Resources

Blog

Man Used BEC Scam to Defraud Two U.S. Companies of $100M

A man used a business email compromise (BEC) scam to defraud two internet companies based in the United States out of 100 million dollars. On 21 March, the FBI along with the U.S. Attorney’s Office for the Southern District of New York announced criminal charges against Evaldas Rimasauskas, 48, of Vilnius, Lithuania. Lithuanian authorities arrested...
Blog

Making Mistakes in Security

At some point in your career, you will make mistakes—small mistakes, big mistakes, even career-defining mistakes. I am writing this in retrospect because during the course of my job duties, I recently made a mistake. The details are irrelevant, but I wanted to share my experience with making mistakes in the professional world. Mistakes and human...
Blog

Bringing Clarity to Really Really Big Data: A Case for AI and Machine Learning to Help Crunch and Protect Our Data

It's funny how kids have an affinity for toys we enjoyed as kids – like Legos. They will spend hours creating the biggest “thing,” often leading to a parent’s near universal response, “Johnny! That is the biggest tower I have ever seen! Great job!” Children (and we) love Legos because they foster imagination, offering a limitless way to create...
Blog

The Importance of a Strategic Response to Cyber Incidents

There are a variety of ways a company can experience cyber incidents, ranging from a distributed denial of service network attack to internal information theft. The first response is usually to enlist incident response professionals to resolve the issue as quickly and efficiently as possible. However, there are several factors companies should...
Blog

Clever Gmail Phishing Scam Tricked Even Technical Users

A Gmail phishing campaign is clever enough to have almost tricked or successfully fooled multiple technical users. The attack, which other contributors to The State of Security have spotted, begins when a Gmail user receives an email. Oftentimes, the message comes from someone they know whose account has already been compromised. The email appears...
Blog

Wireless Routers: First Line of Defense

Almost everything you read or hear about routers includes a sentence or two about router security. The focus is generally on this essential piece of hardware as the first line of defense in an internet-connected world. Many medium-sized companies and large corporations take this into account when they purchase and set up their network infrastructure...
Blog

10 Must-Read Books for Information Security Professionals

There are many ways for IT professionals to broaden their knowledge of information security. Attending infosec conferences, for instance, provides personnel with an opportunity to complete in-person trainings and network with like-minded individuals. Outside of industry events, analysts can pick up a book that explores a specific topic of...
Blog

2.2 Million Email Addresses Exposed in Wishbone Data Breach

A popular social media app known as Wishbone has suffered a data breach that exposed 2.2 million email addresses along with 287,000 cell numbers. In the middle of March 2017, security researcher Troy Hunt received a MongoDB database that belongs to Wishbone. The app, first founded in 2015, allows users to vote on two-choice polls. Over the past two...
Blog

Is Security Ready for the Next 20 Years of Technology?

It doesn’t seem that long ago that we didn’t have online access to many of our utility, banking, and/or even shopping accounts. I was fortunate enough to be part of a revolutionary project at a university in southern England back in 1988, where accessing the internet was using a 1200 baud modem, a terminal emulator connecting via a mainframe that...
Blog

Third-Party Twitter Service Hacked to Push Out Nazi-Themed Tweets

Attackers hacked a third-party service and used their unauthorized access to push out Nazi-themed tweets from high-profile Twitter accounts. On 14 March, prominent companies, publishers, and personalities tweeted out messages containing swastikas and the hashtags #NaziGermany and #NaziHollan written in Turkish. It's thought that supporters of Turkey...
Blog

The Subversive Six – Hidden Risk Points in Your ICS

I was lucky enough to be at the event at which Sean McBride initially spoke about potatoes. Who doesn’t love a good potato? It was actually a succinct outline of a process in agriculture that takes place every day, outlining pinch points of a potato harvester that could illicit physical harm to the workers performing their everyday jobs. It was a nice...
Blog

Is Fileless Malware Really Fileless?

Over the past few weeks I have been seeing quite a few news articles around fileless malware infecting companies around the world. The article from Ars Technica specifically states that the goal of fileless malware is to reside in memory in order to remain nearly invisible. Besides residing in memory, the second aspect of fileless malware is the...
Blog

4 Best Practices for Improving Your Organization's Supply Chain Security

Digital attackers have many different strategies for infiltrating a target organization. That even goes for companies with robust perimeter defenses. Bad actors simply need to find a soft target they can exploit. Oftentimes, they find what they're looking for along a target's supply chain. We can best understand the supply chain as a network of...
Blog

A Breakdown of the Second Largest HIPAA Fine to Date – $5.5 Million

For the first time, the Office of Civil Rights (“OCR”) penalized a covered entity for failure to implement audit procedures to review, modify, and/or terminate users’ right of access. In the scope of the investigation, it was discovered that more than 100,000 individuals had their electronic Protected Heath Information (“ePhi”) records impermissibly...