While attending the RSA show in February, I met Kevin (@KevinMitnick) and obtained a copy of The Art of Invisibility, which I immediately read. Due to the great many references to Kevin’s past, I thought it would be informative and worthwhile to read Ghost in the Wires. It’s also listed on the Tripwire 10 must-read books for information security...

Anthem has agreed to pay $115 million to settle a class-action lawsuit over the 2015 data breach that compromised the personal information of nearly 80 million customers. If approved, the proposed settlement – which will be heard in a federal court next month – would be the largest ever in regards to data theft. The funds would be used to provide at...

Koler ransomware is masquerading as fake adult-themed apps to infect unsuspecting Android users based in the United States. An infection begins when a user visits a suspicious adult-themed website. The attack campaign says the user must download an app for a popular adult site to view their desired content. But the app is a fake. Catalin Cimpanu of...

Today, the major threats facing every nation in the world are digital in nature. In response, most – if not all – countries implement serious measures to counter these threats and enhance the overall security of their networks. As such, securing cyberspace is a high priority today for every country’s administration, but not all of them. Some are...

It's no secret attackers used insufficient IoT security to their advantage in 2016. Who can forget October 21? On that day, multiple distributed denial-of-service (DDoS) attacks struck the internet performance management company Dyn, a multi-pronged offensive which caused Etsy, Spotify, Twitter and other large web services to suffer connectivity...

Virgin Media is advising 800,000 of its customers to change their router passwords over the fear that attackers could easily hack their devices. On 23 June 2017, consumer choice advocacy organization Which? published the results of an investigation it conducted to analyze the security of connected devices in the home. It set up wireless cameras, a...

In April 2016, the government of Australia forwarded a cyber security strategy proposal to solidify its cyber space and fend off the increasing digital threats hurled by enemy states, cybercriminal organizations, and amateur opportunists. In the digital age where cyber-attacks are increasing every year, it is imperative that we have a stringent...

A New York Supreme Court judge has lost more than one million dollars to scammers after responding to an email she thought she received from her attorney. On 16 June 2017, acting State Supreme Court Justice Lori Sattler, 51, contacted law enforcement about an incident that transpired earlier in the month. At the time, Justice Sattler was in the...

It has been revealed that 55 traffic and speed cameras in the state of Victoria, Australia, have been accidentally infected with the WannaCry ransomware that struck organisations hard around the world last month. Local radio station 3AW broke the news, after receiving a tip from a listener that the highway and intersection cameras operated by...

We in the infosec community have a terrible habit. We are so overwhelmed with all the “events” that we have to monitor that we forget the most important event might be standing at our desk at any time. Most folks still think of the infosec professional as the introverted “geek” who cannot look another human in the eye and is more comfortable with a...

Quality security training is a costly investment. Multiple-day training sessions are usually required for significant learning topics and are almost exclusively fee-based. And the fees are not the only investment. Key staff must be taken out of the field to attend the course, resulting in opportunity costs and lost work hours. But our adversaries...

A year ago, I wrote an article entitled Starting Your Career In Information Technology. As your career goes on, you may find yourself traveling down different routes than you originally planned. This article is a follow-up, designed to give an idea of what cyber security has become for me after I transitioned to it from networking. To begin, I was...

Foundational Controls may not sound like the sexiest subject in IT but arguably, it’s the most critical – and for good reason. Quite simply, without these fundamental controls in place and knowledge of what is on your network, your organization will find it incredibly difficult to manage a breach and effectively remediate. It’s very much the vogue...

Data breaches remain a constant concern among boards and executives. Part of the reasoning behind this anxiety is the cost of responding to a data breach. Most years, not only does the per capita cost of a record compromised in a breach go up – so, too, does the total organizational cost. For 12 years, Ponemon Institute and IBM Security have been...

A South Korean web hosting company has paid more than one million dollars in ransom after suffering an Erebus ransomware infection. The ransomware, which has been around since September 2016 and reemerged in February 2017, struck NAYANA on 10 June. Those responsible for the attack demanded 550 Bitcoins or approximately US$1.62 million. The web...

We all look forward to summer and its promise of fun-filled vacations. But in our haste to momentarily escape the daily grind, many of us overlook key elements of our digital security. Computer criminals don't take vacations, after all. Digital threats follow us everywhere we go, which is why we can never let our guard down no matter how many sun...

Women and non-males are in various important cybersecurity roles. They're writing secure code, they're researching malware, they're educating end users, they're studying in school, and sometimes they're in important government positions like my last subject, Heather Butler. Gwen Betts' job is a bit different. She approached me on Twitter, telling me...

News travels fast in the information security community, and the combination of politics, cloud and cybersecurity make for a rapidly moving headline. You’ve no doubt read about the disclosure of 198 million records by a political data analytics firm by now. This isn’t a case of malicious hacking, but of misconfiguration. These records were simply...

Phishers are sending Facebook users fake login pages with URLs they've padded with hyphens, a trick which makes the sites look legitimate on mobile devices. The attack works by sending a real, legitimate domain within a larger URL that's fake. For instance, the following link redirects users to a phishing site: hxxp://m.facebook.com---------------...

Cyberattacks in the healthcare industry have been on the rise, the latest being the WannaCry attack that affected 20 percent of NHS facilities in the UK. A study (PDF) by the Ponemon Institute in 2016 revealed that healthcare organizations have experienced approximately one cyberattack every month. Healthcare organizations are a lucrative target...