Resources

Blog

Shadow IT – How Do You Protect What You Don’t Know You Have?

For a cybersecurity program to succeed, it must identify the assets it aims to protect. Without a clear understanding of its assets, no organization can truly understand the value of its resources, assess the risks they face, or understand how much to spend to secure its infrastructure. Unfortunately, the process of identification is not getting any...
Blog

Cyber Security Risks in the Social World

We’re all fairly knowledgeable about how to deal with security issues for email. We don’t open emails that come from someone we don’t know, for example, and if we do, we’re certainly wary about clicking on links. These same malicious tools can be used with social media posts to infect people’s computers and smart devices. But for some reason, people...
Blog

Phishers Hack Chrome Extension to Push Out Spam

Phishers hacked an extension for Google Chrome and abused their ill-gotten access to push out spam to unsuspecting users. The security incident befell Copyfish, a type of software which allows users to extract text from images, video, and/or PDF documents. Only the program's Chrome extension suffered as a result of the attack. It's Firefox...
Blog

12 Indispensable DevOps Tools for 2017

DevOps is revolutionizing the way enterprises deliver apps to the market. It blends software development and information technology operations, or the processes and services used by IT staff, as well as their internal and external clients to fulfill their business duties. Such a convergence creates an assembly line for the cloud, as Tim Erlin wrote...
Blog

Virgin America Alerts Employees, Contractors of Personal Data Breach

Virgin America has alerted thousands of employees that the company’s systems were breached, leading to the compromise of their personal data. The American airline, which was acquired by Alaska Air in 2016, notified workers via letter, stating that the incident occurred earlier this year. “On March 13, 2017, during security monitoring activities, our...
Blog

Pro Soccer Player's £5M Mansion Raided after Social Media Skiing Post

UPDATED 28/07/17 Thieves raided a professional soccer player's £5 million mansion after he posted to social media a picture of himself on a skiing holiday. Back in February 2017, 36-year-old Ashton Villa defender and former Chelsea captain John Terry shared a picture of himself and with his wife Toni, 35, with his 3.4 million Instagram followers....
Blog

What If Your IoT-Enabled Camera (DSLR) Had Security Protocols?

Have you ever thought about the possibility that your IoT-enabled camera could be controlled by a hacker if you're not careful? Sounds a bit too much, doesn't it? No one could even think of such a thing happening a few years ago. Unfortunately, as more and more IoT-enabled features and offerings have been introduced, the probability of getting them...
Blog

How a Smart Coffee Machine Infected a PLC Monitoring System with Ransomware

Once upon a time, operational technology (OT) enjoyed little-to-no connectivity with the web. Industrial system attack surfaces were quite small, with physical access acting as the overriding attack vector in many security incidents that did occur (including Stuxnet). It was a simpler time. But all that changed with the Industrial Internet of Things...
Blog

Who Is Responsible for Monitoring the Internet and Email Communication? Are Your Communications Secure?

Is the internet monitored, or is it just hanging out there without anyone looking over it? That’s a very good question. The fact is that no one is looking over the internet in a supervisory kind of way aside from governments that may create legislation that has an influence in some way. It is up to individuals, companies and other entities to...
Blog

Cyber Security Heroes Part 4: Per Thorsheim

They say you should never meet your heroes—often they will just disappoint you. But thankfully, there are also exceptions to this rule. In this series, I will be introducing you to five of my key cyber security/infosec heroes. These individuals inspire me to continuously strive for more, with one even motivating me to move across the pond. All five...
Blog

Hackers Stole and Then Dumped $8.4M Worth of Veritaseum Tokens

Hackers stole $8.4 million worth of Veritaseum tokens before dumping all of them just a few hours later. On 24 July, Veritaseum (VERI) founder and American entrepreneur Reggie Middleton confirmed the security incident in a post submitted to Bitcoin Forum: "We were hacked, possibly by a group. The hack seemed to be very sophisticated, but there is...
Blog

NIST SP 800-171 Deadline at End of 2017 - Is Your Organization Ready?

The National Institute of Standards and Technology (NIST) has released Special Publication 800-171. The document covers the protection of Controlled Unclassified Information (CUI) in Nonfederal Information Systems and Organizations. The document was designed to provide guidance on ensuring that all systems that process, store, or transmit CUI...
Blog

Pwning Software-Defined Networking

The progression of virtualization technology has produced a high demand for similar capabilities in network communication. Traditional networking technologies in switching and routing devices provide limited abilities for the virtualization space due to the lack of controlling and tailoring network traffic on virtual machines (VM). Software-defined...
Blog

Phishers Targeting Bank of America Customers' Personal and Financial Data

Phishers are running a scam through a Russian hosting provider that's designed to target Bank of America customers' data. On 21 July, HackRead came across the ploy. Those responsible for the ruse impersonate financial representatives working for the second largest bank in the United States. Under that disguise, the scammers send out emails informing...
Blog

Elastic-ing All the Things at BSidesLV 2017

Take five seconds to think: Which of the two scenarios is the worst as an incident responder? In the first one, you have to analyze terabytes of logs by grepping audits, Windows events, proxy, intrusion prevention systems and mail as you try to pivot, correlate and understand what the heck happened. In the second one, you don't have any logs at all!...
Blog

Trickbot Trojan Found Targeting US Financial Institutions

Security researchers have observed a new, Necurs-powered Trickbot spam campaign targeting international and US-based financial institutions. The notorious banking Trojan has been responsible for man-in-the-browser (MitB) attacks since 2016. Until now, however, the malware’s webinject configuration had only targeted organizations outside of the US....
Blog

Price Comparison Site Fined £80K for Ignoring Customers' Email Opt-Outs

A UK price comparison website must pay an £80,000 fine after it ignored customers' requests to opt out of marketing email blasts. On 20 July, the Information Commissioner's Office (ICO) announced the penalty against Moneysupermarket.com after the business sent out 7.1 million emails over a 10-day period. Those emails included a "Preference Centre...
Blog

Are Bug Bounties a True Safe Harbor?

Security vulnerabilities are becoming the new oil, and the bug bounty economy is booming. As news of cyberattacks and data breaches continue to consume the press, never before has the market for vulnerabilities been so dynamic. “Bug bounty programs,” frameworks where security researchers legally trade previously undiscovered vulnerabilities for...
Blog

Destructive Malware and Interstate Rivalries: The Evolution of Digital Weapons and Geopolitical Conflict

When the details of Crash Override emerged earlier this summer, many argued it would be the wake-up call to finally forewarn of potential digital threats to critical infrastructure. However, when placing last December’s attack on the Ukrainian power grid in a broader context, it quickly becomes apparent that this will likely neither be a wake-up...