Resources

Blog

Wireless Routers: First Line of Defense

Almost everything you read or hear about routers includes a sentence or two about router security. The focus is generally on this essential piece of hardware as the first line of defense in an internet-connected world. Many medium-sized companies and large corporations take this into account when they purchase and set up their network infrastructure...
Blog

10 Must-Read Books for Information Security Professionals

There are many ways for IT professionals to broaden their knowledge of information security. Attending infosec conferences, for instance, provides personnel with an opportunity to complete in-person trainings and network with like-minded individuals. Outside of industry events, analysts can pick up a book that explores a specific topic of...
Blog

2.2 Million Email Addresses Exposed in Wishbone Data Breach

A popular social media app known as Wishbone has suffered a data breach that exposed 2.2 million email addresses along with 287,000 cell numbers. In the middle of March 2017, security researcher Troy Hunt received a MongoDB database that belongs to Wishbone. The app, first founded in 2015, allows users to vote on two-choice polls. Over the past two...
Blog

Is Security Ready for the Next 20 Years of Technology?

It doesn’t seem that long ago that we didn’t have online access to many of our utility, banking, and/or even shopping accounts. I was fortunate enough to be part of a revolutionary project at a university in southern England back in 1988, where accessing the internet was using a 1200 baud modem, a terminal emulator connecting via a mainframe that...
Blog

Third-Party Twitter Service Hacked to Push Out Nazi-Themed Tweets

Attackers hacked a third-party service and used their unauthorized access to push out Nazi-themed tweets from high-profile Twitter accounts. On 14 March, prominent companies, publishers, and personalities tweeted out messages containing swastikas and the hashtags #NaziGermany and #NaziHollan written in Turkish. It's thought that supporters of Turkey...
Blog

The Subversive Six – Hidden Risk Points in Your ICS

I was lucky enough to be at the event at which Sean McBride initially spoke about potatoes. Who doesn’t love a good potato? It was actually a succinct outline of a process in agriculture that takes place every day, outlining pinch points of a potato harvester that could illicit physical harm to the workers performing their everyday jobs. It was a...
Blog

Is Fileless Malware Really Fileless?

Over the past few weeks I have been seeing quite a few news articles around fileless malware infecting companies around the world. The article from Ars Technica specifically states that the goal of fileless malware is to reside in memory in order to remain nearly invisible. Besides residing in memory, the second aspect of fileless malware is the...
Blog

4 Best Practices for Improving Your Organization's Supply Chain Security

Digital attackers have many different strategies for infiltrating a target organization. That even goes for companies with robust perimeter defenses. Bad actors simply need to find a soft target they can exploit. Oftentimes, they find what they're looking for along a target's supply chain. We can best understand the supply chain as a network of...
Blog

A Breakdown of the Second Largest HIPAA Fine to Date – $5.5 Million

For the first time, the Office of Civil Rights (“OCR”) penalized a covered entity for failure to implement audit procedures to review, modify, and/or terminate users’ right of access. In the scope of the investigation, it was discovered that more than 100,000 individuals had their electronic Protected Heath Information (“ePhi”) records impermissibly...
Blog

Student Expelled from University for Hacking Professors' Emails

A university has expelled a student for hacking the email accounts of several professors in an attempt to improve their grades. Technion Institute of Technology, a public research institute based in Haifa, Israel, revealed the disciplinary actions it took against the student to Ynetnews: “We are taking this case very seriously, as it is very...
Blog

Level up Your Security Training Through Engagement

We all can agree that security training is critical, but have you ever wondered why your organization does not share your same level of excitement when it comes training time? The majority of organizations struggle with getting employees motivated and enthusiastic about training. Many employees look at training as a quarterly or yearly checkbox with...
Blog

FIM: A Proactive and Reactive Defense against Security Breaches

No matter how well-designed it is, a security program will never prevent every digital attack. But an assault need not escalate into a data breach. Organizations can reduce the likelihood of a major incident by investing in key security controls. One such fundamental security component is FIM. Short for "file integrity monitoring," FIM helps...