Resources

Blog

How to Make the Most Out of Your Threat Intelligence Program

Organizations face a constant barrage of digital threats. To mitigate the risk of an attack, IT staff need to continually protect all of an organization's endpoints, such as by creating patching schedules and by hardening vulnerable devices. Unfortunately, protection has its limitations. Security personnel can harden a device or implement a patch...
Blog

Re-Examining Identity & Access Management (IAM)

There is a lot security professionals disagree on when it comes to Identity & Access Management (IAM). One thing most would agree on though is that IAM means many things to many people, and has been shaped more by vendor product boundaries over the years than by overarching architectures, processes and governance. The basic term “Identity Management...
Blog

Takeaways from the 2016 Verizon Data Breach Investigations Report

2016 marks the ninth year Verizon has published its annual Data Breach Investigations Report (DBIR). Once again, organizations sent their data on thousands of security incidents and data breaches to Verizon, whose researchers analyzed that information to highlight new patterns, steady trends, and interesting tidbits in the evolving digital threat...
Blog

Hacking Competition Challenged UK Cyber Security Students

A recent hacking competition challenged teams of cyber security students from some of the United Kingdom's top universities. On Saturday, April 23, the University of Cambridge hosted the Inter-ACE Cyberchallenge 2016, a two-competition ethical hacking event between the UK Academic Centres of Excellence in Cyber Security Research. Dr. Frank Stajano,...
Blog

Decryption Tool Released for CryptXXX Ransomware

Researchers have developed a utility that allows victims affected by CryptXXX ransomware to decrypt their files for free. CryptXXX is one the newest crypto-ransomware samples to be observed in the wild. It is being delivered to users as a Dynamic-Link Library (DLL) dropped by Bedep, a piece of malware which has the ability to download additional...
Blog

Defining Your Security Policy: A Healthcare Perspective

The healthcare landscape has many challenges – security being at the forefront. Ransomware attacks grow increasingly rampant with each day and healthcare is the perfect target due to hospitals relying on antiquated technology that alerts them only after the infection occurs. Cybercriminals are always on the forefront and looking at innovative ways...
Blog

Shopware Patches 'Critical' Remote Code Execution Bug

Shopware has patched a 'critical' remote code execution bug that affects the functions of both the shop and the overall system. According to a thread posted on Bugtraq, David Vieira-Kurz, a security engineer at Immobilien Scout GmbH, found that the script located at "/backend/Login/load" in Shopware's eCommerce platform is susceptible to remote code...
Blog

4 Key Steps to Securing Your Endpoints

As I discussed in last week's post, smartphones, tablets, desktops, industrial equipment, servers and other technologies that connect to a corporate network are considered endpoints. Unfortunately, bad actors can abuse those devices and their network access to attack an organization. That is why IT staff need to protect as many of their company's...
Blog

SWIFT Software Hacked in Bangladesh Bank Heist, Find Researchers

Researchers have determined that those who stole approximately $81 million from the Bangladesh Bank most likely did so by hacking into SWIFT's client software. SWIFT, or the Society for Worldwide Interbank Financial Telecommunications, provides banks and other organizations with secure messaging services. According to its 2015 traffic, more than 11...
Blog

MazarBOT Android Malware Distributed via SMS Spoofing Campaign

In the fall of 2015, Heimdal Security detected a post-office email scam targeting unsuspecting Danish users. The campaign sent out fake emails purporting to originate from PostNord and Post Denmark. When clicked on, the infected emails downloaded Cryptolocker2 ransomware onto users' machines. Several months later, Heimdal has now spotted another...
Blog

Two-Factor Authentication Coming to PlayStation Network, Confirms Sony

According to reports, Sony will soon be introducing two-factor authentication to its popular gaming platform, the PlayStation Network. Although the company has yet to make an official announcement, Sony confirmed to the gaming news website Polygon that the security feature was in the works. "In order to further safeguard our users and their...
Blog

Half of Companies Not Confident in Security of Partners and Suppliers, Reveals Survey

By now, almost everyone knows what happened during the Target breach. In the late fall of 2013, a group of attackers uploaded card-stealing malware to a small number of point-of-sale (POS) terminals in the retailer's stores. That malware ultimately compromised some 40 million debit and credit card accounts over the span of about two weeks. In the...
Blog

MIT Introduces Bug Bounty Program

The Massachusetts Institute of Technology (MIT), famed as one of the top tech schools in the country, introduced an “experimental” bug bounty program this week. The private, Cambridge-based research university is among the first academic institutions to announce a program designed to encourage finding...
Blog

Are you Safe From Ransomware?

2016 is shaping up to be the year of ransomware. Cyber-attacks are on the rise, with companies losing control of their critical assets. And the problem isn’t going away. Could your company fall victim to these malicious attacks? Everyone is vulnerable, but the good news is that there are simple steps you can take today using security tools you already...
Blog

Just When You Thought It Was Safe to Step Away from Social Media

Many of my friends having been dropping off the social media spectrum lately. Some have gone so far as to deactivate their social media accounts. They all have good reasons, and in some cases, I see them spending their time much more productively without worrying about the constant distraction of online socializing. None of them have received a...