The challenges facing security professionals certainly aren’t getting any easier – nor are they likely to do so anytime soon. Not only are the skills and knowledge that we need to operate evolving at an ever-relentless pace but also rapidly diversifying far beyond the familiar technical and governance areas we have been used to. When it seems that...

Demonstrating to employees that security is there to make their life easier, not harder, is the first step in developing a sound security culture. But before we discuss the actual steps to improve it, let’s first understand the root causes of a poor security culture. Security professionals must understand that bad habits and behaviours tend to be...

It's no secret the security community is witnessing a boom in sophisticated techniques and attack campaigns. Some of the most advanced threats circulating in the wild today leverage polymorphic malware that changes its form based upon the environment in which it activates. As a result, signature-based detection solutions have a difficult time...

You, a creative entrepreneur with a great idea, finally launch a business. As a startup, having your own website is essential in conducting business. Startups must always take extra precaution when it comes to their web security. Because startups are the perfect targets for hackers, your website should be protected as soon as it is ready to go live....

PlayStation and PSP owners can now add an extra layer of security to their accounts by enabling two-factor authentication (2FA), announced the electronics and gaming company on Wednesday. Users who choose to activate the additional security feature will sign in to their accounts using their passwords,...

The Government Savings Bank (GSB) of Thailand shut down nearly half of its ATMs following a malware attack that cost it 12 million baht, or about $378,000. On 23 August, GSB shut down approximately 47 percent of its ATM network when it disabled service to approximately 3,300 of its 7,000 machines....

This year, I was fortunate enough to attend the DEF CON 24 security conference, one of The State of Security's top 11 infosec conferences, which took place August 4-7, 2016, at Paris and Bally's in Las Vegas. Here's a summary of my experience. Cyber Grand Challenge An interesting addition to the unofficial first day of DEF CON this year was the...

No one today is immune to the cybersecurity talent shortage. Whether you’re a company or individual, you feel the pain of a shortage of good IT security staff members. Companies feel the pain of trying to maintain an adequate staff, who need to be educated enough to maintain the company's environment and to avoid the risk of breaches and regulatory...

American video game development company Epic Games has announced someone hacked its forums, making it twice in one year. On 22 August, the Cary-based organization disclosed the breach on its website: "We believe a recent Unreal Engine and Unreal Tournament forum compromise revealed email addresses and other data entered into the forums, but no...

We are moving into an era of inter-connectivity with billions of devices, including a previously disconnected industry of automotive vehicles. Vehicles were not designed with computer security in mind, and that worked just fine for the last few decades. However, now we are at a point where we can take an "unhackable" 1997 Honda Civic and add in a...

Security configuration management (SCM) is central to an endpoint detection and response (EDR) strategy. It allows organizations to keep track of changes to their network devices, including those implemented by an unauthorized actor. As I discuss in another blog post, one of the most important features of an SCM program is the creation of a "secure...

A teenager received no prison time after launching a distributed denial-of-service (DDoS) attack against an Australian bank, among other targets. The 15-year-old boy, who by state law cannot have his name identified, admitted in court he had some fun and satisfied his curiosity when he DDoSed the online banking portal for the Commonwealth Bank of...

Torrenting is usually associated with copyright infringement. Online pirates use torrents to illegally download movies, video games, music, software, and much more. Even before Netflix banned the use of VPNs to watch movies and TV shows, many resorted to torrents to pirate video. But as authorities crack down on torrent trackers and users, demand...

Incorporating security activities into the natural workflow of productive tasks makes it easier for people to adopt new technologies and ways of working, but it’s not necessarily enough to guarantee that you’ll be able to solve a particular security-usability issue. The reason for this is that such problems can be categorised as wicked. Rittel and...

Eddie Bauer LLC, which manages the Eddie Bauer clothing line, is just the latest company to issue a notice warning customers of a data breach. On 5 July, 2016, infosec journalist Brian Krebs reached out to Eddie Bauer. Sources had told him about a pattern of fraud with customers who had used their...

Industrial control system (ICS) security is a growing concern for organizations around the world. On the one hand, research suggests that vulnerabilities and exposures are increasingly jeopardizing the security of ICS assets. In their report Overload: Critical Lessons from 15 Years of ICS Vulnerabilities, the FireEye iSIGHT threat intelligence team...

If you speak to most experts in the field, they'll agree on at least one thing: computer security isn't really a technological problem. Although the right software and hardware can help reduce the online threats your company might face, ultimately IT security is a human problem. And humans, as we all know from personal experience, aren't perfect and...

Cisco has confirmed the legitimacy of two exploits found in a data dump of code released by the Shadow Brokers hacker group. On 13 August, the mysterious hacking group announced an auction of files allegedly containing exploit code used by the Equation Group, a sophisticated threat actor which leverages unknown vulnerabilities in multiple vendor...

Nowadays, the word “hacker” carries an overwhelmingly negative connotation, conjuring up images of digital thieves intent on stealing identities and letting disruptive viruses loose into cyberspace. It wasn’t always that way. In fact, computer hackers were originally viewed by society as technology enthusiasts who wanted nothing more than to...

The United States Department of Energy (DOE) has awarded $34 million in funding for projects aimed to protect the U.S. power grid against digital attacks. The 12 projects are still waiting congressional approval. If given the green light, they will proceed across nine states through the Energy Reliability’s Cybersecurity of Energy Delivery Systems ...