Resources

Blog

Listen Up, Infosec Pros! Disengage to Engage with Your Clients

We in the infosec community have a terrible habit. We are so overwhelmed with all the “events” that we have to monitor that we forget the most important event might be standing at our desk at any time. Most folks still think of the infosec professional as the introverted “geek” who cannot look another human in the eye and is more comfortable with a...
Blog

5 Tips to Maximize Your IT Security Training

Quality security training is a costly investment. Multiple-day training sessions are usually required for significant learning topics and are almost exclusively fee-based. And the fees are not the only investment. Key staff must be taken out of the field to attend the course, resulting in opportunity costs and lost work hours. But our adversaries...
Blog

Starting Your Career in Cyber Security

A year ago, I wrote an article entitled Starting Your Career In Information Technology. As your career goes on, you may find yourself traveling down different routes than you originally planned. This article is a follow-up, designed to give an idea of what cyber security has become for me after I transitioned to it from networking. To begin, I was...
Blog

Mapping the Top Five CSC to Four Cybersecurity Pillars

Foundational Controls may not sound like the sexiest subject in IT but arguably, it’s the most critical – and for good reason. Quite simply, without these fundamental controls in place and knowledge of what is on your network, your organization will find it incredibly difficult to manage a breach and effectively remediate. It’s very much the vogue...
Blog

Korean Firm Pays $1M in Ransom after Erebus Ransomware Infection

A South Korean web hosting company has paid more than one million dollars in ransom after suffering an Erebus ransomware infection. The ransomware, which has been around since September 2016 and reemerged in February 2017, struck NAYANA on 10 June. Those responsible for the attack demanded 550 Bitcoins or approximately US$1.62 million. The web...
Blog

Top 7 Tips to Stay Secure on Your Summer Vacations

We all look forward to summer and its promise of fun-filled vacations. But in our haste to momentarily escape the daily grind, many of us overlook key elements of our digital security. Computer criminals don't take vacations, after all. Digital threats follow us everywhere we go, which is why we can never let our guard down no matter how many sun...
Blog

Women in Information Security: Gwen Betts

Women and non-males are in various important cybersecurity roles. They're writing secure code, they're researching malware, they're educating end users, they're studying in school, and sometimes they're in important government positions like my last subject, Heather Butler. Gwen Betts' job is a bit different. She approached me on Twitter, telling me...
Blog

Phishers Padding URLs with Hyphens to Target Facebook Users

Phishers are sending Facebook users fake login pages with URLs they've padded with hyphens, a trick which makes the sites look legitimate on mobile devices. The attack works by sending a real, legitimate domain within a larger URL that's fake. For instance, the following link redirects users to a phishing site: hxxp://m.facebook.com---------------...
Blog

3 Steps to Ensure Patient Safety by Mitigating Cyber Security Risk

Cyberattacks in the healthcare industry have been on the rise, the latest being the WannaCry attack that affected 20 percent of NHS facilities in the UK. A study (PDF) by the Ponemon Institute in 2016 revealed that healthcare organizations have experienced approximately one cyberattack every month. Healthcare organizations are a lucrative target...
Blog

Paid Online Survey Site Breached, 6 Million User Accounts Stolen

Hackers have reportedly stolen account details for about six million users of CashCrate, a site that pays users for completing surveys online. According to a report by Motherboard, who obtained the database, the compromised data includes users email addresses, names, passwords and physical addresses. “Judging by timestamps in the stolen database,...
Blog

Phishing Campaign Stealing Money and Data from Industrial Companies

An ongoing targeted phishing campaign is making off with industrial companies' money and sensitive corporate information. In October 2016, Kaspersky Lab identified a spike in the number of malware infection attempts received by customers with industrial control systems (ICS) installed. The malware arrives via well crafted phishing messages that...
Blog

Newbie Retailer's Guide to E-commerce Security

Don’t think security impacts sales? Think again. A secure web environment ensures the protection of customer data, but it also makes for a fast and optimized website that drives conversions. An unsecured web environment will be slow, frequently unresponsive, and even dangerous. Opening your first online store is an exciting milestone, and security...
Blog

TrickBot Uses "Service Update" Windows Task in a Grab for Persistence

TrickBot malware is using a Windows Task named "service update" in an attempt to evade detection and maintain persistence on infected endpoints. The refinement is part of a new wave of phishing emails that distribute the botnet trojan, a threat which shares many characteristics with Dyre. These emails all come with PDF documents containing an...
Blog

VERT Threat Alert: June 2017 Patch Tuesday Analysis

Today’s VERT Alert addresses the Microsoft June 2017 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-729 on Wednesday, June 14th. In-The-Wild & Disclosed CVEs CVE-2017-8543 According to Microsoft’s Security Guidance, they are aware of in-the-wild exploitation against CVE-2017-8543, a code...