Resources

Blog

The Android Ransomware Threat has Quadrupled in Just One Year

If you need any more evidence that ransomware has become a major problem, just look at how online criminals are busily developing attacks against platforms other than Windows. Yes, Windows continues to be the operating system most commonly targeted with ransomware threats - but malware that attempts to extort money out of you is also being actively...
Blog

Can We Be Better Cheerleaders for Password Managers?

LinkedIn, MySpace and all of the other recent (sort of) password breaches have resulted in many articles that advise everyone to not use the same password on more than one site. This is known as “password re-use,” and the only way to effectively accomplish the task of setting up unique passwords for all of our web accounts is to use a password...
Blog

Hacker Mindset: Email Is the Golden Ticket

In my ongoing blog series “Hacker Mindset,” I’ll explore an attacker's assumptions, methods and theory, including how information security professionals can apply this knowledge to increase cyber-vigilance on the systems and networks they steward. In this first article, I examine how email provides a tool for hackers to gain a foothold into company...
Blog

The Newest Online Threat - .Zepto Ransomware

Terrible news shook the web the other day, as reports surfaced of a new ransomware virus circulating the web. A new version of the infamous Locky ransomware has been unleashed upon users worldwide, affecting computers all across the globe from the USA to Mexico, Japan, Germany, and beyond. The unwelcome arrival of the new virus was first reported...
Blog

EU GDPR – Yawn, Another Regulation. Who Cares?

Well, if you're reading this blog, then I suggest you should! The European Union General Data Protection Regulation (EU GDPR) takes effect on 25th May 2018. But don’t be misled by the title. The EU reference should be treated as an indication of the Regulation's birth place, not some form of virtual boundary restricting its influence. This...
Blog

Infosecurity Europe: Its History, Value, and Future

On June 7-9, information security professionals from all over the world gathered together at Infosecurity Europe 2016, one of The State of Security‘s top 11 conferences in information security. Anyone who’s attended Infosecurity Europe knows how difficult it is to choose which presentations they’d like to see. It’s simply impossible to attend all of...
Blog

Attackers Leveraged Large CCTV Botnet to Launch DDoS Attacks

Attackers leveraged a botnet consisting of thousands of closed-circuit television (CCTV) devices to launch distributed denial-of-service (DDoS) attacks. Daniel Cid, CTO of Sucuri Security, explains that a small jewelry shop recently signed up with his company. At the time, the new customer was experiencing a DDoS attack that had knocked it offline...
Blog

3 Ideas to Help Create Phishing Awareness

I'm pleased to say someone very close to me was recently nabbed by a phish. The phish came into her email looking important and innocuous, so she opened it (and the attachment) and was immediately presented with a message that read, "Your corporate IT security team is conducting phishing training. You just opened what could have been a malicious...
Blog

U.S. Charges Filipino Man For Hacking Celebrities’ Bank Accounts

A Filipino man has been charged with running a large-scale identity theft scheme targeting numerous celebrities and other high-profile victims, reported Reuters. Last week, federal prosecutors in the District of New Jersey, charged Peter Locsin, 35, of Talisay City, Philippines, with one count of bank fraud conspiracy and two counts of aggravated...
Blog

Hacker Selling 650K Healthcare Records on the Dark Web

A hacker who goes by the name "TheDarkOverlord" is selling more than 650,000 patients' healthcare records on the dark web. Motherboard reports that TheDarkOverlord obtained access to three separate databases containing the records by first exploiting an unknown vulnerability in how certain companies implement remote desktop protocol (RDP), which...
Blog

5 Ways to Add Value to Your Business through User Experience (UX)

Security products are not simple e-commerce websites. They are enterprise software products that enable pivotal business goals for customers. Yet as complexity grows, ease of use and other aspects of user experience (UX) can be overlooked and de-prioritized to make way for more features. But as Haroon Meer of Thinkst was quoted in CSO Online: "It...
Blog

Carbonite Resets Users' Passwords After Password Reuse Attacks

Online backup service Carbonite is requiring all users to change their passwords after it observed password reuse attacks targeting their accounts. On Tuesday, the company announced the password reset in a statement posted to its website: "As part of our ongoing security monitoring, we recently became aware of unauthorized attempts to access a...
Blog

My Time at Cisco Live 2015

Looking back now, it’s all a bit of a blur but what a wild ride it’s been! https://twitter.com/5683Monkey/status/608293161455206400 It was early spring 2015. I was fully immersed in the Cisco Networking Academy program at Red River College. As I spent my days deep in technology running my own small MSP, the future possibilities seemed endless as...
Blog

Industrial Control Systems (ICS): Next Frontier for Cyber Attacks?

It’s safe to say that cybersecurity is a common issue for all industries. But what is the cybersecurity state of affairs for Industrial Control Systems (ICS), and why should we care? ICS monitor and control industrial and physical infrastructure processes that are crucial for industries like manufacturing, transportation, energy, oil and gas, and...
Blog

Intrigued by a Career in Infosec? Ask an Expert

On a day-to-day basis, we hear about new digital security threats that are growing in frequency and in sophistication. Responding to this ever-increasing number of challenges makes a career in information security challenging. But it's not all bad. Infosec is also profoundly rewarding to the extent that security personnel help protect businesses',...
Blog

RAA Ransomware Written Entirely in JScript

Researchers have spotted a new crypto-ransomware called "RAA" that is written entirely in the JScript scripting language. Originally detected by security researchers Benkow and JamesWT, RAA is distributed to users as an attached JS file. When a user clicks on the attachment, the file displays what appears to be a corrupted Word document, which allows...
Blog

The Trouble with Web Conferences

We sold our house and moved to an apartment in January, waiting for our new home to get built. Cleaning up the house for a move is a big chore, and one of my tasks for a weekend before the sale was cleaning up a big pile of post-it notes left in a box. I chanced upon a post-it note with a 1-888 number that was an AT&T teleconferencing line. I had...