Modern digital and cloud technology underpins the shift that enables businesses to implement new processes, scale quickly and serve customers in a whole new way. Historically, organisations would invest in their own IT infrastructure to support their business objectives, and the IT department's role would be focused on keeping the "lights on." To...

An online tutoring program has revealed that it suffered a data breach in which an unauthorized individual might have compromised customers' information. The Hacker News received a copy of a notice sent out by Wyzant to its customers informing them about the data breach. According to this letter, the...

By now, many organizations have turned to DevOps as part of their ongoing digital transformations. This process has not been the same for any two companies. Indeed, organizations have embraced DevOps at their own place, and they’ve invested varying levels of time and budget into their nascent deployments. Such variety has helped shape organizations’...

Last time, I got to speak with social engineering expert Jenny Radcliffe. This time, I got to speak with cybersecurity-minded client manager Tricia Howard. I got to learn even more about social engineering from her plus quite a bit about the importance of user education. Kim Crawley: Please tell me a bit about yourself and what you do. Tricia...

Fraudsters are targeting consumers with one-ring phone scams that exploit people's curiosity so as to trick them into paying exorbitant fees. According to the U.S. Federal Communications Commission (FCC), this scam oftentimes begins when a fraudster contacts an unsuspecting consumer using a one-ring...

I'm sure you have all seen the Rickie Fowler commercial where the interviewer rants about all of the confusing financial terms involved with getting a mortgage. If not, you can find it below: https://www.youtube.com/watch?v=Q1YqNTWOldY Confusion in Cyber Security Throughout my career, I have worked with hundreds of organizations. Regardless of the...

An unprotected database made it possible for anyone on the web to view the personal and employment information of 13.7 million users. Security researcher and GDI Foundation member Sanyam Jain discovered the database and determined that it belonged to Ladders, a New York-based job recruitment site which specializes in high-end jobs. Jain then shared...

Passwords may not be the favourite piece of your workday, however, I have a theory – if I could share with you the value of a password and the reality of how simple they can be to create; then passwords may not be the monster you avoid. When you get the "your password expires in 5 days" notice, instead of feeling anxious or aggravated, let’s...

Companies are moving to incorporate the cloud into their computing infrastructure at a phenomenal rate. This is, without question, a very positive move. It permits companies to scale processing resources up and down in response to changing demands, giving companies the operational equivalent of unlimited resources while paying only for the resources...

Few would dispute the idea that an effective cybersecurity profile requires candid assessments of potential vulnerabilities. Here’s a closer look at the challenges facing the federal cybersecurity mission and the efforts of state-level agencies. Federal Though the federal government demonstrates an ongoing commitment to ramping up its...

A Washington federal court has received a $9.8 million settlement that would resolve a data breach class-action lawsuit filed against Eddie Bauer. Filed on 26 April, the proposed settlement is the product of two years of litigation between Eddie Bauer and Veridian Credit Union, a process which...

Tripwire's April 2019 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Adobe, and Oracle. First on the patch priority list this month are patches for Microsoft's Browser and Scripting Engine. These patches resolve 13 vulnerabilities, including fixes for Memory Corruption, Browser Tampering, and Information...

Last week, I spoke with bug bounty triager and Ubuntu fan Sophia Sanles-Luksetich. This week, I had the honor of speaking with social engineering specialist Jenny Radcliffe. Contrary to what a lot of Nigerian Princes would tell you, in my opinion social engineering is one of the most misunderstood areas of cybersecurity. Kim Crawley: Please tell...

A digital fraudster posed as English actor and film producer Jason Statham to prey upon and steal money from star-struck users. A woman who asked not to be named said the scam began when someone posing as Statham contacted her while she was on a Facebook page dedicated to the actor. She thought it was nice that the actor had seemingly embraced ...

The League of Legends game and human psychology are two things we don’t often associate with cybersecurity – but as an avid gamer, I encountered and observed many parallels between the tactics used to win games like League of Legends and the mentality that guides human behavior in general. Thus, when I began teaching security awareness and being a...

Keeping sensitive data and assets safe is the goal of regulatory cybersecurity frameworks like NIST (National Institute of Standards and Technology). But for government agency security professionals, staying compliant can feel like a Sisyphean task due to the complexity of applying the controls themselves. It’s especially difficult to attempt to...

The current security state of industrial control systems (ICS) is a perplexing one. On the one hand, Kaspersky Lab found in a recent report that a majority of organizations (75 percent) regard ICS security as a major priority. On the other hand, organizations aren’t implementing the proper safeguards to secure their industrial control systems. The...

Last month the world was reminded once again of the danger of supply chain attacks, as it was revealed that hackers had compromised the network of Taiwanese technology giant ASUS to push out a malicious software update to as many as one million laptops. The attack, dubbed "Operation ShadowHammer" by security researchers, saw hackers successfully...

The Washington legislature has passed a bill that effectively expands the state's consumer data breach notification requirements. The Washington State Capitol (Source: Wikipedia) Previously, Washington-based organizations needed to notify consumers of a data breach only in the event that the security...

PCI DSS, or the Payment Card Industry Data Security Standard, is the set of requirements for organizations who process card payments. Sounds simple enough, right? But PCI compliance can pose a major challenge to organizations if they’re not equipped with the proper knowledge and tools. Let’s take a quick look at the basics of PCI compliance, what...