Resources

Blog

N-Day Vulnerabilities: How They Threaten Your ICS Systems' Security

In the last quarter of 2019, researchers at ClearSky uncovered an attack operation that they dubbed the “Fox Kitten Campaign.” Iranian actors used this offensive to gain persistent access into the networks of dozens of companies operating in Israel and around the world across the IT, telecommunication, oil and gas, aviation, government and security...
Blog

A WebLogic Vulnerability Highlights the Path-Based Authorization Dilemma

A WebLogic server vulnerability fixed by the October CPU has come under active exploitation after a Vietnamese language blog post detailed the steps needed to bypass authentication and achieve remote code execution on unpatched systems. Although there have been a series of actively exploited WebLogic deserialization bugs, the exploit payload in this...
Blog

Ordell Robbie, Tripwire and Security Configuration Management.

ORDELL: Take the keys, man. Listen to music. LOUIS: Which one is for the car? (Ordell finds it. While he goes through the keys, Vicki comes back on the line.) (Max speaks with her as he fills out his papers.) ORDELL: (holding a key) This one's for the ignition... (holding a little black box) ... but you gotta hit this thing to shut the alarm...
Blog

5 Lessons Learnt from BJJ that Are Applicable to Cybersecurity

Over the last decade, I have focused quite heavily on technology and the cybersecurity space. I've been motivated to create a world that is more inclusive and safer. In 2019, I began a bit of a different journey. Whilst still motivated in a security point of view, this time, I focused on the physical side by beginning to train in Brazilian Jiu-Jitsu...
Blog

Lessons from Teaching Cybersecurity: Week 5

As I had mentioned previously this year, I’m going back to school. Not to take classes, but to teach a course at my alma mater, Fanshawe College. I did this about a decade ago and thought it was interesting, so I was excited to give it another go. Additionally, after a friend mentioned that their kid wanted to learn Python, I developed an Intro to...
Blog

Maze Ransomware Gang to Shut Down Operations

Security researchers learned that the Maze digital crime gang is in the process of shutting down its ransomware operations. Bleeping Computer began hearing rumors of the shutdown in early September 2020. In an email conversation, a ransomware attacker told the computer self-help site that the Maze gang had stopped encrypting new victims in September...
Blog

5 Essential Steps to Improve Cybersecurity Maturity

From small- and medium-sized organizations to large enterprises, every business is under continuous threat of security risk in today’s digital world. With the growing digital footprint and cloud adoption, organizations continue to experience sophisticated cyberthreats that hold the potential to disrupt business continuity. A vast majority of these...
Blog

President Trump's Campaign Website Defaced by Cryptocurrency Scammers

Unknown individuals temporarily defaced the official campaign website of President Donald Trump with a cryptocurrency scam. Twitter user Gabriel Lorenzo Greschler was among the first to spot the defacement, which is believed to have occurred at around 16:00 PST on October 27. https://twitter.com/ggreschler/status/1321225292837367809 As reported by...
Blog

How Containers Support the IT-OT Convergence

The worlds of information technology (IT) and operational technology (OT) are colliding. In July 2019, Automation.com cited a survey finding where 82% of respondents told Forrester and Nozomi Networks that their organizations were in the early stages of an IT-OT convergence. Some said their organizations were embracing this meeting more fully. This...
Blog

4 Considerations for a Secure Cloud Environment

Digital attackers are increasingly turning their attention to the cloud. According to the 2020 Trustwave Global Security Report, the volume of attacks targeting cloud services more than doubled 7% in 2018 to 20% a year later. This growth made cloud services the third most-targeted environment after corporate and e-commerce at 54% and 22%, respectively...
Blog

Amazon Discloses Security Incident Involving Customers' Email Addresses

Amazon informed some of its customers about a security incident that involved the unauthorized disclosure of their email addresses. News of the security incident emerged over the weekend of October 23 when multiple users took to Twitter to voice their confusion over an email they had received from Amazon. In an email notification obtained by...
Blog

How to Best Secure the Industrial Network for EMEA Organizations

You don’t have to search very far in the news to see stories of websites being hacked and customer details being stolen. Stories about incidents involving industrial control systems (ICSes) and operational technology (OT) environments aren’t so common. But they are prevalent. Just the other week, for example, an airline company sent out an email...
Blog

HIPAA Breach Notification - What you need to know

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that was established to transform the security landscape of the healthcare industry. Businesses that are found guilty of a breach or violation of HIPAA rules will have to face repercussions. Part of the HIPAA law includes the HIPAA Breach Notification Rule,...
Blog

Over one million WordPress sites receive forced update to security plugin after severe vulnerability discovered

Loginizer, a popular plugin for protecting WordPress blogs from brute force attacks, has been found to contain its own severe vulnerabilities that could be exploited by hackers. The flaw, discovered by vulnerability researcher Slavco Mihajloski, opened up opportunities for cybercriminals to completely compromise WordPress sites. The flaw can be...
Blog

The 5 Best Ways to Handle Sensitive Data

There are two significant trends occurring right now that shouldn’t be a surprise to anyone reading this post. First, businesses are gathering and leveraging more and more data to improve their core services. Second, more compliance and regulatory standards are popping up from governments and private organizations. As these businesses realize that...
Blog

Problem Solving - Lessons From Teaching Cybersecurity: Week 4

As I had mentioned previously, this year, I’m going back to school. Not to take classes, but to teach a course at my alma mater, Fanshawe College. I did this about a decade ago and thought it was interesting, so I was excited to give it another go. Additionally, after a friend mentioned that their kid wanted to learn Python, I developed an Intro to...
Blog

Montréal Public Transport Agency Discloses Ransomware Attack

A public transport agency operating in Montréal announced that a ransomware attack had affected its website and other systems. The Société de transport de Montréal (STM) disclosed the infection on a web page it created to keep customers updated about its services while its main site remains offline: Since the afternoon of October 19, the STM has...
Blog

More Effective Security Awareness: 3 Tips for NCSAM

It’s often said that humans are the weakest link in cybersecurity. Indeed, I’d have a hard time arguing that a computer that was sealed in a box, untouched by human hand, poses much of a security risk. But a computer that is unused has no purpose. It behooves security practitioners to get smarter about how we teach people to use those machines so...