Resources

Blog

EMET 5.5 - Update Released for Microsoft's Best Kept Secret

It's one of Microsoft's best kept secrets. First released in 2009, the Enhanced Mitigation Experience Toolkit from Microsoft (EMET for short) has been helping companies reduce the risk of being exploited via unknown vulnerabilities in Windows and Windows applications. By detecting and preventing the buffer overflows and memory corruption...
Blog

How to Build a Remote Security Team

This will not come as a surprise to many of you, but there’s a current shortage of cyber security experts out in the field, which is causing job vacancies all over the country. Over the years, we’ve seen the demand for cyber security professionals spike dramatically as organizations realize there’s a problem, and are actively looking to recruit...
Blog

3 Fundamental Traits of an Infosec Aficionado

I’ve had a lot of conversations with high school students and students in their initial years of university who don’t particularly know what they want to be when they grow up. Heck, I’m still trying to figure that out! The advice you hear from most guidance councilors and others who mean well is generally to find something you like to do, something...
Blog

Slaying Rogue Access Points with Python and Cheap Hardware

Imagine we’re sitting at a Starbucks on a Friday afternoon. The coffee shop is pretty busy and full of aspiring hipsters sipping soy lattes and typing away at their MacBooks while loudly listening to Miles Davis. Suppose we really dislike Miles Davis for some reason, and we really want to turn that music off. We could connect to the open WiFi...
Blog

Ransomware Happy Ending: 10 Known Decryption Cases

Hit by ransomware and have no backup? Most of the time, regretfully, you have no chances to recover the encrypted data beyond paying the ransom to the extortionists. The crypto algorithms employed in these attacks cannot be cracked, and the private decryption key is kept on servers inaccessible to the victims. But let’s be positive. Quite a few...
Blog

BlackShades RAT Co-Creator Receives Five Years of Probation

An American man has received five years of probation for co-creating the BlackShades remote access trojan (RAT). On Friday, Michael Hogue, 25, of Arizona, who went by the name "xVisceral" online, received his sentence from U.S. District Judge Keven Castel in Manhattan after pleading guilty back in 2013 to distributing the malware and conspiring to...
Blog

Temporary and Disposable Email: Anonymity, Privacy or Security?

There are several websites available that offer temporary and disposable email addresses, which have become quite popular among Internet users today, as they provide a quick alternative to anyone who wishes for their email address to remain private when sending and receiving emails. Temporary and Disposable Email/SMS - What you Need to Know Some...
Blog

Are Financial Services IT Pros Overconfident in Data Breach Detection Skills?

Tripwire studied confidence vs. knowledge of financial services IT security pros on seven key security controls necessary to detect a data breach. For many controls IT pros believed they had the information necessary to detect a breach quickly but provided contradictory information about the specific data. ...
Blog

Activist Dumps Data of America's Largest Police Union

On Thursday, an activist posted online a data dump of private files belonging to the United States' largest police union. The Guardian reports that the Fraternal Order of Police (FOP), a union which represents 333,000 law American enforcement personnel, has contacted the Federal Bureau of Investigations and requested that it investigate how 2.5GB of...
Blog

4 Factors Behind the Rise of Exploit Kits as a Service

It has been a busy couple of months for the web's most notorious exploit kits (EKs). Back in September, researchers detected a ransomware attack that leveraged outdated content management systems (CMS) in order to redirect user traffic to malicious domains infected with the Neutrino exploit kit and Teslacrypt ransomware. Another ransomware attack...
Blog

Vulnerability Management Program Best Practices – Part 3

This is the conclusion to a three-part series of building a successful vulnerability management program. The first installment focused on Stage One, the vulnerability scanning progress. Without a foundation of people and process, the remaining stages are prone to failure. The second installment focused on Stage Two and Three, using a vulnerability...
Blog

Surfing the New Wave of Endpoint Security

Today, the modern IT environment has evolved beyond personal computers to include servers, workstations and point-of-sale (PoS) terminals. This complexity is forcing admins and security personnel everywhere to rethink how to protect all of their new endpoints. Eric Ogren, Senior Security Analyst at 451 Research, in particular sees that a new era in...
Blog

Ukrainian Attack: Another Wake Up Call?

Critical infrastructure is under attack with disastrous implications that could alter our environment, such as disrupting service or even threatening public safety. The Ukraine attack resulting in six hours of loss of power for more than 80,000 customers is a recent reminder. According to an October 2015 report in CyberWarNews, “every bit of U.S....
Blog

A Guide on 4 Common Facebook Scams

In January, I discussed how scammers commonly use money-based schemes, bot spam, pay-per-follower ploys, illegitimate direct messages (DMs), and worms to harass Twitter users. These malicious actors are in it for the money and/or for unauthorized access. They do not care where or how they need to compromise someone in order to obtain what they want,...