Resources

Blog

SCM: Balancing Security, Availability and Performance

An organization's computer network is never fixed. It is constantly changing. To illustrate, as a company continues to grow, it might adopt a different mission that requires the installation of new endpoints onto its network. Additionally, with the detection of new exposures, security teams will need to update all critical devices running the...
Blog

Silk Road Admin "Libertas" to Be Extradited to the United States

The High Court of Ireland has ordered the extradition of a former Silk Road site administrator named "Libertas" to the United States. Back in 2013, U.S. federal authorities put the kibosh on Silk Road, an underground web marketplace accessible only via the Tor anonymity network where members could purchase illegal drugs, fake IDs, and other stolen...
Blog

Security and Usability

Many employees find information security secondary to their normal day-to-day work, often leaving their organisation vulnerable to cyber attacks, particularly if they are stressed or tired. When users perform tasks that comply with their own mental models (i.e. the way that they view the world and how they expect it to work), the activities present...
Blog

Germany Readies Cyber Unit to Fight Terrorism on the Web

Germany has a message for terrorists who use the Internet to carry out their aims: "Your number is up." Thomas de Mazière On 11 August, Germany's federal interior minister Thomas de Mazière announced the creation of Zentrale Stelle für Informationstechnik im Sicherheitsbereich (ZITiS), or "Central...
Blog

The Key to Cyber Security May be A.I. Combined with Human Minds

Maintaining a secure company network can be a daunting task, and that’s putting it lightly. The number of cyber threats out there seem to be multiplying by the day, while the incidents of cyber attacks have become a common headline. Just ask Target or Sony about the damage that can come from infiltration by cyber criminals and hackers. And those...
Blog

Internet of Things – An Easy Life at a Much Expensive Price

Gone are the days when the only internet-connected devices we had were our phones and computers. With the passage of time, more and more home appliances and products are being added to the list of devices that are connected to the internet, or the so-called "Internet of Things" (IoT). The list includes but is not limited to smart thermostats,...
Blog

Why Phishing Works

This morning, I checked my email and immediately spotted something suspicious in my inbox. I easily identified this email as a phishing attempt. It contained sparse wording, a link to a file, and the implication that it was sent to me from a safe place “securefileshares.com” (sounds trustworthy to me!) that I had never heard of before. I immediately...
Blog

Found an iOS zero-day? This firm will pay you $300,000 more than Apple

It's just a week since Apple announced its first-ever bug bounty for researchers who find vulnerabilities in its widely-used software and hardware, in the hope that it can provide better security and privacy to its millions of customers. The Cupertino-based company made headlines for its belated entry into the bug bounty marketplace, offering up to ...
Blog

CVSSv3 Disappointment

I was incredibly happy with the initial release of CVSSv3. While it wasn’t perfect, it was a huge improvement over CVSSv2 in that a couple of the weaknesses in v2 were removed. The first of two particularly great changes was the language related to the network attack vector in the specification document: A vulnerability exploitable with network...
Blog

Australia Takes Census Website Offline Following Digital Attacks

Authorities took Australia's census website offline following four digital attacks, a decision which prevented many Australians from filling out the survey. David Kalisch of the Australian Bureau of Statistics (ABS) explained the website came under attack four times on Tuesday and that authorities took the website down as a precaution after the...
Blog

4 Lessons Learned from Offensive v Defensive Training

In June this year, Fifth Domain ran a ten-day cyberwar course for 21 participants. The course provided participants with both red-team (offensive) and blue-team (defensive) cyber operations exercises. During the first eight days, participants learned a number of principles, frameworks and technical skills that were then put into practice during the...
Blog

Why Continuous Scans Are Important to Vulnerability Management

To protect against evolving digital threats, more and more organizations are employing endpoint detection and response (EDR) systems on their computer networks. EDR consists of six crucial security controls. The first two, endpoint discovery and software discovery, facilitate the process of inventorying each device that is connected to the network...
Blog

VERT Threat Alert: August 2016 Patch Tuesday Analysis

Today’s VERT Alert addresses 9 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-684 on Wednesday, August 10th. EASE OF USE (PUBLISHED EXPLOITS) TO RISK TABLE Automated Exploit Easy ...
Blog

Adaptive Security Starts with the Human Being

Many problems in information security are both perennial and intractable. Audits expose them year after year. Breach after breach occurs because of them. Information security managers are fired as a result of the inevitable breaches, and the deck chairs are rearranged again each time. And yet, the attack surface rarely changes. It’s a revolving door...
Blog

Could Your Smart Home Put You at Risk?

The Internet of Things (IoT) is slowly taking over consumer markets in every category, from coffee makers to fitness trackers. Yet while smart automation might seem like the ideal for consumer convenience, when it comes to home security systems, connecting to the Internet can lead to increased vulnerability. In this article, we take a look at some...
Blog

Man Charged with Selling Stolen Bank Accounts on Dark Web

A federal grand jury has charged a man with selling access to bank customers' stolen account logins on a dark web marketplace. On 22 July, 2016, U.S. Magistrate Judge Janet F. King charged Aaron James Glende, 35, of Winona, Minnesota with bank fraud, access device fraud, and aggravated identity theft after the man allegedly advertised criminal...
Blog

Recommendations for Protecting Against ICS Security Threats

Security is not the same for the industrial control systems (ICS) as it is for information technology (IT). This difference in part arises from the unique characteristics that set IoT and IT environments apart from one another. Take IT, for instance. One of the most important business drivers for securing systems in those types of environments is...
Blog

Apple Announces Bug Bounty Program with Maximum Reward of $200K

Apple has announced it will be launching a bug bounty program that will pay security researchers upwards of USD 200,000 for finding flaws in its software. On Thursday at the Black Hat USA 2016 security conference in Las Vegas, Nevada, head of the Apple Security Engineering and Architecture group Ivan Krstic made the announcement at the end of his...
Blog

How Financial Institutions Can Navigate the New FinCen Rules

The timing could not have been better. Or worse. On the one hand, the massive leak of the so-called Panama Papers earlier this year shone a bright light on the scope of the issues financial institutions grapple with daily to combat money laundering activity and comply with complex, global regulations. On the other, it is likely that more than a few...