If you are one of those enthusiastic and adventurous entrepreneurs who are on the verge of launching your own online business, here's an important question for you: have you secured your start-up enough so that it can battle the security threats of today? If you haven't, now is the time to do so. In this blog, let's take a look at some of the...

Ransomware attackers demanded $19,000 from a California school district for a decryption key that would unlock its encrypted data. Over the weekend of 16 September 2017, an unknown group of actors gave a $19,000 ultimatum to the San Ysidro School District, a public school district located in San Diego County, California. The demand followed a...

The demand for security auditing has shown its ugly head and now demands respect. Recent, well-documented events provide an image of why security auditing is necessary. If security audits had been carried out, and management had confirmed the results and taken action, some of these organizations might not be in the current predicament they are in....

When I got an email giving me the opportunity to work as an intern for Tripwire, I jumped at the chance. I have always been intrigued by the world of cybersecurity and ethical hacking, so this internship truly struck home. The internship started with going through the 2017 Verizon Data Breach Investigation Report (DBIR) over the summer. The goal was...

A medical center offering oral surgery services has notified 128,000 patients of a ransomware attack that might have exposed their information. On 24 September 2017, Arkansas Oral & Facial Surgery Center sent out breach notification letters to affected patients. Those letters reveal that the medical center detected the ransomware attack back on 26...

Europol, the European Union's police agency, has warned of the significantly rising threat posed by ransomware. As Associated Press reports, delegates at an international conference were told by Europol Executive Director Rob Wainwright that ransomware had taken the cybercrime threat to "another level." An 80-page report published by the agency...

Cybersecurity has one of the largest skill gaps of all critical infrastructure fields, with more than 3.5 million job openings estimated by 2021. While this is potentially disconcerting in light of the major security breaches that now occur with regularity, it's also positive for aspiring cybersecurity professionals. It's really an employee's (or...

In 2016, I shared just a few of the exciting presentations planned for the Retail Cyber Intelligence Sharing Center's (R-CISC) inaugural Retail Cyber Intelligence Summit. The event brought together CISOs and their IT security teams from the retail and consumer services industries in North American. For two days, these notable attendees shared best...

The learning website of an Irish teachers' union has suffered a breach that might have exposed some members' personal information. On 11 September 2017, the Irish National Teachers' Organization (INTO), one of Ireland's oldest and largest teachers' trade unions, announced a security incident involving unauthorized access of its Learning website....

BULLETIN CVE S2-052 Apache Struts REST Plugin Java Deserialization Vulnerability CVE-2017-9805 Oracle Security Alert Advisory - CVE-2017-9805 CVE-2017-9805 Microsoft 2017-September Developer Tools Vulnerabilities CVE-2017-8759 Microsoft 2017-September Browser Vulnerabilities CVE-2017...

Ask healthcare IT professionals where the sensitive data resides, and most will inevitably direct your attention to a hardened server or database with large amounts of protected health information (PHI). Fortunately, there is likely nothing wrong with the data at that point in its lifetime. But how did those bits and bytes of healthcare data get to...

In today’s rapid technological evolution, information from particular sources can be easily accessed, copied and shared out to a larger audience. If an organization fails to complete its basic role of being a guardian of the confidential business information within the company, it could convey unfavorable effects for business’ stability and...

A new variant of the BankBot malware family is exclusively targeting Google Play in a bid to steal Android users' credit card details. Infection begins when an unsuspecting user downloads Jewels Star Classic, a mobile game created by a developer named "GameDevTony." Upon successful installation, the app's malicious functionality waits 20 minutes...

Over 10 billion transactions are performed every year at ATMs, and there are over 425,000 of these cash-dispensing machines throughout the U.S. for a total of 3,000,000 used globally. ATMs hold anywhere from $3,000 to upwards of $100,000 per machine, so they naturally become a prime target for thieves. Physically breaking open an ATM is not trivial,...

Last week, I spoke with Candy Alexander. An attack by the famous Kevin Mitnick started her cybersecurity career! This time, I had the pleasure of interviewing Kim Wong. She recently started in a cybersecurity role in the UK's financial services industry. Kim Crawley: Tell me a bit about what you do. Kim Wong: I’m a security analyst in the cyber...

Have you seen the stories about the warrantless devices searches by various border agents? It seems that many folks have had their cell phones confiscated (sometimes forcibly) in order to protect the borders as people travel into the United States. Many of the folks subject to these searches are American citizens, some of whom work for the...

It’s not about whether you implement foundational controls but about how well you do it. Only when excellence in the essentials of security and compliance are achieved, will an organization be able to have confidence that it is able to mitigate most cyber threats. We as cyber-defenders have an embarrassing problem. We are routinely susceptible to...

The Security Exchange Commission (SEC) announced on Wednesday that its EDGAR database was compromised in 2016. This database stores non-public information on businesses, such as quarterly earnings, and statements on merger and acquisition dealings. According to the agency, the compromise was due to a software vulnerability being exploited on its...

A threat actor known as APT33 is actively targeting organizations in the aerospace and energy sectors with spear phishing campaigns. Between mid-2016 and early 2017, the suspected Iranian digital espionage group attacked a U.S. organization in the aerospace sector, a Saudi Arabian conglomerate with aviation holdings, and a South Korean company known...

In September 2017, I created a list of 10 essential bug bounty programs for 2017. Readers with a keen eye for detail might have noticed that nearly half of the companies included in that catalog host their vulnerability research programs, otherwise known as vulnerability disclosure programs and responsible disclosure programs, through HackerOne. A...