If you've read a security blog anytime in the last year, you haven't escaped mention of the dreaded skills gap for cybersecurity professionals. There seems to be consensus that it's getting harder to hire skilled security staff, though the reason for that is up for debate – some say we're just going about it the wrong way, while others claim it is...

A new Netflix phishing attack leverages fake emails from the streaming service to trick users into handing over their credit card credentials. The attack starts when a user receives an email from what appears to be Netflix warning them that they need to update their membership information. An example...

Last week, a hacking gang abused the SWIFT banking network to steal $60 million after planting malware on a Taiwanese bank's servers. The Far Eastern International Bank has confirmed that malware had been found on it computer systems, affecting PCs and servers, as well as its SWIFT terminal. SWIFT (the Society for Worldwide Interbank Financial...

Today’s VERT Alert addresses the Microsoft October 2017 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-746 on Wednesday, October 11th. In-The-Wild & Disclosed CVEs CVE-2017-8703 This CVE describes a publicly disclosed denial of service vulnerability which impacts the Windows Subsystem for...

Wipers, ransomware, and malicious insiders all pose a threat to organizations in that they can destroy corporate data. In response, many companies have processes in place that can help them recover from these and other types of data corruption events. But these strategies beg the question: how can organizations know that the data they recover is...

A rogue website exposed several pieces of information pertaining to students who attend a high school in the San Francisco Bay Area. On 5 October, the Palo Alto United High School posted a "Notice of Data Breach" on its website. The message reads as follows: "Staff was notified this morning about a website that exposed information about Palo Alto...

Do you go fishing? You may or may not, but we see far too much phishing going on in the Internet ocean, and it scares us. The risk of over-phishing is not necessarily our concern. Our concern rests in that phishing is so easy, and big fat phish of this Internet ocean are getting gobbled up. And that’s not good for us because many of us don't really...

In my last interview, I got to speak with Keren Elazari. Not only did she start BSides TLV but also contributed to a book about women in technology. The book is Women in Tech: Take Your Career to the Next Level with Practical Advice and Inspiring Stories, which was authored by Tarah Wheeler. So, guess who I got to speak with this time? Yep, Ms....

According to the figures from the FBI, through December 2016 cyber thieves stole over $2 billion from 24,000 businesses using a scam that starts when business executives’ or employees’ email accounts are compromised or spoofed (BEC scam). Criminals are able to steal money with the help of an unwitting accomplice: an employee who is fooled into...

Apple has released an update that is designed to better protect passwords for encrypted APFS volumes on machines running macOS High Sierra. APFS is short for Apple File System. The Cupertino-based tech giant created it to fix some issues involving Mac OS Extended. Apple File System is meant for computers with flash or solid-state drive (SSD) storage...

When hackers broke into the email account of a New Zealand grape-grower with the intent of stealing NZD $90,000 (approximately US $70,000) their plan came so very close to fruition. As Stuff New Zealand reports, it was only because of the careful eye of Kathryn Walker, the general manager of Marlborough Vintners (who - notably - previously had a 12...

September 2017 was comparatively slow in terms of ransomware. Perhaps the extortionists kept struggling to bridge the money laundering gap after the FBI took down the BTC-e Bitcoin trading platform in late July. Some of the noteworthy events include the emergence of Locky’s new persona called Ykcol, failed experiments of GlobeImposter ransomware...

What happens when an ATM needs to be filled with brand new $20 bills? Let’s examine the whole process: The $20 bills are initially stored in a bank vault. Very secure. An armored truck drives through a tunnel to the bank facility, where armed, trained, and white-listed employees transfer the money from the vault to the armored truck. Again, very...

An unidentified hacker is attempting to sell information pertaining to more than 6,000 Indian enterprises on a DarkNet forum. Researchers at Seqrite, the enterprise security brand of IT security firm Quick Heal, found an advertisement for the data on DarkNet. As of this writing, whoever is behind the posting is currently offering the information,...

Cloud services come with their own security challenges for enterprises that use them. Under the Shared Responsibility Model, a cloud service provider (CSP) is charged only with securing the infrastructure that makes cloud services possible. It does not engage in security configuration/monitoring of the operating system or applications. Instead,...

In the information security world, we always use the buzzword “Defense in Depth.” Though the concept is simple, it is difficult to implement. Organizations that carry out a proper risk analysis have a clearer picture in terms of cost/benefit analysis. In this article, we shall discuss how a FIM solution can supplement anti-malware solutions and...

Last time, I spoke with Kim Wong, a woman who recently acquired a cybersecurity role in Britain's financial services industry. This time, I'm honored to speak with Keren Elazari. Not only has she given TED talks but also founded BSidesTLV in Tel Aviv, Israel. We had a wonderful chat! Kimberly Crawley: Please tell me a bit about what you do. KE: I'm...

Graton Resort and Casino has revealed that an instance of "human error" might have exposed the personal information of some of its patrons. According to a "Notice of Data Breach" sent out to affected patrons, casino staff on September 2, 2017, "discovered that certain personal information was inadvertently distributed in a small number of email...

Walk into almost any health care facility in America, and chances are, you’ll find a variety of new technologies that didn’t exist even a decade ago. All of your personal information is now digitized, allowing you to move doctors with little to no delay, the treatment you receive is now faster and more efficient, and even payment options can be done...

October is here once again, and you know what means: National Cyber Security Awareness Month (NCSAM) is back with more advice on how Americans can bolster their digital security. Now in its 14th year, NCSAM 2017 kicks off its first week with STOP. THINK. CONNECT.™. This campaign is relatively straightforward: STOP to make sure security measures are...