Resources

Blog

Is the Vulnerability Warning Bubble About to Burst?

I was there when the bubble burst in ’99. If you are too young to know the reference to the bubble of 1999, or if you are so old that you have forgotten it, 1999 was the year that the "internet bubble" burst. What was it that caused this bursting effect? The internet wasn’t the problem. The internet is still here. The problem was driven by the...
Blog

All the World's a Chess Board, and All the Security Pros Merely Pieces

Information security is a lot like chess. On the macro level, the security field is divided between the black hats and the white hats, just as a chessboard is split between black and white pieces. Those groups compete against one another using a combination of offensive and defensive tactics. Ultimately, each "match" is different than the next. Some...
Blog

Man Busted in Darkode Takedown Receives Jail Time

A man who was busted in the takedown of the hacking forum Darkode has received jail time for his online criminal activities. U.S. District Judge Dee D. Drell sentenced Rory Stephen Guidry, 29, also known as "[email protected]," of Opelousas, Louisiana, to 12 months and one day in prison for using a computer to steal money, hack computers in an attempt to...
Blog

From Monkey to Man – The Evolution of a CISO

I think we are all familiar with the popular axiom, “It’s not IF you get compromised, it’s WHEN you get compromised.” I’m also pretty sure we all know that IT security is no longer viewed purely as an operational concern but as a significant contributor to business risk. As a result of this, IT security is quickly moving up the ladder on the...
Blog

Phishing Attacks Surged 250% in Q1 2016, Says New APWG Report

The Anti-Phishing Working Group (APWG) says it observed a record-breaking 250 percent surge in phishing attacks between October 2015 and March 2016. According to its latest report, the number of unique phishing websites detected in Q1 totaled 289,371, with more than 123,000 of those sites being discovered in March 2016 alone. APWG says the findings...
Blog

Hire a DDoS Attack for as Little as Five Dollars

Fancy a career as a blackmailing cybercriminal but don't have the technical nous? Don't worry, you can easily find people all too willing to help you embark on your life in cybercrime via popular freelance-hiring websites. And, it seems, you may only need to pay five dollars to get a hacker to launch a debilitating denial-of-service attack against...
Blog

Dropbox Addresses Security Concerns for New Initiative's Kernel Access

Dropbox has responded to security concerns regarding one of its new technology's abilities to obtain kernel access. Back in April, the secure file sharing and storage service announced "Project Infinite," an initiative which will help revolutionize the way Dropbox interfaces with a user's computer. Dropbox software engineer Damien Deville provides...
Blog

Google Announces Plans to Help Kill Off Passwords on Android Devices

Google has announced plans that will help kill off the need for passwords on Android mobile devices. During his Friday talk at Google I/O, an annual software developer conference, Daniel Kaufman of the tech giant's Advanced Technology and Projects (ATAP) division revealed the upcoming roll-out of Trust API. Instead of relying on passwords, Trust API...
Blog

Overlooking the Value of Your Pawns

Instead of imagining myself as a chess piece, I prefer to try and look at the chess board as a whole and see where the biggest perceived vulnerabilities or weakness lie. Most organisations could be seen as being modelled the same ‘in terms of staff ratio’ to a chess board. Usually, there is only 1 king (CEO), and then the rest of the chess pieces...
Blog

DMA Locker's Latest Updates Improve Ransomware's Maturity

The malware authors behind DMA Locker have outfitted the ransomware with numerous updates that advance its maturity. Malwarebytes researcher Hasherezade explains in a blog post that she first detected the crypto-malware variant back in January of this year. DMA Locker's first iterations were easily decryptable. Additionally, they could work offline,...
Blog

Financial Services: A Positive Shift in Cyber Security Posture

There is some promising news regarding the state of cyber security among financial services organizations. As an industry, risk-averse financial services companies are investing more in cyber security, with a security spending increase of 14 percent. This heightened focus on security might explain why organizations working in financial services...
Blog

Hacker Confessions: Stuck in the MUD

In my last blog post, I covered old school hacking from the mid to late 90s, where my experience delved into the realm of hacking for information sharing purposes only. Remember—I never hacked for malicious purposes, but tended to hang more with my local group of like-hackers, where curiosity was always the primary motivator behind breaking into...
Blog

Hacking Team Hacker Steals $11K, Donates It to Rojava Plan

A hacker responsible for the Hacking Team leaks stole approximately US$11,000 in Bitcoin and donated it to an ecological initiative in Syria known as the Rojava Plan. The hacker, who claimed responsibility last June for a data heist against the Italian spyware firm Hacking Team, announced his donation on Twitter in early May. https://twitter.com...