Last time, I had the privilege of interviewing Fortalice Solutions founder Theresa Payton. Her combination of White House and private sector intelligence and cybersecurity experience gives her a truly one-of-a-kind perspective in this industry. This time, I got to speak to someone else I’ve met in person in Toronto’s cybersecurity community,...

One of the most accredited forms of validation for a citizen’s identity is a Social Security Number. A Social Security Number is a significant piece of government-issued identification in the United States. When this information is compromised, it can lead to serious problems where an individual to impersonate someone. A citizen may never know that...

On September 20, 2018, the White House released a new cybersecurity strategy with several important changes in direction meant to give government agencies and law enforcement partners a greater ability to respond to cybercrime and nation-state attacks. The new U.S. cyber strategy makes one message clear: America will not sit back and watch when...

A US court has sentenced a programmer to 30 months in a federal prison in connection with software that claimed to be a legitimate tool for Windows sysadmins to remotely manage computers, but was actually used by criminals to backdoor PCs and secretly spy on victims. 21-year-old Colton Grubbs, of Stanford, Kentucky, admitted earlier this year that...

During the last half of the 1990s, there was a concern for employees using their own home desktop computers to dial in to the corporate network from home. Thousands of articles and hundreds of conference sessions discussed the associated risks and then how to mitigate them through documented policies and the use of new tools. Soon after the year...

Weeks before the November midterm elections, roughly 35 million U.S. voter registration records from 19 states have appeared for sale on the dark web. Researchers from Anomali Labs and Intel 471 discovered the data for sale, which reportedly includes voters’ “full name, phone numbers, physical addresses, voting history, and other unspecified voting...

Last time, I had fun speaking with my friend, red team-minded student/teacher Alana Staszczyszyn. This time, I had the privilege of speaking with cybersecurity and intelligence industry veteran Theresa Payton. She’s always had tons of responsibility. She went from the White House to start her own private sector firm, Fortalice Solutions. Kim Crawley...

A dating app geared towards connecting supporters of U.S. President Donald Trump exposed members' personal and account information. On 15 October, security researcher Baptiste Robert (who also goes by the name "Elliot Alderson") discovered security weaknesses in the Donald Daters dating app that exposed several pieces of users' information. https:/...

Online criminals have frequently distributed their malware attacks as fake updates for Adobe Flash. Security-savvy computer users haven't found such attacks difficult to spot and know to only get updates to Adobe Flash Player from the company's own website. A new wave of attacks, however, has added a twist to the traditional malware attack disguised...

Since 2010, the U.S. Executive Office has been encouraging agencies to leverage the cloud to improve citizen services. Now, according to the new “Cloud Smart” strategy, a group of federal agencies are taking the lead to identify the best way to make that happen. Relying on input from industry and the broader federal IT community, OMB, DHS, GSA and...

The Scottish Ambulance Service suffered a data breach in which it exposed its staff members' personal information online. On 12 October, the NHS Ambulance Services Trust, which is part of NHS Scotland, sent an email to its staff in which it disclosed the data breach. As quoted by BBC News: For a time, the names and telephone numbers of staff, as...

Another National Cyber Security Awareness Month is upon us, and although I have recently wished for its demise through better automated protections, there are some things that cannot be automated. One such area of manual interaction is all the social networks that we use. Unless you are a celebrity with a public relations team behind your every post...

A new sextortionist scam is using spoofing techniques to trick users into thinking that digital attackers have compromised their email accounts. As reported by Bleeping Computer, an attack email belonging to this ploy attempts to lure in a user with the subject line "[email address] + 48 hours to pay," where [email address] is their actual email...

Identity theft is on the rise. According to a report from Javelin Strategies, 16.7 million Americans fell victim to identity fraud schemes in 2017 – that’s up eight percent over the previous year. Thieves made off with $16.8 billion from US consumers. Residents of some states are at higher risk of becoming identity theft victims, according to...

The healthcare industry is one of the largest industries in the United States and potentially the most vulnerable. The healthcare sector is twice as likely to be the target of a cyberattack as other sectors, resulting in countless breaches and millions of compromised patients per year. Advancements in the techniques and technology of hackers and...

An effective container security strategy consists of many parts. Organizations should first secure the build environment using secure code control along with build tools and controllers. Next, they should secure the contents of their containers using container validation, code analysis and security unit tests. Finally, they should develop a plan to...

A Chinese intelligence officer has been extradited to the United States after being charged with conspiracy to commit economic espionage against certain U.S. firms. Logo of the Ministry of State Security. (Source: Wikipedia) On 10 October, the U.S. government unsealed an indictment filed by a federal...

In a recent article about U.S federal policy concerning IoT security, Justin Sherman identified several gaps in both cybersecurity and privacy policies. As Sherman has highlighted: The United States federal government, like the rest of the world, is increasingly using IoT devices to improve or enhance its existing processes or to develop new...

Today’s VERT Alert addresses Microsoft’s October 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-800 on Wednesday, October 10th. In-The-Wild & Disclosed CVEs CVE-2018-8453 This vulnerability, a privilege escalation in Win32k’s handling of objects in memory, has been exploited in the...