Resources

Blog

Women in Information Security: Katherine Teitler

In my last interview, I spoke with Tarah Wheeler, who is a technology and cybersecurity executive, entrepreneur, hacker, keynote speaker, scientist, and author. She's also the author of Women in Tech: Take Your Career to the Next Level with Practical Advice and Inspiring Stories. This time, I spoke to Katherine Teitler. She's the director of content...
Blog

KRACKs: What They Are and How You Can Protect Yourself

On 16 October, news first emerged of what's known as "KRACKs." These malicious techniques exploit vulnerabilities that affect a protocol used for securing Wi-Fi networks. Bad actors could therefore leverage KRAcks to potentially expose encrypted information exchanged over otherwise secure wireless connections. As of this writing, the computer...
Blog

Pizza Hut Notifies Customers of Data Breach

American restaurant chain Pizza Hut has notified customers of a data breach that might have exposed some of their personal and financial information. On October 14, the Italian-American cuisine franchise wrote to a portion of its customer base about an "unauthorized third party intrusion" involving its website. Pizza Hut thinks that the incident...
Blog

Secure Defaults and The Design of the Credit System

When designing systems today, everyone is aware that security is an essential feature, even in systems that you don’t think are critical. The recent Equifax breach brought home to me one of the most important factors of designing secure systems (software or not): delivering systems with secure defaults. In today’s threat-rich environment, the...
Blog

Will the World Really Cooperate in Curbing Cybercrime?

As part of this ongoing series (previous parts, in order, here, here, here and here), I have been trying to make the case that differing interests make cooperation on cybersecurity issues virtually impossible. This is not criticism. It’s just reality. And while it would be easy to look at Brexit or Eastern European and American politics as a push...
Blog

That One Time I Recorded a Microsoft Tech Support Cold Call Scammer…

Tech support scams are no laughing matter. They're capable of infecting unsuspecting users' computers with malware and robbing innocent people of their hard-earned money. It's therefore not surprising that we've witnessed the emergence of numerous initiatives designed to counter tech support scammers over the past few years. Many of these offensives...
Blog

Hacker Stole 30GB of Sensitive Data from Australian Defense Contractor

Australian government officials reported on Wednesday that a hacker stole approximately 30GB of data from a Department of Defense contractor. According to the Sydney Morning Herald, the compromised data included sensitive information on Australia’s next-generation spy planes, naval warships and its $14 billion Joint Strike Fighter program. A...
Blog

How TrickBot Malware's Code and Delivery Methods Evolved in Q3 2017

The TrickBot trojan evolved in the third quarter of 2017 by adding new variations to its code and to its delivery vectors. According to IBM X-Force Research, TrickBot was the busiest financial trojan during the summer of 2017. That activity, which included an expansion into Argentina, Chile, Columbia, and Peru, partly resulted from the banking...
Blog

Security Is a Team Sport

If you've read a security blog anytime in the last year, you haven't escaped mention of the dreaded skills gap for cybersecurity professionals. There seems to be consensus that it's getting harder to hire skilled security staff, though the reason for that is up for debate – some say we're just going about it the wrong way, while others claim it is...
Blog

Hackers steal $60 million from Taiwanese bank using bespoke malware

Last week, a hacking gang abused the SWIFT banking network to steal $60 million after planting malware on a Taiwanese bank's servers. The Far Eastern International Bank has confirmed that malware had been found on it computer systems, affecting PCs and servers, as well as its SWIFT terminal. SWIFT (the Society for Worldwide Interbank Financial...
Blog

VERT Threat Alert: October 2017 Patch Tuesday Analysis

Today’s VERT Alert addresses the Microsoft October 2017 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-746 on Wednesday, October 11th. In-The-Wild & Disclosed CVEs CVE-2017-8703 This CVE describes a publicly disclosed denial of service vulnerability which impacts the Windows Subsystem for...
Blog

NIST SP 1800-11b: Approach, Architecture, and Security Characteristics

Wipers, ransomware, and malicious insiders all pose a threat to organizations in that they can destroy corporate data. In response, many companies have processes in place that can help them recover from these and other types of data corruption events. But these strategies beg the question: how can organizations know that the data they recover is...
Blog

Rogue Website Exposed High School Students' Data

A rogue website exposed several pieces of information pertaining to students who attend a high school in the San Francisco Bay Area. On 5 October, the Palo Alto United High School posted a "Notice of Data Breach" on its website. The message reads as follows: "Staff was notified this morning about a website that exposed information about Palo Alto...
Blog

Women in Information Security: Tarah Wheeler

In my last interview, I got to speak with Keren Elazari. Not only did she start BSides TLV but also contributed to a book about women in technology. The book is Women in Tech: Take Your Career to the Next Level with Practical Advice and Inspiring Stories, which was authored by Tarah Wheeler. So, guess who I got to speak with this time? Yep, Ms....
Blog

Apple Update Addresses Password Security for Encrypted APFS Volumes

Apple has released an update that is designed to better protect passwords for encrypted APFS volumes on machines running macOS High Sierra. APFS is short for Apple File System. The Cupertino-based tech giant created it to fix some issues involving Mac OS Extended. Apple File System is meant for computers with flash or solid-state drive (SSD) storage...
Blog

How a missing smiley foiled a $70,000 email fraud

When hackers broke into the email account of a New Zealand grape-grower with the intent of stealing NZD $90,000 (approximately US $70,000) their plan came so very close to fruition. As Stuff New Zealand reports, it was only because of the careful eye of Kathryn Walker, the general manager of Marlborough Vintners (who - notably - previously had a 12...
Blog

September 2017: The Month in Ransomware

September 2017 was comparatively slow in terms of ransomware. Perhaps the extortionists kept struggling to bridge the money laundering gap after the FBI took down the BTC-e Bitcoin trading platform in late July. Some of the noteworthy events include the emergence of Locky’s new persona called Ykcol, failed experiments of GlobeImposter ransomware...