Cybercrime is becoming more sophisticated by the day. Meanwhile, the price for a breach due to damage and disruption, ransom payments and regulatory fines, is increasing. No wonder there's more of a need than ever for companies to set up a dedicated SOC using SIEM to identify threats and raise the alarm. But is that enough to fight the hackers? ...

An Australian teenager who hacked into Apple's network on multiple occasions over several months and stole sensitive files has been told that he will not be imprisoned. As Bloomberg reports, the unnamed hacker - who was 16 years old when the security breaches began - exploited a VPN designed for the use of authorized parties to access Apple's...

Researchers have discovered a new botnet called "Torii" which differentiates itself from Mirai by its use of several sophisticated tactics. Infosec expert @VessOnSecurity is the first to have discovered the new botnet: https://twitter.com/VessOnSecurity/status/1042538889582444546 Named for its use of Tor exit nodes to launch telnet attacks, Torii...

As we have talked about in prior blogs, industrial cybersecurity is a journey. This is a journey that is never-ending, as control system technology advancements are adopting information technology (IT) and cloud-based solutions at a faster rate than ever before. At the same time, the threat landscape of malicious activity is constantly evolving. We...

DevOps is redefining the way organizations handle software development. But it’s also challenging security professionals in their efforts to manage digital risk. With that said, there are security teams need to be strategic about how they approach DevOps security. Here are some expert recommendations on what to do and what to avoid when implementing...

Tripwire's September 2018 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft and Adobe. First on the patch priority list this month are patches for Microsoft's Internet Explorer, Edge and Scripting Engine. These patches resolve 18 vulnerabilities, including fixes for Elevation of Privilege, Information Disclosure,...

Cloud security is not as simple as it may seem. Businesses have a shared security responsibility with cloud service providers, but some lack the knowledge to keep up their share of the bargain. Poor configuration and data leaks are common problems that many businesses encounter in the cloud. These issues can lead to malware infecting your cloud...

New updates and additions to compliance requirements are as regular as the rising and setting of the sun. Recently, The National Institute of Standards and Technology (NIST) released a companion publication to NIST 800-171 that provides guidance on how organizations can assess the CUI requirements in NIST 800-171, known as SP 800-171A. The purpose...

Due to popular demand, my women in information security interview series is back for autumn! This marks the second anniversary since I started. Some of my subjects in this round have been waiting since last spring, so getting to chat with them has been long overdue. Let’s start with Sharka, a penetration tester who is full of enthusiasm. She wants...

Two former employees of Wendy's reportedly filed a lawsuit accusing the fast food restaurant chain of breaking the law in the way it collects and stores employees' fingerprints. According to ZDNet, former Wendy's employees Martinique Owens and Amelia Garcia submitted the lawsuit to a Cook County...

Digital attackers have a history of targeting public sector organizations. For its 2018 Data Breach Investigations Report (DBIR), Verizon Enterprise tracked 22,788 security incidents that affected the public sector. Data disclosure occurred in 304 of those events; digital espionage via phishing or the use of a backdoor served as the most common...

It is a common trend now to see most of the organizations opting for the cloud. Growing business demands, competition and the growth of Software-as-a-Service (SaaS) have helped propel this trend. While everything looks smart in the cloud, what about security? Does that look smart, too? Now that organizations use different kinds of cloud environments...

A Romanian citizen has pleaded guilty to federal charges resulting from a ransomware attack that targeted a police department. On 20 September, Eveline Cismaru, 28, pleaded guilty before the Honorable Dabney L. Friedrich in the District of Columbia to one count of conspiracy to commit wire fraud and...

The ability to feed key security information onto a big screen dashboard opens up many new opportunities for managing the day-to-day security and maintenance workload as well as providing a useful method of highlighting new incidents faster than “just another email alert.” Most Security Operation Centres I’ve visited in recent years have embraced...

The Information Commissioner's Office (ICO) of the United Kingdom announced it will fine Equifax £500,000 for a data breach that occurred in 2017. In a monetary penalty notice filed on 19 September, the ICO revealed its decision to impose the maximum fine specified in section 55A of the Data...

Three men who operated and controlled the notorious Mirai botnet have been sentenced to five years of probation. The Mirai botnet notoriously launched a massive distributed denial-of-service (DDoS) attack on DNS service company Dyn in October 2016 and made it impossible for many users to reach popular sites such as Amazon, Reddit, Netflix, Twitter,...

With individuals, businesses and critical infrastructure increasingly becoming the target of cyber-attacks, cybersecurity today is a multifaceted challenge. As the saying goes, “There’s more than one way to skin a cat.” And if the cat equates to preventing, detecting or discovering disruptive data breaches and determining the root cause, the vendor...

Over the past several months, increased attention has been paid to U.S. federal government policies surrounding internal use of IoT devices. In January 2018, researchers discovered they could track the movements of fitness tracker-wearing military personnel over the Internet. In July, a similar revelation occurred with fitness app Polar, which was...

Cyberattacks hit record highs last year, with nearly 160,000 cyber incidents reported and seven billion records exposed in the first three quarters of 2017, according to Online Trust Alliance’s Cyber Incidents and Breaches Trends Report. With the ubiquity of cyberattacks comes a need for more professionals. However, skilled individuals who are not...

A ransomware attack prevented an English airport from using its flight information screens to assist passengers in their travels. On 13 September, Bristol Airport tweeted out that its flight information systems were experiencing technical difficulties. https://twitter.com/BristolAirport/status/1040427309306662912 For the two days that followed, the...