I think we are all familiar with the popular axiom, “It’s not IF you get compromised, it’s WHEN you get compromised.” I’m also pretty sure we all know that IT security is no longer viewed purely as an operational concern but as a significant contributor to business risk. As a result of this, IT security is quickly moving up the ladder on the...

The Anti-Phishing Working Group (APWG) says it observed a record-breaking 250 percent surge in phishing attacks between October 2015 and March 2016. According to its latest report, the number of unique phishing websites detected in Q1 totaled 289,371, with more than 123,000 of those sites being discovered in March 2016 alone. APWG says the findings...

Fancy a career as a blackmailing cybercriminal but don't have the technical nous? Don't worry, you can easily find people all too willing to help you embark on your life in cybercrime via popular freelance-hiring websites. And, it seems, you may only need to pay five dollars to get a hacker to launch a debilitating denial-of-service attack against...

Dropbox has responded to security concerns regarding one of its new technology's abilities to obtain kernel access. Back in April, the secure file sharing and storage service announced "Project Infinite," an initiative which will help revolutionize the way Dropbox interfaces with a user's computer. Dropbox software engineer Damien Deville provides...

Back in early February, staff members at a hospital located in southern California began noticing issues in their IT system. The Hollywood Presbyterian Medical Center subsequently launched an investigation and determined that ransomware had infected its computers. To prevent the spread of the infection, the hospital temporarily suspended its IT...

It was philosopher and military strategist Sun Tzu who once wrote that if you know your enemies and know yourself, you will not be imperiled in 100 battles. Though The Art of War was written in ancient China and therefore probably does not refer to the ongoing battle against Distributed Denial of Services (DDoS) attacks, it very well could. After...

Google has announced plans that will help kill off the need for passwords on Android mobile devices. During his Friday talk at Google I/O, an annual software developer conference, Daniel Kaufman of the tech giant's Advanced Technology and Projects (ATAP) division revealed the upcoming roll-out of Trust API. Instead of relying on passwords, Trust API...

Instead of imagining myself as a chess piece, I prefer to try and look at the chess board as a whole and see where the biggest perceived vulnerabilities or weakness lie. Most organisations could be seen as being modelled the same ‘in terms of staff ratio’ to a chess board. Usually, there is only 1 king (CEO), and then the rest of the chess pieces...

Given today's evolving threat landscape, it's understandable that organizations want to take a proactive approach against threats, create an environment of continuous compliance, and have responsive IT operations processes. Organizations want to reduce risk exposure and the attack surface, detect and respond to advanced threats, and drive down...

The Milwaukee Bucks confirmed that a phishing email scam resulted in the NBA franchise disclosing the financial records of the team’s players and staff. In a statement made last week, the team said it has reported the incident to the IRS and the FBI. “On May 16, 2016, we discovered our company was the...

The malware authors behind DMA Locker have outfitted the ransomware with numerous updates that advance its maturity. Malwarebytes researcher Hasherezade explains in a blog post that she first detected the crypto-malware variant back in January of this year. DMA Locker's first iterations were easily decryptable. Additionally, they could work offline,...

There is some promising news regarding the state of cyber security among financial services organizations. As an industry, risk-averse financial services companies are investing more in cyber security, with a security spending increase of 14 percent. This heightened focus on security might explain why organizations working in financial services...

By now, you understand the importance of integrating multiple threat intelligence feeds into your organization's security infrastructure, cultivating security awareness among employees on an ongoing basis, and creating clearly defined security policies. Those are all crucial steps that go into the planning phase of your organization's endpoint...

In my last blog post, I covered old school hacking from the mid to late 90s, where my experience delved into the realm of hacking for information sharing purposes only. Remember—I never hacked for malicious purposes, but tended to hang more with my local group of like-hackers, where curiosity was always the primary motivator behind breaking into...

The Japanese government has unveiled plans to create a new agency tasked with protecting the country’s critical infrastructure prior to hosting the 2020 Tokyo Olympics. Currently named the “Industrial Cybersecurity Promotion Agency” (ICPA), the envisaged public-private sector body would lead the development of human resources, including recruiting ...

A hacker responsible for the Hacking Team leaks stole approximately US$11,000 in Bitcoin and donated it to an ecological initiative in Syria known as the Rojava Plan. The hacker, who claimed responsibility last June for a data heist against the Italian spyware firm Hacking Team, announced his donation on Twitter in early May. https://twitter.com...

Several days after the Panama Papers leak had echoed in global media as the greatest international tax scandal in history, security analysts confirmed that the heart of the problem lies in security flaws. As revealed by a detailed examination, the compromised law firm Mossack Fonseca used content management and emailing systems, which had dozens of...

Some people really know how to hack – others don't but say they do. In either case, it's important to know your limits so you don't get ahead of yourself. One wannabe hacker didn't follow this advice. Now he's facing decades of jail time for an ill-conceived extortion scheme. On Monday, a federal jury sitting in Nashville found Michael Mancil Brown,...

A security researcher recently discovered a cross-site scripting (XSS) vulnerability in Google by accident. Patrik Fehrenbach explains in a blog post that he came across the flaw after deciding to take advantage of Google Cloud Console's 60-day free trial and test for XSS bugs. XSS flaws come in two types. A bug is 'reflected' if the payload...

The LinkedIn hack of 2012 just got a whole lot worse. If you recall, in 2012 LinkedIn reset users' passwords after hackers broke into the network, stole a database of password hashes, and posted some 6.5 million account credentials on a Russian password forum. LinkedIn was left humbled by the security breach, which revealed that they had not used a...