Resources

Blog

Half of Companies Not Confident in Security of Partners and Suppliers, Reveals Survey

By now, almost everyone knows what happened during the Target breach. In the late fall of 2013, a group of attackers uploaded card-stealing malware to a small number of point-of-sale (POS) terminals in the retailer's stores. That malware ultimately compromised some 40 million debit and credit card accounts over the span of about two weeks. In the...
Blog

MIT Introduces Bug Bounty Program

The Massachusetts Institute of Technology (MIT), famed as one of the top tech schools in the country, introduced an “experimental” bug bounty program this week. The private, Cambridge-based research university is among the first academic institutions to announce a program designed to encourage finding...
Blog

Are you Safe From Ransomware?

2016 is shaping up to be the year of ransomware. Cyber-attacks are on the rise, with companies losing control of their critical assets. And the problem isn’t going away. Could your company fall victim to these malicious attacks? Everyone is vulnerable, but the good news is that there are simple steps you can take today using security tools you already...
Blog

Just When You Thought It Was Safe to Step Away from Social Media

Many of my friends having been dropping off the social media spectrum lately. Some have gone so far as to deactivate their social media accounts. They all have good reasons, and in some cases, I see them spending their time much more productively without worrying about the constant distraction of online socializing. None of them have received a...
Blog

IoT Problems Are about Psychology, Not Technology

I was on a security panel recently where we were asked to define the Internet of Things (IoT). This term is as vague as it is broad. It can be argued that it includes almost any “thing” that can be part of a network. I was not happy with any of our answers, including my own, so I spent some time thinking about it. When I was asked this question at a...
Blog

3.8 Million Naughty America, Adult Dating Accounts for Sale on Dark Web

Databases containing 3.8 million adult dating and Naughty America users' web accounts are up for sale on a dark web marketplace. As reported by Infosecurity Magazine, a hacker is advertising several leaked databases on the underground web forum The Real Deal. Those databases are believed to contain 3.8 million users' information, which includes...
Blog

WhatsApp: Physical Access Trumps Encryption

WhatsApp is an instant messaging service with well over one billion global users. To put it into perspective, one in seven people on the planet actively use this popular messaging app to send some 30 billion texts, voice messages and videos every single day. In 2014, WhatsApp was acquired by Facebook for $19.3 billion. It is now the most powerful...
Blog

ModPOS – The Mechanics of a POS Malware Framework

Malware as a business model rests on two core tenets—the first is innovation. Malware authors are constantly innovating tools and techniques that allow their software to slip past network defenses, to brute force their way past weak authentication credentials, and to escalate local privileges—all in an attempt to counter the work of security personnel...
Blog

Email Scam Defrauded American Corporation Out of $100 Million

Last year, attackers used an email scam to defraud an unidentified American corporation out of $100 million, report U.S. authorities. According to Reuters, the American corporation was targeted by a business email compromise between August and September of 2015. A business email compromise (BEC) is a type of payment fraud where an attacker...
Blog

Former Reuters Journalist Sentenced to Two Years for Hack

A former Reuters journalist has been sentenced to two years in prison for helping to hack a multimedia corporation. Last October, a California jury found Matthew Keys, 28, guilty of one count of conspiracy to make changes to a corporate website, one count of transmitting malicious code, and one count of attempting to transmit malicious code for an...
Blog

Mutating Qbot Worm Infects Over 54,000 PCs at Organizations Worldwide

Researchers at BAE Systems have published a report investigating the return of the Qbot network-aware worm, revealing infections on some 54,517 PCs. 85% of the affected systems are based in the United States, with academic, government and healthcare industry networks particularly badly hit. Earlier this year, for instance, the media reported that...
Blog

Hacker Confessions: Let There be "Light"

As a child, I loved taking things apart. I was always overly precocious and immensely curious—so much so, that I was frequently disciplined for “breaking” things. Years later, as a young adult—I would find myself taking things apart again—only this time, I was a divorced mother of three and going back to college, where the taking-apart part inspired...
Blog

How to End the Gender Diversity Problem in Cyber Security Forever

"We ourselves feel that what we are doing is just a drop in the ocean. But the ocean would be less because of that missing drop.” – Mother Teresa. I live by this quote. It’s powerful. It inspires me and it’s one of the reasons why I do what I do. Let me explain. It all began with a blog. I was in a state of shock after having read an (ISC)² report,...
Blog

VERT Threat Alert: April 2016 Patch Tuesday Analysis

Today’s VERT Alert addresses 13 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-666 on Wednesday, April 13th. Ease of Use (published exploits) to Risk Table Automated Exploit Easy ...
Blog

Shredder Counter-Forensics: Secure Physical Data Destruction

Despite increased digitization and other paper reduction efforts, global paper usage has nonetheless increased in the last 30-odd years. With the average officer worker in the US using 10,000 sheets of copy paper annually, the security risks related to the circulation of potentially sensitive documents pose a serious issue for information security...