Resources

Blog

Data Breach Via Unencrypted Laptop Strikes U.S. Healthworks

U.S. Healthworks, an urgent care and occupational health service provider, has begun notifying patients of a possible data breach after an unencrypted laptop issued to one of its employees was stolen. According to the company's breach notification letter: "On April 22, 2015, we learned that a laptop issued to one of our employees had been stolen...
Blog

Radio Killed the Security of Things: RF Jammers & Crime

We hear a lot about the Internet of Things, where devices are increasingly connecting to the Internet. However, in addition to these devices being connected to the Internet, they are also increasingly connecting to each other or controlled using various radio frequencies. These radio frequencies often use proprietary or insecure protocols and often...
Blog

A Look at the Real Social Engineers

Since the very first day I started working in the information security industry, I have found everything to be just so interesting and fascinating. The fire inside me I have for knowledge has been doused in petrol by stories of complex crimes, and this has educated me and forced me in to some real life studies. Over the years, I have delved quite...
Blog

Top Phishing Targets Account For Over 75% of Attacks, Survey Finds

A recent report detailing the latest trends in phishing attacks revealed that the top 10 targets suffered more than three-quarters of all phishing attacks observed worldwide. The study (PDF), conducted by the Anti-Phishing Working Group (APWG), examined all phishing attacks detected in the second half of 2014, including data from several phishing...
Blog

Prioritizing Patches: A Risk-Based Approach

It’s been a tough few weeks for those of us that are responsible for patching vulnerabilities in the companies we work at. Not only do we have the usual operating system and application patches, we also have patches for VENOM and Logjam to contend with. The two aforementioned vulnerabilities are pretty serious and deserve extra attention. But, where...
Blog

Nine Reasons There Should Be No Bulk Phone Metadata Collection

Section 215 of the USA PATRIOT Act will expire on June 1, 2015, unless congress extends it. It is important to note that this is NOT the entire USA Patriot Act as many politicians have claimed with their fearmongering. Section 215 needs to expire if we want to protect our privacy rights, and to support international business growth; our national...
Blog

Attacker Used Hola Free VPN as Denial of Service Botnet

An anonymous message board was the alleged target of several denial of service (DoS) attacks launched by the free VPN service Hola earlier this week. Israeli-based Hola is one of the most popular free virtual private network (VPN) providers today. It boasts seven million users of its Chrome extension alone. However, according to Frederick Brennan,...
Blog

Wifiphisher: Automating Phishing Attacks Against WiFi Networks

Although wireless communication technologies have matured to a great extent, their related communication protocols and stack implementations are still encumbered by a number of well known security problems. WiFi (802.11) management packets are not cryptographically protected against eavesdropping, modification or replay attacks. WEP, WPA and WPA2...
Blog

Yahoo to Face Privacy Class-Action Lawsuit Over Scanned Emails

A judge has ordered Yahoo, Inc. to face a class action lawsuit alleging that the company violated users’ privacy by scanning email messages for advertising purposes. In her 44-page decision, Judge Lucy Koh of the US District Court of Northern California explains that Yahoo is alleged to have scanned the contents of messages sent to Yahoo! Mail...
Blog

Cyber Security Skills: The Hot New Must-Have IT Skill Set

Those in the IT world are always looking to develop the right skill sets that will help them get noticed above their competition. Considering how quickly technology changes, possessing a highly-desired set of skills can lead to better jobs and higher wages. Trends, of course, come and go, and keeping up with what is currently the most in-demand...
Blog

Tripwire VERT Capture the Flag: Official Summary, Part 1

I’m happy to report that the first ever Tripwire VERT capture the flag contest was a huge success. With competitors registered from across the globe, our vulnerable application saw thousands of connections coming from dozens of unique addresses along with a non-stop flood of flags, questions,and...
Blog

Digital Forensics and the Futuristic Scene-of-Crime

Over the years, I have written multiple articles on the subject of digital or cyber forensics and the importance it serves in supporting the modern world with regards to corporate and government incident response, first responder engagements, and more general aspects of scene-of-crime management in the digital age. Before we get into the detail,...
Blog

Rombertik: A Master of Evasive Malware Techniques

Earlier this month, several media outlets ran a story claiming that a new type of malware could be used to destroy victims’ computers. These stories might have fared well in views, but their fear, uncertainty, and doubt (FUD) have proven useful to no one. Fortunately, a number of security experts including Graham Cluley were quick to correct the...
Blog

IRS Confirms Data Breach of 100,000 Tax Accounts

The Internal Revenue Service has confirmed a data breach of 100,000 taxpayers' account information. According to a statement posted on the IRS website, criminals allegedly used sensitive information stolen from non-IRS sources to gain unauthorized access to taxpayers' accounts. To access the site, the criminals made use of stolen Social Security...
Blog

Mobile Banking Security Concerns on the Rise for Financial Institutions

It's been almost a year since what some analysts consider the first successful major threat to mobile banking, known as Svpeng, hit the United States. Spreading via a text message campaign, the Svpeng malware went after Android phones. While Svpeng didn’t steal mobile banking credentials, it did detect the presence of certain mobile banking apps and...
Blog

Scareware Minecraft Apps Downloaded by Millions of Android Users

A security firm has revealed that upwards of 2.8 million users have downloaded scareware masquerading as legitimate Minecraft apps off of Google Play Store. According to a blog post written by Lukas Stefanko, a Malware Researcher for ESET, 30 malicious applications pretending to be cheats for the popular computer game wereuploaded to Google Play...