In this post I'm releasing an installation guide to build a custom ticketing system to track and document security incidents. The guide contains nothing groundbreaking; just instructions on how to install and configure Request Tracker in CentOS with a PostgreSQL database and Apache web server.
This new version of XORSearch integrates Frank Boldewin’s shellcode detector. In his Hack.lu...
Kevin Mitnick, who post-prison reinvented himself as a skilled penetration tester, security...
Apple’s new policy about law enforcement is ruffling some feathers with FBI, and has been...
State v. Brown is a pending criminal case in Essex County, New Jersey involving allegations that the defendant tweeted a nude video of his former girlfriend. The defendant is charged with two counts of invasion of privacy for allegedly covertly videotaping the woman as she got ready to take a shower.
Nearly three-fourths of US Fortune 500 companies now have set up incident response plans and teams in preparation for cyberattacks, but only one-third of them consider their IR operations actually effective in the face of a data breach, according to a new study.
Amid fresh threats by ISIS against the US and its allies this week, worries of what the well-financed and social-media savvy militant group could do in the cyber realm has triggered debate over whether ISIS ultimately could or would disrupt US critical infrastructure networks.
Much like other mobile chat applications, WhatsApp contacts, messages, and attachments can be valuable to examiners looking to recover evidence for a variety of different investigation types. Whether you’re analyzing the mobile device of a suspect or a victim, these chat artifacts can contain valuable information to help solve a case.
Hardly a week goes by when I don’t hear from a reader wondering about the origins of a bogus credit card charge for $49.95 or some similar amount for a product they never ordered. As this post will explain, such charges appear to be the result of crooks trying to game various online affiliate programs by using stolen credit cards.
It has been a brutal season for data breaches, from the wholesale theft of customer records numbering in the billions to the exposure of naughty celebrity pictures. More significant to agencies is the case that cost US Investigations Services (USIS) a contract to perform government background checks.
The US Department of Justice (DOJ) is proposing a power grab that would make it easier for domestic law enforcement to break into computers of people trying to protect their anonymity via Tor or other anonymizing technologies.
Communication is the key to any good relationship. Yet a new report from the US Senate Armed Services Committee shows that a lack of communication has left the US Transportation Command (Transcom) in the dark about threats to cyber security.
The malicious software that unknown thieves used to steal credit and debit card numbers in the data breach at Home Depot this year was installed mainly on payment systems in the self-checkout lanes at retail stores, according to sources close to the investigation. The finding could mean thieves stole far fewer cards during the almost five-month breach than they might have otherwise.
C&K Systems Inc., a third-party payment vendor blamed for a credit and debit card breach at more than 330 Goodwill locations nationwide, disclosed this week that the intrusion lasted more than 18 months and has impacted at least two other organizations.
Governments around the world are demanding increasingly larger amounts of user data from Google, according to the company’s latest Transparency Report.
Security researchers are telling a story of Internet of Things (IoT) Doom, but it might not be exactly the doom you expect: Last week at 44Con in London, a researcher showed off a hack of a vulnerability in a Canon Pixma printer that made it possible to remotely modify the printer's firmware so that its LED indicator screen could run the classic first-person-shooter game, Doom.
Security researchers at IBM said they had uncovered a series of hacking attacks aimed at Middle Eastern petrochemical companies. The researchers, at IBM’s Trusteer division, said the hackers were using a variant of financial malware known as Citadel, which was first discovered in 2012.
Two Chinese cyber espionage gangs known for targeting very different industries and working out of different regions of the nation actually use some of the same or similar tactics, tools, and resources in their spying operations, researchers found.
Reports emerged earlier this week that a BlackPOS variant discovered last month by Trend Micro was to blame for the data breach at Home Depot, raising speculation that the breach was carried out by the same group that breached Target and with the same malware. But new analysis has led some researchers to believe that it isn't related to BlackPOS at all.