Renewable energy company EDP Renewables notified its landowners of a ransomware attack that it suffered in the spring of 2020. In a sample notification letter received by the Attorney General's Office of Vermont, EDP Renewables informed its landowners that its information systems had suffered a...

Ransomware has been around for decades going back all the way to 1989. Since then it has only magnified in scope and complexity. Now at a time when working remotely is becoming more universal and the world is trying to overcome the Covid-19 pandemic, ransomware has never been more prominent. Ransomware is a type of malware that prevents users from...

A Nigerian national entered into the custody of the FBI to face charges of having targeted several U.S. companies with business email compromise (BEC) scams. On July 3, the U.S. Attorney's Office for the Northern District of Illinois announced that the United Arab Emirates had expelled Olalekan Jacob...

If the global cybercrime forecast took the form of a weather report, it might go something like this: The extended outlook calls for continued online lawlessness, scattered malware attacks and an ongoing blizzard of data breaches. After all, with experts predicting that the cybercrime epidemic will cost the world $6 trillion annually by 2021 as the...

In 2020, car manufacturer Honda fell victim to a ransomware attack. Using a payload called “update.exe,” the attack crippled Honda’s international customer service and Financial Services wing for days. Although it affected two customer facing branches of this global corporation, the ransomware was designed to target and breach Honda’s critical ICS...

The cyber threat landscape today continues to pose a myriad of unique challenges. This is especially the case for industrial organizations due to factors such as aging equipment, poor design or implementation, skills gaps and a lack of visibility. These shortcomings are exacerbated by the mean time to breach detection, which continues to hover above...

What is the Windows Store? The Windows Store is a digital platform that allows for the distribution of applications. This platform offers both free and paid. Users use the Window Store to install applications that are of interest to them. Can you disable the Windows Store? Windows Store can be disabled via group policy to prevent users from...

Hackers are once again finding unsecured MongoDB databases carelessly left exposed on the internet, wiping their contents, and leaving a ransom note demanding a cryptocurrency payment for the data's safe return. As ZDNet reports, ransom notes have been left on almost 23,000 MongoDB databases that were let unprotected on the public internet without a...

Security researchers spotted Trickbot malware checking the screen resolution as a means of evading analysis on a virtual machine (VM). Digital security firm MalwareLab came across a sample of the trojan that checked to see whether a computer's screen resolution was either 800x600 or 1024x768. It then terminated if it found that the screen resolution...

Organizations cannot afford to neglect their PCI compliance obligations. According to its website, PCI could punish offending organizations with a monetary penalty ranging in value from $5,000 to $100,000 per month. These fines could spell the end for a small business. Acknowledging those consequences, organizations need to make sure they’re PCI...

What are the brakes on a car designed to do? I have asked this question many times when speaking to customers or organizations who were dipping their toes into the audit space. Invariably, their answer was, “To stop the car.” At this point, I would then ask, “Then how do you get where you want to go?” What Is the Purpose of Controls and a...

Security researchers detected a new ransomware strain that leveraged piracy as a means of distributing itself to Mac users. On June 29, a Twitter user reached out to Malwarebytes about a malicious Little Snitch installer that was available for download on a Russian forum known for sharing torrent links. A close look at the installer revealed that it...

Building the Case for IoT Security Framework The Internet of Things (IoT) is growing in technical, social, and economic significance. ENISA defines the increasingly complex IoT systems as “cyber-physical ecosystem[s] of interconnected sensors and actuators, which enables intelligent decision making.” These technologies collect, exchange and process...

Numerous data leaks appeared on the dark web in the second quarter of 2020. At the end of May, for instance, Cyble found a government database containing the personal information of more than 20 million Taiwanese citizens for sale on an underground web marketplace. That was less than two weeks before The Economic Times reported on a dark web data...

The European GDPR (General Data Protection Regulation) is one of the most influential consumer privacy laws that has affected 500,000 companies throughout the world. This law has played a crucial role in formulating another substantial privacy law known as the California Consumer Privacy Act that came into effect on January 1, 2020. Similar to the...

A Vancouver man received a federal prison sentence for his involvement in developing several distributed denial-of-service (DDoS) botnets. On June 25, the U.S. Attorney's Office for the District of Alaska announced that Chief U.S. District Judge Timothy M. Burgess had sentenced Kenneth Currin...

Let’s begin with a short story. Imagine that we have two large organizations in the public sector. These entities are very similar. Both are on the receiving end of cyber threats. Both adhere to multiple compliance standards. And both need to ensure that their IT systems are functioning and working as planned. But they’re not entirely the same. Take...

Do you think you have found a vulnerability in the Sony PlayStation 4 or the PlayStation Network? If so, you could be heading towards a sizeable sum of money. That's because Sony announced details of a new bug bounty program that it is running in co-ordination with vulnerability-reporting platform HackerOne. Sony is inviting security researchers,...

New malware called "Lucifer" came with numerous exploits for conducting cryptomining functionality and performing distributed denial-of-service (DDoS) attacks on infected Windows machines. Palo Alto Networks' Unit 42 research team identified two versions of Lucifer in their research. (Both variants bore the name "Satan DDoS," but for the sake of not...