Resources

Blog

Towards a Cyber Resilience Strategy

As most of you already know, October is National Cyber Security Awareness Month (NCSAM). The aim of NCSAM is to raise awareness across the international community about cyber threats, discuss best practices, and educate the public and private sector on how to stay safe online. Cyber Security is promoted extensively during this month, and many events...
Blog

ATM Malware Attacker Charged with Conspiracy to Defraud

London authorities have charged a member of a European ATM malware gang with conspiracy to defraud. The City of London Magistrates Court officially charged Emanual Leahu, 30, of Bacau, Romania on 30 September, though the City of London Police didn't announce the charges until 4 October. Officers with the London Regional Fraud Team (LRFT), which is...
Blog

Implementing a Password Security Policy at the Workplace for NCSAM

Every October, the Department of Homeland Security (DHS) acknowledges National Cyber Security Awareness Month (NCSAM) to help individual users and companies stay safe online. All NCSAM themes are connected by a single point of understanding: cyber security is a personal matter. As such, it often takes a person-centric approach to mitigate IT...
Blog

The Unforeseen Impact of Unforeseen Risk

It has been a long time since Yahoo has been number one in any market, but in September 2016, it "achieved" a new distinction: the single largest public data breach in human history. The numbers are astonishing, with tectonic shift-like potential implications for companies and organizations of all kinds: 500 million+ accounts affected $4.8...
Blog

Attackers Modifying Core WordPress Files to Redirect Visitors to Spam

Attackers are hacking WordPress sites and modifying core files in order to redirect legitimate visitors to malicious domains hosting spam. Sucuri Security analyzed the attack while helping a customer with their website. Bad actors had infected the site and modified it to redirect visitors to malicious domains, including “windows7keyonsale[dot]com...
Blog

Lessons from the Frontlines of Power Utility Attacks

Security experts have been warning companies and policymakers that systems protecting power utilities and other critical infrastructure are vulnerable to cyber attacks. Those intrusions could produce widespread damage, if they proved to be successful. In fact, as reported by Dark Reading, the Industrial Control Systems Cyber Emergency Response Team ...
Blog

TorrentLocker - Crypto-Ransom Is Still Active in Shadows

TorrentLocker, a ransomware family member, is a type of file-encrypting ransomware that significantly infected Windows operating systems. It was first observed in February 2014 and released in late August 2014. Later, it released with five new major releases. TorrentLocker encrypts the victim's data files by using a symmetric block cipher AES and...
Blog

End-to-End Encryption in Facebook Messenger

Facebook has added end-to-end encryption in Facebook Messenger but there are a few caveats that people need to be aware of. The first is that current messages are not encrypted. You will need to start a new message in order to enable this new option. It’s also important to note that encrypted messages are not available via Facebook but only found...
Blog

Sending The Elevator Back Down

"If you have done well in whatever business you are in, it's your duty to send the elevator back down and try to help bring up the next generation of undiscovered talent." As someone who has been in the security industry for over a decade, this quote from Kevin Spacey resonates with me. I have found the information security field to be particularly...
Blog

How I Became a CISSP – A Journey to Certification

On September 26, 2016, I received my final notice of my Certified Information Systems Security Professional (CISSP®) designation. My path to certification really began in 1996 when I first stepped into the computer world, but my decision to pursue certification began with a conversation that took place at NolaCon in 2015. I was chatting with a...
Blog

Keeping Your Privileged Users Aware

You know you’ve got them. Employees with nearly unfettered access to every nook and cranny of your organization’s network, devices and servers. While often a necessity in the digital age, privileged users represent a huge cybersecurity risk that you should not overlook. Employees who hold the “keys to the kingdom” are an appealing target for hackers...
Blog

VERT Vuln School – SQL Injection 103

Reminder: VERT Vuln School guides are published for educational purposes only. In our last post, we demonstrated how an attacker could leverage a classical SQL injection vulnerability in a web application to leak database information (by reflecting the result of the database queries onto the web application itself). In this post, we are going to...
Blog

MarsJoke Ransomware Made into Laughing Stock by Decryption Tool

MarsJoke ransomware once posed a serious threat to users, but not as much now that researchers released a decryption tool. Kaspersky Lab's Anton Ivanov, Orkhan Mamedov, Fedor Sinitsyn said they created the decryptor by exploiting a flaw in the ransomware's code. Specifically, MarsJoke uses a function "rand()" to randomly generate an array of...
Blog

$1.5 Million Reward Announced for Remote Jailbreak of iOS 10

A company is offering to pay 1.5 million USD to anyone who submits a remote jailbreak for Apple's iOS 10. On Tuesday, the exploit broker Zerodium made the announcement on Twitter: https://twitter.com/Zerodium/status/781516292901789696 Zerodium is well known for offering bug bounty rewards whose value dwarfs those offered by Apple, Google, and other...
Blog

Meet Sp@mLooper, the Bot that Will Spam Spammers Back for You

Everyone hates scams. That's because everyone's a target. As we all know, social media websites like Facebook, Twitter and LinkedIn are rife with fraudsters. Most of those scammers just want a few hundred dollars or access to their target's account. But some want more. Some try to steal their victim's identity, while others attempt to exploit a...