We in the infosec community have a terrible habit. We are so overwhelmed with all the “events” that we have to monitor that we forget the most important event might be standing at our desk at any time. Most folks still think of the infosec professional as the introverted “geek” who cannot look another human in the eye and is more comfortable with a...

Quality security training is a costly investment. Multiple-day training sessions are usually required for significant learning topics and are almost exclusively fee-based. And the fees are not the only investment. Key staff must be taken out of the field to attend the course, resulting in opportunity costs and lost work hours. But our adversaries...

A year ago, I wrote an article entitled Starting Your Career In Information Technology. As your career goes on, you may find yourself traveling down different routes than you originally planned. This article is a follow-up, designed to give an idea of what cyber security has become for me after I transitioned to it from networking. To begin, I was...

Foundational Controls may not sound like the sexiest subject in IT but arguably, it’s the most critical – and for good reason. Quite simply, without these fundamental controls in place and knowledge of what is on your network, your organization will find it incredibly difficult to manage a breach and effectively remediate. It’s very much the vogue...

Data breaches remain a constant concern among boards and executives. Part of the reasoning behind this anxiety is the cost of responding to a data breach. Most years, not only does the per capita cost of a record compromised in a breach go up – so, too, does the total organizational cost. For 12 years, Ponemon Institute and IBM Security have been...

A South Korean web hosting company has paid more than one million dollars in ransom after suffering an Erebus ransomware infection. The ransomware, which has been around since September 2016 and reemerged in February 2017, struck NAYANA on 10 June. Those responsible for the attack demanded 550 Bitcoins or approximately US$1.62 million. The web...

We all look forward to summer and its promise of fun-filled vacations. But in our haste to momentarily escape the daily grind, many of us overlook key elements of our digital security. Computer criminals don't take vacations, after all. Digital threats follow us everywhere we go, which is why we can never let our guard down no matter how many sun...

Women and non-males are in various important cybersecurity roles. They're writing secure code, they're researching malware, they're educating end users, they're studying in school, and sometimes they're in important government positions like my last subject, Heather Butler. Gwen Betts' job is a bit different. She approached me on Twitter, telling me...

News travels fast in the information security community, and the combination of politics, cloud and cybersecurity make for a rapidly moving headline. You’ve no doubt read about the disclosure of 198 million records by a political data analytics firm by now. This isn’t a case of malicious hacking, but of misconfiguration. These records were simply...

Phishers are sending Facebook users fake login pages with URLs they've padded with hyphens, a trick which makes the sites look legitimate on mobile devices. The attack works by sending a real, legitimate domain within a larger URL that's fake. For instance, the following link redirects users to a phishing site: hxxp://m.facebook.com---------------...

Cyberattacks in the healthcare industry have been on the rise, the latest being the WannaCry attack that affected 20 percent of NHS facilities in the UK. A study (PDF) by the Ponemon Institute in 2016 revealed that healthcare organizations have experienced approximately one cyberattack every month. Healthcare organizations are a lucrative target...

Digital security threats like ransomware and phishing attacks frequently make headlines these days. One would hope this publicity translates into heightened awareness and more secure behavior online by web users. To test this theory, Wombat Security surveyed more than 2,000 working adults (1,000 in the United States and 1,000 in the United Kingdom)...

A hacker has admitted to stealing hundreds of user accounts from a U.S. military communications system operated by the U.S. Department of Defense (DoD). Sean Caffrey (Source: NCA) Sean Caffrey, 25, of Sutton Coldfield, pleaded guilty to the theft of U.S. military data at the Birmingham Crown Court on...

Cyber crime is no longer the province of the computer super-geek. In fact, it can almost be said to have gone mainstream with exploit lists, downloadable network tools and scripts – even hacking IT support – all available online at bargain prices. As with any threat to our homes and businesses, knowing the nature of the threat we face helps us to...

In May 2017, an updated version of WannaCry ransomware struck a minimum of 200,000 organizations in over 150 countries. It did so by abusing a Windows SMB vulnerability (MS17-010) using exploit code developed by the NSA and leaked online by The Shadow Brokers. As we all know, however, not all attack campaigns automatically exploit vulnerable...

Hackers have reportedly stolen account details for about six million users of CashCrate, a site that pays users for completing surveys online. According to a report by Motherboard, who obtained the database, the compromised data includes users email addresses, names, passwords and physical addresses. “Judging by timestamps in the stolen database,...

An ongoing targeted phishing campaign is making off with industrial companies' money and sensitive corporate information. In October 2016, Kaspersky Lab identified a spike in the number of malware infection attempts received by customers with industrial control systems (ICS) installed. The malware arrives via well crafted phishing messages that...

Don’t think security impacts sales? Think again. A secure web environment ensures the protection of customer data, but it also makes for a fast and optimized website that drives conversions. An unsecured web environment will be slow, frequently unresponsive, and even dangerous. Opening your first online store is an exciting milestone, and security...

TrickBot malware is using a Windows Task named "service update" in an attempt to evade detection and maintain persistence on infected endpoints. The refinement is part of a new wave of phishing emails that distribute the botnet trojan, a threat which shares many characteristics with Dyre. These emails all come with PDF documents containing an...

Today’s VERT Alert addresses the Microsoft June 2017 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-729 on Wednesday, June 14th. In-The-Wild & Disclosed CVEs CVE-2017-8543 According to Microsoft’s Security Guidance, they are aware of in-the-wild exploitation against CVE-2017-8543, a code...