Resources

Blog

Redefining the Meaning of Operational Risk

The definition of "operational risk" is variable but it generally covers the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. I, however, want to re-examine this general definition, so that the definition of operational risk takes into account all the cybersecurity-related risks that...
Blog

Police Raid Illegal Call Centers Linked to CRA Phone Scam

There have been many scams that have utilized the phone system to gain access to funds or personal information from hardworking individuals. One of the most prevalent scams that seems to persist in both Canada and the United States is the tax agency scam. The Canada Revenue Agency (CRA) and the Internal Revenue Agency (IRS) were both victims of...
Blog

Kraken Ransomware Now Being Distributed by Fallout Exploit Kit

Kraken ransomware recently added the Fallout exploit kit as another means of reaching users and encrypting their information. Working with the Insikt group from Recorded Future, the McAfee Advanced Threat Research team found evidence that the authors of the ransomware had asked those behind Fallout to be added to the exploit kit. Fallout's...
Blog

5 Types of Malware Currently Affecting macOS

Mac malware, or macOS malware, exists contrary to the popular belief that Apple’s operating system is immune to online threats. Cybersecurity researchers have been closely observing the threat landscape only to conclude that malware infections targeting Mac devices have increased in 2018. Is Apple Losing Its Grip? According to statistics, Mac...
Blog

Women in Information Security: Claire Reckless

Last time, I had the opportunity to talk to Toronto’s own Jennifer Fernick. Somehow, she juggles graduate computer science studies with taking care of a bank’s cybersecurity. I couldn’t do that! This time, I had the honour of speaking with software tester Claire Reckless. Testing an application’s security and functionality is a vital cybersecurity...
Blog

The Masquerade Ball: Train Yourself to Detect Spoofed Files

Masquerading is a technique used in which a file name is maliciously named something similar to one which may be trusted. This specific technique is outlined in detail in the MITRE ATT&CK framework, as well. For example, a file named explorer.exe may seem more benign than one called explor3r.exe. However, file names may not be so easy to spot like...
Blog

5 Insights From the 2018 Verizon DBIR

The 2018 Data Breach Investigations Report digs deep into data-driven findings about the state of global cybersecurity across a number of industries that include manufacturing, healthcare, financial and public administration. Verizon’s 11th annual report revealed the trends behind 53,000 cybersecurity incidents and 2,216 confirmed data breaches. As...
Blog

If Firm Implies Secure, Does That Imply My Firmware Is Secure?

Has there ever been a time in your life when you asked, “How does that work”? In the early days of computing, we learned that BIOS stood for “Basic Input Output (instruction) Set.” It is a set of nonvolatile instructions that dictate how a hardware system should function at startup. I remember my first experiences interacting with BIOS. I...
Blog

DevOps Days – PDX 2018 Review

I had the opportunity to go to my local DevOps Days this year – DevOps PDX. If you've never been, and this was my first time attending, I highly recommend finding the next one closest to you and going. When I say closest to you, it's quite likely there will be one in a city nearby. Aside from the wonderful content, community and interactions, DevOps...
Blog

Staying Secure When Online Shopping: Getting the Basics Right

Online shopping has become so popular that it has contributed to the fall of once giant businesses like Sears. But beneath the convenience of ordering goods at home is a mammoth cybersecurity problem that affects millions of users every year. You may think shopping on sites like Amazon and eBay is completely safe – but it’s not. Hackers can get your...
Blog

Women in Information Security: Jennifer Fernick

Last time, I had the privilege of interviewing Fortalice Solutions founder Theresa Payton. Her combination of White House and private sector intelligence and cybersecurity experience gives her a truly one-of-a-kind perspective in this industry. This time, I got to speak to someone else I’ve met in person in Toronto’s cybersecurity community,...
Blog

Scraping Social Security Numbers on the Web

One of the most accredited forms of validation for a citizen’s identity is a Social Security Number. A Social Security Number is a significant piece of government-issued identification in the United States. When this information is compromised, it can lead to serious problems where an individual to impersonate someone. A citizen may never know that...
Blog

U.S. National Cyber Strategy: What You Need to Know

On September 20, 2018, the White House released a new cybersecurity strategy with several important changes in direction meant to give government agencies and law enforcement partners a greater ability to respond to cybercrime and nation-state attacks. The new U.S. cyber strategy makes one message clear: America will not sit back and watch when...