Resources

Blog

Fifty Shades of FIM

File Integrity Monitoring solutions have been around for a few decades now, with one purpose in mind: to monitor changes to files on the endpoint. However, there is more to integrity monitoring than just looking at files. Over the past year or so, whilst working with Tripwire, I have met a large number of people who define FIM (File Integrity...
Blog

New Study: Companies Aren't Prepared for Cyber Security Threats

In the modern world, it isn’t bank robbers we’re worried about – it’s cyber criminals. They can steal consumer information, alter data so that it gives false insights or remains corrupted for months or even years without notice, and even sell valuable intellectual property to the highest bidder, putting companies under. However, while many...
Blog

How Smart Watch Data Exposed a Cheating Half-Marathon Runner

Most security folks are familiar with the threats posed by the Internet of Things (IoT). Indeed, one need only look to what happened to Dyn in October 2016 to grasp the devastating potential of insecure IoT devices. Given this new wave of distributed denial-of-service (DDoS) attacks, as well as the Mirai-infected bots that power them, it's no wonder...
Blog

Boeing Notifies 36,000 Employees of Email-Based Security Breach

Boeing has notified 36,000 employees of a security breach involving an email that inadvertently disclosed their personal information. On 8 February 2017, the American aerospace company sent a letter to Bob Ferguson, Attorney General for Washington State. In it, Boeing says a security incident might have exposed the personal information of 7,288...
Blog

A C(I)SO View on RSA 2017: “China Is Hiring in the US”

Two weeks ago, while visiting the yearly security gathering at the RSA Conference in San Francisco’s Moscone center complex (and adjacent hotels – it’s growing like mad), I was walking across the North and South Expo halls to check out some vendors (several I had appointments with, some by curiosity, and a few that were really new kids on the block)...
Blog

Let’s Talk About Security Skillsets and Cyber Certifications

One of the key challenges with what we now call cyber is the shortage of relevant technical cyber skills. This is directly linked to what would seem to be an inability to recognise or accept the real scale of the cyber threat, which is, of course, playing into the hands of the criminals and hackers who are harvesting millions in revenue as a result...
Blog

The Next Wave for Cybersecurity Awareness

The annual RSA Conference is a lot of things to a lot of people (43,000 this year!). For me, it’s become an annual opportunity to step out of the stream and to look back at what has happened in the last year and peer forward at what’s to come. This year, I think we have reached an inflection point around the way we as a profession treat the “human...
Blog

TeamSpy Data-Stealing Malware at It Again with New Spam Campaign

Attackers have lots of ways of gaining access to a target's information. One of their preferred attack vectors is exploiting careless end user behavior. This is especially true when it comes to users who don't adequately protect their web accounts. For instance, bad actors targeted users of TeamViewer, software which allows IT professionals to gain...
Blog

The Top 10 US Cities for Information Security Professionals in 2017

A lack of skilled information security professionals poses a threat to most organizations. In Tripwire's 2016 Security Challenge Survey – Skills Gap, 75 percent of IT security professionals said they don't have enough skilled personnel to detect and respond to a breach. Almost the same percentage (66 percent) of respondents reported a dearth of...
Blog

One Million Coachella User Accounts Found For Sale on The Dark Web

Nearly one million user accounts for the Coachella Valley Music and Arts Festival website have been found for sale on the underground marketplace. According to a recent report by Motherboard, the data available for purchase includes email addresses, usernames and hashed passwords. The data trader, who identifies as ‘Berkut,’ wrote on the Tochka...
Blog

Destructive Mac ransomware spread as cracks to pirate commercial software

In their ever-increasing aggressiveness to wring even more money out of victims, it's perhaps no surprise to see some online extortionists creating ransomware targeted against affluent Mac users. The latest example of Mac ransomware, OSX/Filecoder.E, has been discovered by malware analysts at ESET after it was distributed via BitTorrent distribution...
Blog

Malicious Chrome Extension Punishes Users with Tech Support Scam

A malicious Google Chrome extension punishes users who search for certain keywords by redirecting them to a tech support scam. Attackers introduce users to the rogue extension via a malvertising campaign. Most of the time, malicious adverts redirect users to an exploit kit that installs ransomware or other baddies. In this case, the advertisement...
Blog

GDPR and the DPO: Five Things to Know About Your Next Job Vacancy

If the GDPR (General Data Protection Regulation), the EU's data protection harmonisation project, was to become Hollywood movie, its genre would most likely be horror. Focus on the regulation over the past twelve months has been mostly aimed toward its penalties, with scare stories in no short supply. The GDPR has been called many things; visionary,...
Blog

Here's What You Missed at BSidesSF 2017

BSides is known for its collaborative and welcoming environment – something that truly sets it apart from the many other security conferences that are held these days. Today, the conference series has spread all across the world, yet its mission remains the same: to provide an open forum for infosec discussion and debate. Tony Martin-Vegue, a...