Resources

Blog

Smominru! Half a million PCs hit by cryptomining botnet

Why go to all the bother of writing ransomware that demands victims pay a Bitcoin ransom? If all you want is cryptocurrency, why not use the infected computers to mine the crypto coins themselves? That way you don't have to rely on a human victim buying some Bitcoin, and nervously making their way onto the dark web to make their ransom payment....
Blog

Survey: How Well Will Organizations Respond To The Next Data Breach?

The European Union's General Data Protection Regulation (GDPR) goes into effect this May, and lawmakers in the U.S. are proposing stricter data breach legislation. With the pressure on to better protect data and improve notification procedures in the event of a data breach, Tripwire surveyed 406 cybersecurity professionals to see how prepared...
Blog

Is Your Financial Data Protected?

Security breaches are becoming more common. They occur most often in the United States (followed by the UK), exposing businesses and their customers to significant risks. Most recently, in December 2017, Kromtech uncovered a breach at Ai.Type with 577GB of data stolen. It's possible the incident exposed the information of 31 million customers. And...
Blog

Man Arrested for Allegedly Hacking Car-Sharing Company Database

Australian law enforcement officers have arrested a man for allegedly hacking the company database of a car-sharing service. On 30 January, investigators of Strike Force Artsy, a division of the State Crime Command’s Cybercrime Squad, executed a search warrant at a home in Penrose. Officers arrested a 37-year-old man and charged him with two counts...
Blog

The Cyber Law of War

A recent article in the New York Times postulated America may choose to respond to a devastating cyberattack with a nuclear response. In November of 2017, a widely viewed social media video entitled Slaughterbots suggested “swarms of AI-controlled drones [could] carry out strikes on thousands of unprepared victims with targeted precision.” Both of...
Blog

Cisco Fixes 10.0 CVSS-Scored RCE Bug Affecting Its ASA Software

Cisco has patched a remote code execution (RCE) vulnerability bearing a "perfect" CVSS score of 10.0 that affects its Adaptive Security Appliance (ASA) software. On 29 January, the American multinational technology conglomerate publicly recognized the security issue (CVE-2018-0101) and revealed that it affects the ASA software found in the following...
Blog

Study: Alarming Number of Fortune 500 Credentials Found in Data Leaks

Data breaches are common in the news lately, but a recent study by credential monitoring firm VeriClouds focuses specifically on the credentials of Fortune 500 employees found in account leaks posted online. Using a corpus of 8 billion stolen credentials gathered over three years, the total number of employees of each Fortune 500 company was...
Blog

Locations of Military Bases Inadvertently Exposed by Fitness Tracker Users

Users of a fitness tracking app have inadvertently exposed the locations of military bases by publicly sharing their jogging/cycling routes. Many service people who use Strava, an app which allows them to record their exercise activity using GPS plotting, are sharing their data publicly. Their movements have ended up in Strava Labs' Global Heatmap...
Blog

Adoption of the Public Cloud in the Financial Services Industry

Cloud computing is not a new name anymore, and its adoption is growing consistently across various industries. Public cloud is a disruptive technology, irresistible to the Financial Services Industry (FSI) due to its tremendous benefits, including agility, elasticity, time to market and on-demand provisioning, to name a few. However, there are...
Blog

15 Million People Worldwide Affected by a Single Monero Mining Operation

A single Monero cryptocurrency mining operation has used malware delivery techniques to affect at least 15 million people worldwide. The campaign, which has been active since at least October 2017, delivers its payload using one of 250 unique Microsoft Preinstallation Environment (PE) files like "File4org]_421064.exe" and "[Dropmefiles]_420549.exe."...
Blog

Reddit rolls out 2FA to all its users

Reddit, the so-called "front page of the internet", has some important news for its 250 million registered users. You can now secure your Reddit account with two-factor authentication (2FA). The additional layer of security has been rolled out as an option to all users following months of beta-testing. To enable the feature, Reddit users must access...
Blog

Data Privacy Day: Expert Advice to Help Keep Your Data Private

Data Privacy Day began in the USA in 2008 as an extension of Data Protection Day in Europe. Since then, The National Cyber Security Alliance (NCSA) has led this international effort, which is held annually on January 28 to help create awareness about the importance of safeguarding data, respecting privacy, and enabling trust. In our efforts to help...
Blog

Adapting Security Communication to Different Audiences

Especially in recent weeks and months, information security has become an issue of interest to a lot of different people. Over the last several years, more people have started paying attention to infosec issues, which means the audience of infosec communication has drastically grown and changed. Effective communication is audience-dependent. You...
Blog

Engineering Firm Pays $1.3K after Ransomware Affects Servers, Backups

An engineering firm has paid attackers $1,300 after ransomware encrypted its servers along with its data backup system. The infection occurred when bad actors targeted DGH Engineering Ltd. with a malicious email. An employee at the firm clicked on a clink contained therein. This action paved the way for crypto-ransomware to encrypt the company's...