Resources

Blog

Decision Analysis Applications in Threat Analysis Frameworks

Cybersecurity is generally considered to be a highly reactive field where professionals struggle to keep up with new and emerging threats. As the profession works to become more human-centered and proactive, I have attempted to design a new modeling process that is highly pertinent to these emerging priorities. It combines the existing conceptual,...
Blog

Hackers automate the laundering of money via Clash of Clans

According to a new report, popular smartphone games such as "Clash of Clans" are being used to launder hundreds of thousands of dollars on behalf of credit card thieves. Researchers at Kromtech Security describe how they first came across the money-laundering ring in mid-June when they analyzed an unsecured MongoDB database. The database, which was...
Blog

Survey: Only Four Percent of U.S. Adults are Concerned about Cybersecurity during Summer Vacation

This summer, my family and I visited a few Arizona ghost towns, and the experience made me wonder what it might have been like to travel across the Old West with all your possessions in tow. What would it feel like to ride through mountains, deserts and territories with only a canvas-covered wagon protecting your valuables? I bet they were keenly...
Blog

Researchers Can Earn Up to $100K via Microsoft Identity Bounty Program

Microsoft announced its Identity Bounty Program through which security researchers can earn up to $100,000 for an eligible submission. On 17 July, Microsoft Security Response Center (MSRC) unveiled the creation of a new bug bounty program to help it remediate vulnerabilities affecting its Identity services. Phillip Misner, principal security group...
Blog

BSidesLV Preview: Your Taxes are Being Leaked

Even if you don’t store your tax data in financial software yourself, chances are your CPA or tax preparer does. Have you ever wondered what kind of software or security procedures your trusted advisor has in place to protect your name, address, W-2, tax filings, or Social Security Number? Better yet, have you audited them? I have, and you won’t...
Blog

Women in Information Security: Jessica Hebenstreit

Last time, I had the pleasure of speaking with Roxy Dee. Her expertise is in vulnerability management, and she also loves to pay it forward by giving away books to her lucky Twitter followers. This time I got to speak with Jessica Hebenstreit. She’s worn an awful lot of hats in the cybersecurity field, and now she’s a senior security consultant. She...
Blog

8 Insights on the Future of Ransomware

1. Is ransomware as big a threat as the media claims it is? Ransomware is a variant of malware that we are seeing as the next wave of quick compromise attacks. What that means is quick entry and quick exit. No longer do the bad guys need to hover around on networked devices and perform complicated breaches only to get sensitive information or data....
Blog

Communication: A Significant Cultural Change for Embracing DevOps

Organizations can reap huge rewards by switching to a DevOps software development model. Some enterprises don't know how to make the change. Recognizing that fact, I've spent the past few weeks discussing the benefits of a DevOps model, outlining how organizations can plan their transition, identifying common problems that companies commonly...
Blog

The UK’s Minimum Cyber Security Standard: What You Need to Know

In June 2018, the UK Government, in collaboration with NCSC (National Cyber Security Centre), produced a new security standard that all Government “Departments,” including organisations, agencies, arm’s length bodies, and contractors must adhere to without exception. These measures will continue to increase over time in order to ‘address new threats or classes of vulnerabilities’ and to ...
Blog

Average cost of a data breach exceeds $3.8 million, claims report

Data breaches are getting more expensive. That's one of the findings of a new global study by the Ponemon Institute that examines the financial impact of a corporate data breach. So what is the actual cost of a data breach? Well, obviously it varies depending on the nature of the organisation that has lost control of its data, the nature of data...
Blog

Ease the Squeeze – Cyber Security with Small Teams

The competition is fierce; each team looking to find the best talent and get the most from every member. Sometimes, to fill a position you have to go to your bench, but this is a battle, and you are in it to win it. No, it isn't the national team looking to grab top honors at the World Cup, it's your cyber security team working to defend the...
Blog

How to Receive a Clean SOC 2 Report

Controls—SOC 2 is all about controls. It's right there in the name: Service Organization Controls, S-O-C. A SOC 2 report is a de facto requirement for any organization that wants to store any customer data in the cloud, which means most SaaS or cloud service providers. Unlike PCI DSS, which is prescriptive and very technical, the American Institute...
Blog

Macy’s, Bloomingdales Alert Online Customers of Data Breach

Macy’s is notifying customers of a data breach involving unauthorized access to their payment card data and personal information. In a notice sent to affected customers, Macy’s said it first detected suspicious login activity from certain Macys.com accounts on June 11, 2018. “Based on our investigation, we believe that an unauthorized third-party –...
Blog

VERT Threat Alert: July 2018 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s July 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-786 on Wednesday, July 11th. In-The-Wild & Disclosed CVEs CVE-2018-8278 Microsoft Edge is vulnerable to a spoofing vulnerability that could allow an attacker to design a malicious fake...
Blog

Credential Stuffing List Containing 111 Million Records Found Online

A security researcher discovered an online credential stuffing list containing 111 million records that attackers could abuse to prey upon unsuspecting users. Troy Hunt, an Australian web security expert and creator of the second version of Pwned Passwords, learned about the list from several supporters of his Have I Been Pwned service. They...
Blog

The FBI's 10 Most-Wanted Black-Hat Hackers – #1

It all comes down to this. In surveying the FBI's 10 most-wanted black-hat hackers, we have come across nine criminals who have all made the web a less safe place for users. But we still have one more hacker to discuss. This individual’s crimes have surpassed all the rest in the eyes of law enforcement, so he gets the top spot on our list. In completion of our countdown, the FBI's most wanted...