Resources

Blog

Women in Information Security: Leila Powell

Last time, I spoke with Valerie Thomas. She specializes in SCADAs and industrial control systems; she enlightened me on their cybersecurity aspects. This time, I got to speak with Leila Powell. Her background in astrophysics taught her how to manage data to better understand the effectiveness of security controls. Kim Crawley: Hi, Leila! Please tell...
Blog

Chili's Restaurants Suffered Payment Card Data Security Incident

Some Chili's restaurant locations suffered a data security incident that might have compromised customers' payment card details. Brinker International, a Dallas-based multinational hospitality industry company which operates 1,600 Chili's restaurants, said it learned of the incident on 11 May. It provided additional details about the event in a...
Blog

Five Essential Steps for Moving to DevOps

Last week, I introduced the DevOps model for software development and discussed the advantages this type of approach has over more traditional methods. Its benefits, which include collaboration between operations and development teams as well as a better overall project creation for customers, explain why so many organizations are transitioning to...
Blog

Phishing Site Encrypted With AES Designed to Steal Users' Apple IDs

Scammers designed a phishing website and encrypted it with the Advanced Encrypted Standard (AES) in their attempts to steal unsuspecting users' Apple IDs. Researchers at Trend Micro came across the phishing campaign on 30 April. It all began when they received an email designed to look like it came from Apple. The email warned recipients that Apple...
Blog

Encryption Is Only as Strong as Your Password

In recent months, the encryption debate has heated up once again. Most recently, some shock waves were sent across the industry when ThreatWire reported a new tool, known as GrayKey, which could decrypt the latest versions of the iPhone. Fortunately, that tool is only available to law enforcement agencies... for now. The point to be noted is that if...
Blog

Zero-day flaw exploited in targeted attacks is fixed by Microsoft

This month's Patch Tuesday bundle of updates from Microsoft included a fix for a critical vulnerability that has been actively exploited by at least one hacking gang in targeted attacks. The vulnerability, dubbed CVE-2018-8174, is a remote code execution flaw in the Windows VBScript Engine. It affects the latest version of Internet Explorer and any...
Blog

Devs Find Fake Version of Bitcoin Wallet Stealing Users' Seeds

Developers have found that a fake version of a popular Bitcoin Wallet comes equipped with the ability to steal users' seeds. On 9 May, the Electrum team published a document on GitHub calling out "Electrum Pro" as "stealware" and "bitcoin-stealing malware." According to the developers, the individuals behind Electrum Pro took control of "electrum...
Blog

The Behavioral Intelligence Officer

With the advent of increased cyber security related threats, the majority of attacks point to one target, and that is the human element. Examine any survey relating to cyber security threats faced by organizations from ransomware to phishing, and these attacks all have one target in common: the human element is necessary to trigger the attack....
Blog

Why Organizations Need to Secure Their Containers

Containers are revolutionizing the way that organizations deploy applications. These technologies are packages, notes Amazon Web Services (AWS), that enable teams to run applications and their code, configurations and dependencies in resource-isolated processes. As such, they allow for reduced environmental dependencies, support for micro-services...
Blog

VERT Threat Alert: May 2018 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s May 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-777 on Wednesday, May 9th. In-The-Wild & Disclosed CVEs CVE-2018-8120 This privilege escalation vulnerability affecting Win32k could allow an attacker to execute code in kernel mode. According...
Blog

8 Tips to Harden Your Joomla Installation

Joomla arrived on the scene in 2005 as a fork of the Mambo content management system (CMS). Downloaded over 91 million times, it has since eclipsed Mambo to become a ubiquitous platform for websites of all sizes. According to last year's Hacked Website Report from Sucuri, which used insights from over 36,000 compromised sites, Joomla is the second...
Blog

Women in Information Security: Valerie Thomas

In my last interview, I spoke with Jen Fox. She’s a Senior Security Consultant who specializes in compliance. This time, I had the pleasure of speaking with Valerie Thomas. She has a lot of expertise in both penetration testing and industrial cybersecurity. Kim Crawley: Please tell me about your cybersecurity role and how you got there. Valerie...
Blog

A DevOps Model: What It Is and Why It's Beneficial

Software development has changed significantly in recent years. This transformation is, in part, a response to challenges resulting from the traditional waterfall software development model. Under the old process, a software company receives a deadline for creating a product that's ready to roll out to customers. The firm activates its team of...
Blog

Twitter Asks Users to Change Passwords After Finding Internal Log Bug

Twitter is asking its more than 330 million users to change their passwords after it discovered a bug within one of its internal logs. On 3 May, CTO Parag Agrawal announced the discovery of a weakness that had undermined Twitter's secure storage of users' passwords. He explained that Twitter uses the bcrypt cryptographic hashing algorithm to convert...
Blog

Kitty malware gets its claws into Drupal websites to mine Monero

Websites running vulnerable versions of the Drupal content management system are being targeted by the latest incarnation of the Kitty malware family. Security researchers at Incapsula report that Kitty is attempting to hijack servers using the highly critical Drupalgeddon 2.0 remote code execution exploit (CVE-2018-7600), which was made public at...
Blog

Phishers Leveraging GDPR-Themed Scam Emails to Steal Users' Information

Phishers are using scam emails that leverage the European Union's General Data Protection Regulation (GDPR) as a theme in an attempt to steal users' information, a security firm found. Researchers at managed threat detection solutions provider RedScan came across one such phishing message that appeared to originate from Airbnb. The scam email, which...