail and Google Apps account hijacking has been the linchpin of a number of high-profile targeted attacks, starting with the Aurora attacks of 2009, right up until last week’s attack against the Twitter account belonging to the satirical Onion news site. Granted we’re talking about two very...