BEC, or Business Email Compromise, is a contemporary twist on a staple scam. Often in the shadow of the more extravagant, media-friendly super-hacks or ransomware compromises, BEC is leading the line on both the number of attack victims and the direct losses encountered by businesses. Although not as en vogue as other ‘nouveau’ cybersecurity threats...

To distinguish the size of merchant companies and appropriately determine the level of testing required, the founding credit card companies created four different brackets ranging from Tier 1 to 4. Each tier is based on the number of transactions processed per year by the merchant and also dictates the testing a merchant must undertake. While...

Everyone in Silicon Valley and the tech industry, in general, is talking about “The Cloud.” “The Cloud” is something that’s not only trendy but also very useful for business. Why deal with the burden of running your own datacenters when companies like Amazon, Google and Microsoft offer third-party cloud services that will be less expensive for your...

A relatively new ransomware-as-a-service (RaaS) platform keeps victims guessing by not using a special file extension with the files it encrypts. On 22 February, security researchers began seeing reports from users claiming that Data Keeper ransomware had affected their computers. Victims found out about the infections by coming across the "!!! ####...

What would you say if I told you that now a hacker doesn’t even have to trick you into installing malicious files on your computer in order to steal sensitive data? Let’s take a look at how this form of (non-) malware works and, more importantly, how to protect yourself against it. How does this fileless malware attack occur? The big picture...

This article is part 1 of 3 in the “Insider Enterprise Threats” series, outlining effective policies and practices for combating insider cyber security threats to the modern enterprise. Insider cyber security threats are much more prevalent than most of us realize. IBM estimates that 60 percent of all cyberattacks are perpetrated by those with...

The Council of Economic Advisers recently released a report that examines the cost of malicious cyber activity to the U.S. economy. The report cites many of the usual findings from the Verizon DBIR and Ponemon reports—nothing new to those of us who live and breathe cybersecurity. However, the report caught my eye because it offers some very...

A security researcher has released an updated list of 500 million breached passwords so that organizations can use it to protect their systems. On 22 February, Australian web security expert Troy Hunt published the second version of "Pwned Passwords." The feature enables users to check a new or used password against a list of 501,636,842...

Security breaches are increasingly affecting organizations across various domains as they heavily rely on technologies to reduce the operational costs and improve the work efficiency. The United States is the world leader in data breach incidents. According to a report shared by the Identity Theft Resource Center in 2017, the security breach...

Whoever hacked the LA Times' interactive county murder map probably hoped to make a killing mining cryptocurrency - but swift action from a security researcher has put paid to their plans. Security researcher Troy Mursch, whose blog has focused on cryptomining threats in recent months, raised the alarm on Twitter, after discovering that an Amazon...

Colorado's Department of Transportation (DOT) shut down more than 2,000 computers after its network suffered a ransomware attack. First thing in the morning on 21 February, the DOT discovered that ransomware had struck all employee computers running Windows and protected by McAfee anti-virus software. It immediately launched an investigation into...

With distributed ledger technology (such as blockchain), there is growing interest in automating routine commercial transactions. But how will these smart contracts be interpreted under existing commercial contract laws? Although there is no federal contracts law for private commercial transactions in the United States, there is a widely adopted...

Living in today’s society, it is almost impossible to meet someone without an email account. For almost everything you do online, you need to have an email ID whether for work, education, or socially. Many of us hold multiple accounts, each for a different purpose; however, you need to protect yourself. If you are using Outlook as your email...

In these times of unabated data breaches, the typical Chief Information Security Officer (CISO) must feel like a moving target in a shooting gallery. It’s not a matter of whether an attack and possible breach will occur, it’s a matter of when. Being a CISO is a fascinating and important job. Often, though, it’s a thankless one. Unfortunately for...

The U.S. Department of Energy (DOE) has announced the establishment of a new cybersecurity office to help protect and prepare the energy sector, including the oil and gas industry. Named the Office of Cybersecurity, Energy Security, and Emergency Response, or CESER, the new office received nearly $96 million in funding for the 2019 fiscal year....

A company embedded password-stealing malware into an installer as part of its digital rights management (DRM) efforts to combat software pirates. On 18 Sunday, Reddit user crankyrecursion spotted the malware hiding within Flight Sim Labs' installer for its A320 flight simulator desktop software. A little digging on the user's part revealed that the...

Let’s face it: it is a matter of when your company is going to get hit by digital attackers and how hard, not if. This causes a lot of pain and overall damage, both of which are not good for business. Cyber attacks are at the forefront of news headlines and are plaguing C-Level executives' thoughts; unfortunately, these attacks are going to get more...

Mobile online dating apps are popular among adults looking to find their ideal partner. According to the Pew Research Center, 15 percent of U.S. adults said they had used matchmaking sites in 2015. Following Valentine’s Day, many dating sites may offer promotions, coupons, and discounts to encourage new users to enroll, meaning new users will be...

Digital attackers abused the SWIFT system of an Indian bank in an attempt to make off with approximately $2 million in stolen funds. On 18 February, City Union Bank disclosed the attempted heist in a statement (PDF): During our reconciliation process on 7th February 2018, it was found that 3 fraudulent transactions were initiated by the cyber...

There were 978 million victims of cybercrime last year and these people lost a combined $172 billion, according to Norton. Those numbers alone should be enough to make businesses sit up and take notice. It’s important, too, to stress that it isn’t just the large corporations that suffer at the hands of online criminals. About half of small...