Have you ever seen the bridge of a commercial cargo shipping vessel? It is like a dream come true for every kid out there–a gigantic PlayStation. Unfortunately, maritime computer systems are also attractive to malicious cyber actors. Illustrating this interest by malicious individuals, the U.S. Coast Guard issued a safety alert warning all shipping companies of maritime cyber attacks.

Globally, cybercrime was the second most reported crime in 2016, and cybercrime damages are anticipated to cost businesses and organizations $6 trillion annually by 2021. One of the ways that cybercriminals attack businesses is through the use of web application vulnerabilities. A web application vulnerability is a flaw or loophole in an application’s code that can be exploited by attackers to facilitate cybercrime. Imperva reports that web application vulnerabilities are on the rise.

On Monday, July 8, the Coast Guard issued a Marine Safety Alert claiming a vessel was struck by malware back in February. The craft is described as a 'deep draft' vessel on an international voyage which was struck by a "significant cyber attack" on its way to the Port of New York and New Jersey. Fortunately, the crew avoiding losing total control of the ship.

Security researchers have discovered an automated Magecart digital skimming campaign that compromised over 960 e-commerce stores in less than 24 hours. Sanguine Security Labs found that the widespread Magecart campaign breached almost 962 e-commerce stores customers' payment details, including full credit card data, names, phone numbers, and billing addresses.

Financial services companies in the UK reported over 819 cyber incidents to the Financial Conduct Authority in 2018, a stark increase compared to just 69 reported the previous year. Among those hit, the hardest was retail banks (486), representing almost 60% of the total reported attacks. Followed by wholesale financial markets who reported 115 incidents and retail investment firms who reported 53 incidents.

Today, the majority of our critical systems are intertwined with each other and are administrated by/through computers. Many decisions are automated and our lives are to some extent reliant on IoT connected devices. A great deal of our data is on cloud storage facilities and almost all of our personal data is stored in a device that has internet connection. The connectivity and complexity of these systems make them vulnerable. That is why cybersecurity has been gaining more and more importance.

HTTP Response Splitting is a type of attack that occurs when an attacker can manipulate the response headers that will be interpreted by the client. This article goes into details on how this can be abused by an attacker to insert arbitrary headers and the impact of this type of attack.

Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. This week, we discuss how organizations can use the dark web to build a treasure trove of actionable intelligence to prevent attacks.

Cybersecurity professionals know what they’re up against. The type, number and severity of cyberattacks grows with time. Hackers display no shortage of cunning and ingenuity in exploiting security vulnerabilities, compromising important data and inflicting damage to both individuals and organizations. Cybersecurity professionals also know that their defenses must evolve along with the attacks, requiring them to display even more ingenuity than hackers when creating security tools.

Although DNS rebinding attacks have been known for over a decade now, they are only recently receiving attention as a practical attack surface. In the last year, quite a few popular products have been shown to lack DNS rebinding protections, and as a result, someone could operate them remotely using a malicious web site. Manufacturers have made a habit of giving consumers connected devices that are controlled by unauthenticated HTTP requests via the local network.