Resources

Blog

Darknet Cybercriminal Reflections: They're So Clever!

I’ve spent a copious amount of time on the Darknet this year in a quest to gain more understanding on how cybercriminals think. I’ve been studying their communities, how they operate in the Darknetmarkets (such as Silk Road), perusing their forums, analyzing their marketing techniques, and contemplating how they justify their criminal activities. It...
Blog

Searching the Enterprise for Known Indicators of Breach

Given the recent high-profile breaches, a key challenge facing government agencies and other security-minded organizations is rooting out malware that has already become embedded on key assets. Multiple vendors are offering cloud-based sandbox analytics services, and/or on-premises appliances, that can analyze new binaries to determine if they have...
Blog

DDoS Attack Against Telegram's Asian Pacific Server Enters Fourth Day

A DDoS attack continues to affect the Asian Pacific servers of messenger app Telegram as of Monday morning. The attack was first revealed by the company on Twitter early Friday morning. Four hours after its initial announcement, Telegram posted again, stating that the attack had become global and was now affecting users' access worldwide. ...
Blog

Security Slice: Severing Windows Server 2003

Microsoft is ending Windows Server 2003 support on July 14, 2015, when the popular platform will no longer receive security updates. End of life migration is a serious transition for organizations, and many will keep the using outdated platforms long after the deadline. How should organizations that are still in transition prepare for the inevitable...
Blog

Privacy Advocate Caspar Bowden Passes Away After Battle with Cancer

Caspar Bowden, a passionate British privacy advocate, has passed away after a battle with cancer. In 1998, Bowden helped co-found the Foundation for Information Policy Research (FIPR), a prominent think tank for privacy based in the UK. He also became one of the most outspoken dissenting voices with regards to government backdoor surveillance into...
Blog

Black Hat '15 Preview: My Bro the ELK

Cyber-attacks are continually increasing in scope and complexity; advanced persistent threats are becoming more difficult to detect; and over the past decade, there has been a growing “detection deficit,” according to the 2015 Verizon Data Breach Report. While 60 percent of attackers are able to gain access within minutes, the detection of attacks...
Blog

Keeping Up with PCI DSS 3.1

Earlier this year, the PCI Security Standards Council officially released PCI DSS 3.1 only months after its predecessor (version 3.0) came into effect. With a typical three-year period between standard revisions, the out-of-band update caught many off guard, especially organizations still in the process of complying with the changes from the...
Blog

Multi-billion dollar corporations hit by mystery hacking gang

Back in 2013, technology giants Apple, Microsoft, Facebook and Twitter all suffered a serious security breach. Their corporate networks had all been attacked by the same hacking gang, after Mac-using staff visited a website for iOS developers hosting a zero-day Java exploit. The previously unseen Pintsized Trojan horse was able to waltz around the...
Blog

Lizard Squad Member Found Guilty of 50,700 Charges of "Cybercrime"

A member of the hacking group Lizard Squad has been found guilty of 50,700 charges of "cybercrime", according to Finnish media. Julius “zeekill” Kivimaki, age 17, has received a two-year sentence suspended sentence and has been "ordered to fight against cybercrime." He will not be going to prison. The charges filed against Kivimaki include breaching...
Blog

Hacker High: Why We Need to Teach Hacking in Schools

We’re in the midst of a national cybersecurity crisis. Breaches, such as the ongoing OPM breach, are continuing at an alarming rate; organizations are building their security infrastructure, but are lacking staff. We need more skilled cybersecurity professionals, yet we don’t have a consolidated plan for building the cybersecurity skills pipeline....
Blog

Hacking Team Breach Reveals Nation State & Corporate Customers

The private Italian spyware firm Hacking Team has become the victim of a hack itself, with more than 400GB of data compromised and released via a torrent. The hacker "PhineasFisher"– who claims responsibility for the data heist – is also responsible for surveillance tech company Gamma International based in the UK. One of the most damaging aspects...
Blog

Static Password Vulnerability Patched in Cisco Unified CDM

Cisco has released a patch for a password vulnerability that was recently discovered in its Unified Communications Domain Manager (Unified CDM) Platform Software. According to a security advisory released by the company, "A vulnerability in the Cisco Unified Communications Domain Manager Platform Software could allow an unauthenticated, remote...
Blog

ProxyHam: A 2.5-Mile Leap for Web Anonymity

At DEF CON 23 this summer, an information security consultant plans to unveil ProxyHam, a hardware device that bears much promise for the future of web anonymity. Benjamin Caudill, who is founder and Principal Consultant for Rhino Security Labs, developed the product in response to the growing threats against web privacy, particularly those arising...
Blog

Wi-Fi Sense, FUD and You!

The FUD Wagon is rolling strong today after multiple online media outlets have picked up the story that Wi-Fi Sense, available on Windows Phone 8.1 and the soon to be released Windows 10, is Microsoft’s latest security blunder. The best advice that I can offer when you see these articles is to close them... close them, and forget that you’ve ever...