Ask the Experts: How Industrial Organizations Can Strengthen Their Security Posture
Many organizations are still struggling to fill out their digital security workforces. This task isn’t getting any easier with time, either. In a Tripwire-commissioned survey of 336 IT security professionals, four-fifths of respondents told Dimensional Research that they feel it’s gotten more difficult to hire skilled personnel since 2017. That’s ... Read More
Apple Increases Maximum Bug Bounty Program Payout to $1M
Apple announced that it will be expanding the scope of its bug bounty program and increasing its maximum possible reward payout to $1 million. Ivan Krstić, Apple’s head of security engineering, made the announcement during a presentation on iOS and macOS security at Black Hat USA 2019. He revealed that ... Read More
State Farm Says Security Incident Might Have Exposed Customers’ Data
Insurance company State Farm revealed that a digital security incident might have exposed their customers’ personal information. In August 2019, ZDNet obtained a copy of a letter in which State Farm disclosed a data breach. The insurance company specifically revealed that a bad actor had conducted a credential stuffing attack ... Read More
AT&T Announces Launch of Public Bug Bounty Program
American multinational conglomerate holding company AT&T has announced the launch of its public bug bounty program on HackerOne. Revealed on 6 August, the new program will award security researchers who submit reports on eligible vulnerabilities that affect AT&T’s websites, mobile apps, devices and exposed APIs. In-scope flaws include weaknesses that ... Read More
Bad Actors Using Dating Scams to Recruit Money Mules, Warns FBI
The Federal Bureau of Investigation (FBI) warned that bad actors are using dating scams in an attempt to recruit money mules. According to the FBI, bad actors first attempt to gain a potential victim’s trust and lead them to believe that they’re in a legitimate relationship. They’ll then abuse that ... Read More
Murfreesboro Discloses Security Incident Involving Water Resources Portal
The City of Murfreesboro has disclosed a security incident involving the online portal for its Water Resources Customer webpage. In early August, IT personnel for the Rutherford County municipality detected some security issues affecting the online portal for the Water Resources Customer webpage. Tennessean reported that they decided to shut ... Read More
65K Attempts to Steal Credit Card Info From Online Stores Blocked in July
Security researchers detected and blocked over 65,000 attempts to steal credit card information from compromised online stores during the month of July. In July, Malwarebytes found that the majority (53.5 percent) of stolen credit card details originated from shoppers located in the United States. Canadians were the second most-prevalent group ... Read More
WaterISAC: 15 Security Fundamentals You Need to Know
On February 8, the world learned about a digital attack at the water treatment plant serving the 15,000-person City of Oldsmar, Florida. An operator at the water treatment plant observed someone remotely take control of his mouse and use it to change the setting of sodium hydroxide within the water ... Read More
CISA Warns of Insecure CAN Bus Networks Affecting Aircraft
The Cybersecurity and Infrastructure Security Agency (CISA) has warned of insecure CAN bus network implementations affecting aircraft. On 30 July, CISA explained that attackers could target aircraft by exploiting insecure implementations of their CAN bus networks, tools which allow separate devices and systems to communicate with one another using a ... Read More
The 6 Top Tips of Things to Do at Black Hat USA 2019
Are you going to Black Hat USA 2019? If you are, you’re no doubt counting down the days until 3-8 August when you can join the thousands upon thousands of security professionals at the Mandalay Bay Resort and Casino in Las Vegas, Nevada. But if you’ve been to any of ... Read More
