In an article we wrote for Tripwire, we discuss the advantages of encryption and tokenization. The premise of our argument is as follows: slow down your adversary by making your data meaningless to them. In other words, make yourself a “goes nowhere” project forcing your adversary to seek out a target that does not cause them the grief you do....

Before we jump in, we need to make clear the following: no single solution will ever offer complete and total security. In fact, even multiple solutions designed to provide overlapping layers of security to your crown jewels will not provide “complete and total” security. But what any reasonably implemented solution should do is the following: slow...

A cyber-attack reportedly set off all 156 emergency sirens across the city of Dallas, Texas, late Friday night. According to reports, the sirens were activated more than a dozen times between approximately 11:45 p.m. and 1:20 a.m. on Saturday until engineers manually shut down the sirens’ radio system and repeaters. Dallas’ siren warning system is...

Payday loan company Wonga has confirmed that a security incident may have affected some of its customers' personal and financial information. The Britain-based lender says it's currently working to notify affected customers that the incident may have compromised their names, e-mail addresses, home addresses, phone numbers, the last four digits of...

As new means consumers and the general public can increasingly use services such as Silent Circle, Talk a Tone, Frogger and Guerrilla Mail, digital forensics experts are being challenged to take a deeper dive into how to obtain information from devices, networks and computers. The more of these types of technologies there are, the more time it takes...

My last series of interviews on women (and non-males) in information security was really popular. I spoke to some amazing minds in the cybersecurity field last fall. As spring arrived, I figured that there are probably a lot more professionals in our field who also have interesting stories to tell. Encouraging more non-males to enter the industry...

Whatever the reason is, ransomware activity skyrocketed last month. An influx of crude, unprofessionally tailored samples bombarded home users and enterprises, sometimes simply destroying data beyond recovery due to broken crypto. Meanwhile, high-profile threats like Spora, Sage, Cerber and Jigsaw became more sophisticated. The statistics for March...

I was fortunate enough to meet the author, Kevin Mitnick, while attending RSA in February. I was given a signed copy of The Art of Invisibility, one of The State Security's must-reads for infosec pros, so I made it a point to read the book. I knew a bit about Kevin’s past and had seen a few of his DEF CON talks, so I had a general idea as to the...

U.S. discount brokerage firm Scottrade has confirmed that a third-party data breach inadvertently exposed 20,000 of its customers' non-public information. On or around 1 April, security researcher Chris Vickery came across a 158.9GB Microsoft SQL database on the web. The database contained loan application information of a B2B unit within Scottrade...

There has been a lot of news recently about the cybersecurity skills shortage. While there is a lot to be concerned about with all of the news about insecure devices and unsecured networks, I am confident that the shortage alarms are more headline-grabbing sensationalism than actual fact. In this two-part article, I will explore the problem of the...

Just like cyber security professionals are constantly looking for ways to develop better and more secure software programs, hackers are always staying on top of the newest updates to overcome the latest defenses. To understand the importance of cyber security and how to stay ahead of hackers, it can be helpful to look at things from the opposite...

Hackers seized every one of a Brazilian bank's 36 domains and leveraged their unauthorized access to push malware onto unsuspecting users. Kaspersky Lab first learned of the attack in October 2016. Researchers Fabio Assolini and Dmitry Bestuzhev at first thought it was just site hijacking. But they soon discovered that the bad actors had seized...

Last week, MIT and its Center for International Studies along with its Internet Policy Research Initiative released a report titled Keeping America Safe: Toward More Secure Networks for Critical Sectors. The report is focused on strategic challenges that are needed to enhance cybersecurity for critical infrastructures and sectors. Moreover, the...

Brute force attacks are mitigated by using 2-factor authentication, which comes in many forms, such as time-based tokens, SMS and push authentication using a cell phone. A new contender has emerged: Universal 2nd factor or U2F. U2F is an authentication standard sponsored by the FIDO Alliance, whose members include the technology industry’s top...

Two security controls, file integrity monitoring (FIM) and security configuration management (SCM), help organizations manage change. The former monitors for unauthorized changes to a system's state, whereas the latter looks for configuration changes that introduce security risk. Both components are crucial to a company's strategy for defending...

Attackers are using drills to physically compromise ATMs so that they can steal thousands of dollars from the financial institutions operating them. In the fall of 2016, a bank client revealed one of their ATMs that attackers had emptied to Kaspersky Lab. The only indication of physical tampering was a golf ball-sized hole someone had drilled into...

In my last post, I briefly summarized the evolution of network security. I will now discuss how network security strategies are no longer meeting the needs of organizations' increasingly complex IT environments. A Different Strategy Technological innovation has changed the nature of the network itself. No longer are employees limited to their...

Sometimes you could be forgiven for thinking that the incessant overuse of the word ‘disruptive’ these days could do with some, well, disrupting of its own. So much is written, presented and marketed around apparently ‘disruptive’ use of technologies like AI, IoT and of course blockchain, when much of it could perhaps be better described as...

You probably remember the massive iCloud breach in 2014 that resulted in compromised celebrity photos spreading through the internet like wildfire. That egregious invasion of privacy caused great embarrassment and damage to the reputations of nearly 100 A-list stars. Fortunately, these bad deeds did not go unpunished. In 2016, two men were brought...

In November 2016, the security community first learned of a series of attacks known as "Shamoon 2." The campaign has launched three waves as of this writing. In the first wave, bad actors infected an organization in Saudi Arabia with Disttrack. This trojan used a wiper component to overwrite protected parts of a system, including the Master Boot...