Cloud computing platform DigitalOcean on Wednesday announced the public availability of its bug bounty program, after successfully running it in private mode. The same as the private program, the public one was launched in collaboration with Bugcrowd, which provides DigitalOcean with access to a large crowd of researchers and allows it to focus internal resources “on keeping the cloud secure.” On the program’s page, the company reveals that the bounties…

I recently had my mountain bike stolen. I had locked it with a device that I thought was strong enough, but the thief was able to cut through it and take the cycle. As anyone who has had something personal stolen will know, the theft makes you re-evaluate how you protect other things you own. So, after choosing a replacement bike, I naturally decided to buy a more secure lock. …

63% of all data breaches can be attributed to a third party vendor according to a Soha Systems Security survey. Everyone from LinkedIn to the Hard Rock Hotel and Casino have all been hacked exposing their clients data, thanks to a third party vendor. The measures taken by organizations to protect corporate assets from electronic theft have to consider many avenues of access. Laptops, tablets and mobile phones that are hand…

Last year, nearly half of businesses were hit by ransomware. In the first half of 2016 alone, ransomware cost enterprises $209M. Even worse, experts predict that ransomware “will spin out of control” in 2017. Apparent in the headlines, ransomware is rampant and those who commit the attacks aren’t discriminating against any industry, company size, or company location. It’s no longer a question of if your company will be targeted by ransomware but…

A newly observed piece of ransomware doesn’t merely focus on encrypting user’s files, but also attempts to steal data from the infected machine, and to delete files, researchers warn. Dubbed DynA-Crypt, and discovered by GData malware analyst Karsten Hahn, the new threat is composed of numerous standalone executables and PowerShell scripts designed to encrypt files, steal information such as usernames and passwords, and delete files without backing them up, meaning…

Everything related to cybersecurity is advancing at a breakneck pace. So it’s no shock that in the first month of 2017, we’ve already begun to see movement with the many trends and predictions we’ve been hearing for the year ahead. Ransomware Continues Grabbing Headlines One of the most frequently cited trends carried over from last year is ransomware, which I (and many others) believe will still be a big and…

These days, no organization is an island:  it needs network connectivity with a range of external parties, including suppliers, business partners, credit card processing companies, market data feed providers, and more.  Managing these connections to and from your internal network servers is not only critical to your business; it also impacts on your information security and compliance posture.  Unlike limited, transient connections such as customer access to web portals or…

The official Call for Papers (presentations) for SecurityWeek's 2017 Singapore Industrial Control Systems (ICS) Cyber Security Conference, being held April 25–27 at the Fairmont Singapore is now open.    As the largest and longest-running cyber security-focused event series for the industrial control systems sectors, the conference caters to the energy, water, utility, chemical, transportation, manufacturing, and other industrial and critical infrastructure organizations. With a long history, the conference has proven…

A newly discovered Android Trojan can download applications from Google Play, but saves them onto the SD card instead of installing them, to keep this malicious activity hidden from the user, Doctor Web researchers warn. Detected as Android.Skyfin.1.origin, the malware was designed to infiltrate running Google Play processes to engage into software downloading activities. The malware is believed to be distributed via Trojans in the Android.DownLoader family, which usually gain…

The FriendFinder Network breach is a perfect example of how poor password storage can exacerbate the impact of a breach and expose accounts to further exploitation. Storing passwords in clear-text, or using weak hashing schemes, will make it far easier for attackers to exploit the stolen data. FriendFinder Networks owns several adult-only websites where individuals input their own details in the hope of finding a match, and this is not…