Resources

Blog

Joomla SQL Injection Flaw Exploited Hours After Disclosure

Malicious actors began exploiting a patched critical vulnerability found in Joomla—a popular open-source content management system—just four hours after its details were disclosed. Discovered by researchers at Trustwave, the SQL injection flaw (CVE-2015-7297, CVE-2015-7857 and CVE-2015-7858) found in versions 3.2 through 3.4.4 of Joomla could...
Blog

Hacked Shopping Mall CCTV Cameras Are Launching DDoS Attacks

If you're running a CCTV surveillance camera in your office, high street store, or at home make sure that you are not unwittingly helping hackers launch denial-of-service attacks. That's the warning that has been issued by the security team at Incapsula, who discovered a botnet of 900 CCTV cameras spread across the globe, flooding targeted websites...
Blog

Security Nightmare of Driverless Cars

The fear of malicious actors taking control of glaring flaws in smart cars is on the rise. This threat is therefore considered to be one of the major technical challenges confronting the automotive industry today. Car Manufacturers Initially, car manufacturers were not very familiar with the cyber security community. From a hacker’s perspective,...
Blog

Security Mentorships and Future Proofing Resource Resilience

Everyone always talks about the shortage in cybersecurity talent or their limited cyber resources. However, what I haven’t seen too many folks focus on is the mentoring of the next generation workforce. I recently started volunteering with high school kids, who are mostly all minorities, such as me. I found them, or should I say their coach found me...
Blog

TalkTalk Investigates Breach that Might Have Exposed 4M Customers' Info

TalkTalk, a UK telecommunications company, is an investigating a data breach that might have compromised the personal information of as many as four million customers. On Friday, Trista Harrison, Managing Director (Consumer) of TalkTalk, posted an update on the company's website about the incident: "We are very sorry to tell you that yesterday a...
Blog

Launching an Efficient and Cost-Effective Bug Bounty Program

Over the last few years, you’ve probably heard a lot about companies launching their own bug bounty programs. Software giants, such as Google, Microsoft, Twitter and Yahoo, as well as hardware-centric companies, such as Tesla, Samsung and even United Airlines, run programs that pay out cash for finding vulnerabilities. As these programs gain...
Blog

Takeaways From The 2016 PwC Global State of Information Security Survey

Now in its 18th year, The Global State of Information Security® Survey 2016 – a worldwide survey by CIO, CSO and PwC – observes a fundamental shift in the way business leaders are responding to today’s biggest security challenges. Recognizing the rising cyber risks, a growing number of boards and executives are taking action to improve their...
Blog

Email Is Not a File System

On Monday, the news buzzed with a story about a high school student who had managed to break into the email accounts of CIA Director John Brennan and DHS Secretary Jeh Johnson. We've seen this scenario played out all too often. The teen used the standard social engineering techniques to find out enough information about the targets to force a...
Blog

10-Second Hack Delivers First Ever Malware to Fitness Trackers

A security researcher has developed a method by which one can exploit a vulnerability in FitBit fitness trackers and subsequently deliver malware to the target device in 10 seconds. FitBit (Source: PCMag) Axelle Apvrille (@cryptax), a malware researcher at network security firm Fortinet, has found...
Blog

Security Hygiene: Protecting Your Evolving Digital Life

This week marks Week 4 in National Cyber Security Awareness Month (NCSAM), a program sponsored by the Department of Homeland Security (DHS) in cooperation with the National Cyber Security Alliance and the Multi-State Information Sharing and Analysis Center. NCSAM emphasizes our shared responsibility in strengthening the cyber security posture of our...
Blog

Attacking Automobiles: Inside a Connected Car's Points of Vulnerability

Hacking cars has made big headlines in recent months. Back in July of this year, security researchers Charlie Miller and Chris Valasek won the attention of the information security community and beyond when they successfully hacked a Jeep Cherokee's computer via its Uconnect infotainment system. The duo was able to rewrite the automobile's firmware,...
Blog

CIA Director’s Private Email Account Allegedly Hacked

Federal law enforcement is investigating claims of an anonymous hacker allegedly infiltrating the personal email account of CIA Director John Brennan earlier this month. According to a report by The New York Post, Brennan’s private AOL account contained sensitive information, including Social Security numbers and personal information of more than a...
Blog

Defensibility: Moving from Defensible to Defended

Defensible and defended are not the same thing. There are characteristics of an environment that make it more or less defensible. While IT and OT environments both have some mixed results, in general, OT environments are more defensible than IT environments. My hypothesis, as a reminder, is that a more defensible network is one in which currently...