Resources

Blog

FBI Investigates Hacks Against U.S. Law Firms

The Federal Bureau of Investigations is investigating a series of hacks against some of the United States' most prestigious law firms. On Tuesday, the FBI disclosed its investigation into data breaches affecting Cravath Swaine & Moore LLP, Weil Gotshal & Manges LLP, and a number of other high-profile New York-based law firms. Cravath Swaine & Moore...
Blog

Malicious Maturation: Three Ongoing Trends in the Evolution of Malware

If there is one truth about today's threat landscape, it is that nothing remains the same. Such dynamism rests partially with the sheer volume of threats circulating the web. Multiple reports indicate that bad actors are developing as many if not more threats than security personnel have time to remediate. Indeed, in the second quarter of 2015 alone...
Blog

Communication Is Key in the Battle Against Cybercrime

Information Security conferences should form part of the front line when it comes to tackling cybercrime. Unless we learn to share information as an industry, we are always going to be on the back foot. I’m spending a little down time with my family after the relentless pace of the Can Sec West conference in Vancouver, where I had the pleasure of...
Blog

Speeding Ticket Spam Targeting Users with Fake Email Citations

Authorities are warning users to be on the lookout for a speeding ticket scam that attempts to extort money from victims using fake email citations. Earlier in March, the Tredyffrin Police Department wrote a post on the web portal for Chester County, Pennsylvania in which it explains how it came across the spam campaign. "A local corporation...
Blog

Six Suspects Arrested for Manipulating 5 Card Cash Lottery Game Terminals

Six people have been charged with manipulating terminals to produce more winning tickets for the 5 Card Cash lottery game. Back in November of 2015, Connecticut lottery officials suspended 5 Card Cash after they noticed that it was producing more winning tickets than expected. The lottery game consists of tickets on which five playing cards are...
Blog

Countering Cyber Adversary Tradecraft

“The man who grasps principles can successfully select his own methods. The man who tries methods, ignoring principles, is sure to have trouble.” – Ralph Waldo Emerson. Why and how do cyber adversaries – criminals, spies, competitors, activists – continue to find success in fraud, extortion, espionage and sabotage? Governments, corporations and...
Blog

Security Event Monitoring and NERC CIP

I work daily with organizations regulated by NERC CIP, and it always helps to place things into perspective. One of those challenges is security event monitoring. Security event monitoring involves the identification of observable events that may or do represent unauthorized access attempts into a secure environment. One of the most important...
Blog

Survey: 62% of Companies Lack Confidence in Ability to Confront Ransomware Threat

2016 is shaping up to be a pivotal year for ransomware. Just look at the attack campaigns we have witnessed thus far. Back in February, news first broke about Hollywood Presbyterian Medical Center, a hospital located in southern California that temporarily suspended its computer systems following a ransomware attack. The medical center ultimately paid...
Blog

Security Speaks: Breaking Through at BSides

Last summer, we celebrated BSides as a growing and well respected institution in the field of information security. Each BSides event emphasizes interaction between speakers and topics, a focus which makes for a uniquely collaborative atmosphere among security professionals. In this type of setting, each event's organizers are more than happy to...
Blog

Sprouts Farmers Market Falls to W-2 Phishing Scam

Sprouts Farmers Market confirmed on Thursday that a phishing email scam resulted in the retailer inadvertently handing over its employee’s payroll data to cyber criminals. The Phoenix, Arizona-based supermarket chain has approximately 21,000 employees across its 200 U.S. stores. Sprouts spokeswoman...
Blog

Why Antivirus Standards of Certification Need to Change

Security software is designed to keep users safe from malware and other online threats. As such, it enjoys great affect among ordinary users, the majority of whom feel antivirus solutions have helped protect them along each episode of their digital lives. People worry they would be exposed to considerably greater risk online without it. That's a...
Blog

3 New Scams Job-Seekers Should Look Out For

Earlier this year, I published a guide on five common types of scams that fraudsters use to prey upon LinkedIn users. One of those schemes involves a scammer tricking a job seeker into accepting a seemingly legitimate, high-paying "work from home" job that in actuality offers no compensation. In most instances of the scam, the fake company either...
Blog

Yahoo! Introduces Password-Less Account Login Feature

On Friday, Yahoo! announced the company is “moving fast in its mission to ‘kill the password’” with a stable release of its two-factor account login tool, Yahoo Account Key. The Sunnyvale, California-based tech company said the feature allows users to securely access their Yahoo account by sending a push notification to their mobile device when...
Blog

Starting Your Career in Information Technology

Early February is when Red River College puts on its Directions conference, which I attended twice as a student. The purpose of this conference is to connect students and businesses and to assist the former in the transition from student to professional. This year, I had the privilege to speak about my journey of starting out with little experience...
Blog

Enterprise Impressions of Cloud Security in 2016

Data breaches at large companies, such as Target or Home Depot, call to mind concerns about cloud infrastructure security. However, does the media do these cases justice, or is security in the cloud actually better than ever? How do medium and large businesses – enterprises – perceive cloud security systems? Cloud security is both a benefit and...
Blog

Ransomware Propagation Tied to TeamViewer Account (UPDATED)

Researchers have tied the propagation of a new type of ransomware to a TeamViewer user. TeamViewer is a cross-platform service that enables remote computer access for tech support calls, meetings, and other purposes. It has been installed on more than a billion devices, which makes its potential attack surface quite extensive. On March 9th, someone...
Blog

Hidden Tear Project: Forbidden Fruit Is the Sweetest

The scourge of ransomware is by far today’s biggest computer security concern. By stepping into the crypto realm, cybercrooks have thrown down the gantlet to antivirus labs around the globe that are still mostly helpless in the face of this challenge. While many experts have been busy reverse-engineering obtained ransomware samples and posting...