The FBI is warning people about a business email scheme which has resulted in huge losses to companies in Phoenix and other U.S. cities. Here’s how the scam works: A CEO seemingly emails an employee — typically in a finance or administrative role — instructing them to perform a wire transfer. The employee follows directions [...]
You may have heard the term ‘two-factor’ or ‘multi-factor’ authentication. If you haven’t heard of these terms, chances are you’ve experienced this and not even known it. The interesting thing is that two factor authentication is one of the best ways to protect your accounts from being hacked. So what exactly is it? Well traditional [...]
Even if an application has been built following security and defensive coding best practices, it will still require significant testing before it's ready for release. Whether this is routine testing for common vulnerabilities or security-focused penetration testing to pick up on the types of problems that often slip through the cracks, following security best practices [...]
A clever scam that involves a “free mobility or traffic app” is duping users by tracking their whereabouts and then sending a fake speeding ticket. Police in Pennsylvania detailed a scam that involves a mobile app, which may have been used to target people by sending them legitimate-looking speeding tickets via email. The app includes [...]
A poll of 1000 Institute of Directors members in the UK has found that two thirds of the companies who fall victim to a data breach are failing to declare it publicly or report it to the police for fear of reputational damage. Also, only around half of companies have a solid cyber security strategy [...]
Smart companies know the best offense against security threats is a strong defense. And what type of defense is the most successful, you ask? Educating Employees! A stunning 91% of data breaches start with employees, making it essential for organizations to educate all employees on the threats associated with today's online world. [...]
A report accompanied with a rating taxonomy aimed to help researchers and customers to determine appropriate payouts for bugs found by researchers in bug bounty programs has recently been released by Bugcrowd. These tools, especially the Vulnerability Rating Taxonomy (VRT), which details a number of vulnerabilities, classified by severity, are not only useful in the [...]
Cross-site scripting (XSS) is a security vulnerability allowing a user to alter the code that an application delivers to a user which is executed in the user’s web browser. It is most commonly found in web applications affecting the user's browser, but also possible in other applications with embedded web content, such as an interactive [...]
On February 9th President Obama announced the Cybersecurity National Action Plan, including steps such as establishing a cybersecurity commission, introducing new safeguarding measures and supporting both companies and consumers in strengthening their own security. He’s also put the money where his mouth is and backed this up by reserving $19billion of spending to implement the [...]
Many businesses understand that it’s important to properly manage their web application security. But in truth, it goes far beyond the need to simply “avoid being hacked”. There are often serious liabilities associated with the failure to properly manage your security. Unfortunately, many of those liabilities are an afterthought. Until of course, there is a [...]
