The results of a hacking contest at the DEFCON conference shows that the largest U.S. corporations have a lot to learn. "If any of these targets had hired us to do a social engineering audit, we would have failed them," an organizer said. 

Shorten URL: . Click to copy to clipboard or post to Twitter

The countdown to the saturation of the IPv4 address supply is now down to a matter of months: and along with the vast address space of the next-generation IPv6 architecture comes more built-in network security as well as some new potential security threats. Read the full article. [Dark Reading]

Shorten URL: . Click to copy to clipboard or post to Twitter

Heartland Payment Systems has agreed to pay $5 million to Discover to settle claims arising from the massive data breach disclosed by the payment processor last year. Read the full article. [Computerworld]

Shorten URL: . Click to copy to clipboard or post to Twitter

A cybersecurity researcher has discovered an easy way for a hacker to swipe copies of documents scanned by Hewlett-Packard all-in-one printers widely used in workplace settings. Read the full article. [The Last Watchdog]

Shorten URL: . Click to copy to clipboard or post to Twitter

Scammers are offering prospective marks an application that supposedly shields them from exposure to survey scams. Naturally, you first have to fill in a survey to install the script, which is punted through Userscripts(dot)org. Read the full article. [The Register]

Shorten URL: . Click to copy to clipboard or post to Twitter

Cyber crooks stole just shy of $1 million from a satellite campus of The University of Virginia last week. Read the full article. [KrebsonSecurity]

Shorten URL: . Click to copy to clipboard or post to Twitter

According to the researcher who helped take down Mariposa, the operators who purchased the bot software from the man known as "Iserdo" and then built Mariposa, for some reason didn't opt for the feature, which he offered for 200 euros, even though it would have increased their potential profits. Read the full article. [Dark Reading]

Shorten URL: . Click to copy to clipboard or post to Twitter

By Alex Rothacker

In our last column, we focused on privilege escalation attacks, and the impact that this category of  SQL injection attacks can have on the database - particularly where specific database vulnerabilities exist, and can be exploited through the manipulation of privileges. Let’s look more deeply at how organizations struggle with the issue of extensive privileges assigned directly to users - or indirectly through user groups. We’ll address what can happen when database users are over-credentialed, and what should be done to ensure you are aware of all activity that is occurring in your environment.

Shorten URL: . Click to copy to clipboard or post to Twitter

Organized cyber thieves stole more than $600,000 from the Catholic Diocese of Des Moines, Iowa earlier this month with the help of dozens of unwitting co-conspirators hired through work-at-home job scams, at least one of whom was told the money was being distributed to victims of the Catholic Church sex abuse scandals. Read the full article. [KrebsonSecurity]

Shorten URL: . Click to copy to clipboard or post to Twitter

The U.S. military is looking for new ways to identify malicious insiders and stop them from operating from within government and military networks, which it assumes have already been compromised. 

Shorten URL: . Click to copy to clipboard or post to Twitter