Resources

Blog

Here's What Happens After Your Webmail Account is Compromised

2016 will forever be remembered for all the "mega-breaches" that exposed users' personal information. Most of those larger-than-life security incidents dated back several years, with some breaches having made a larger splash in the security community than others. LinkedIn and Tumblr certainly stood out. But all other events paled in comparison to...
Blog

WhatsApp to Roll Out Two-Step Verification Feature

WhatsApp has announced its plans to make a new two-step verification (2SV) feature available to all of its more than one billion active monthly users. 2SV is an optional security mechanism that adds another step (not factor) to a web service's login process beyond entering in a username and password. As a result, the feature helps to protect users'...
Blog

Tips on Cyber Hygiene and Awareness for Friends and Family

Recently, I had the personal thrill of directly seeing the influence I've had on my friends and family's cybersecurity knowledge and perspectives. I have long been “tech support” for my family and friends. In late 2013, when data breaches started making national news, I also became the “cyber security tech support” go-to person. Four different...
Blog

AdultFriendFinder data breach - what you need to know

What has happened? The AdultFriendFinder website appears to have been hacked, exposing the personal information of hundreds of millions of user accounts. What is AdultFriendFinder? I don't want to be indelicate, so I'll just tell you it's strapline: "Hookup, Find Sex or Meet Someone Hot Now". Oh! So like Ashley Madison? Yes, very much so. And we all...
Blog

'Hack the Army' Bug Bounty Program Announced by U.S. Military

The United States military has announced it will be launching its inaugural bug bounty program called "Hack the Army" in November 2016. Outgoing secretary of the Army Eric Fanning made the announcement in a press conference. He said the program will help the Army keep up with the latest digital threats. As quoted by WIRED: "We’re not agile enough...
Blog

How to Approach Cyber Security for Industrial Control Systems

Today's industrial control systems (ICS) face an array of digital threats. Two in particular stand out. On the one hand, digital attackers are increasingly targeting and succeeding in gaining unauthorized access to industrial organizations. Some actors use malware, while others resort to spear-phishing (or whaling) and other social engineering...
Blog

Casino Rama Resort Says Hackers Stole Data in Digital Attack

Casino Rama Resort says hackers stole information pertaining to its customers, employees, and vendors in a digital attack. On 4 November, the casino based in Rama, Ontario first learned of a security incident that affected one of its networks. Its internal teams began working with digital security experts to figure out what happened. Following their...
Blog

Tips on Keeping Your Mobile Life Secure

Security has always been the matter of heated debates between staunch adherents and implacable adversaries of both Android and iOS. With the advent of Google’s new phone, Pixel, the heat hasn’t subsided. On the contrary, it rose to a whole new level. Right now, Pixel is under close scrutiny of active web surfers and online security gurus as per...
Blog

BEC Scammers Building Rapport with Victims to Improve Chances of Success

Business email compromise (BEC) scammers are now focusing on building rapport with victims to increase their chances of success. Just as a little background, a BEC scam begins with an actor launching spear-phishing or whaling attacks against a senior, C-level executive. If the attack proves successful, the actor spends some time researching how the...
Blog

Women in Information Security: Isly

Women in information security, being a minority, deserve a spotlight. Previously, I've interviewed Tiberius Hefflin, a Scottish security analyst who is currently working in the United States, and Tracy Maleeff, a woman who went from library sciences to infosec, who's now a host of the PVCSec podcast, and who runs her own infosec business. Recent...
Blog

Shadow Brokers Leaks Dilemma – History of Events Explained

In February of 2015, researchers at Kaspersky Lab disclosed the existence of a sophisticated cyber-attack group that's been in operation since early 2001, and targeted almost every industry and foreign countries with its zero-day malware. Kaspersky called this threat actor the Equation Group because of its love for encryption algorithms and the...
Blog

The World of the Technical Support Scam

According to new research published by Microsoft last month, one in three users fell victim to a tech support scam in the last year. One in five followed up on a suspicious interaction by downloading software or visiting a fraudulent website, while nearly one in ten lost money. The classic scam The traditional form of a tech support scam has been...
Blog

Scam Says LinkedIn Team Needs Your Photo ID for Account Verification

Against many experts' advice, we as users tend to overshare information about ourselves on social media. Doing so makes the job of a bad actor so much easier. Depending on the content of the shared details, an actor can leverage the information to commit identity theft. Alternatively, they can abuse it to conduct targeted phishing campaigns known as...
Blog

VERT Threat Alert: November 2016 Patch Tuesday Analysis

Today’s VERT Alert addresses 14 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-698 on Wednesday, November 9th. Ease of Use (published exploits) to Risk Table Automated Exploit ...
Blog

Netflix Patches Vulnerability That Allowed Account Takeover Via Voicemail

An Austrian security researcher recently unveiled a vulnerability affecting Netflix that allowed attackers to takeover user accounts. In a blog post published on Monday, the researcher – known as ‘Slashcrypto’ – explained the attack works when a victim’s voicemail can be hacked to bypass the password reset function of Netflix. “… When a user wanted...