Resources

Blog

The Next Wave for Cybersecurity Awareness

The annual RSA Conference is a lot of things to a lot of people (43,000 this year!). For me, it’s become an annual opportunity to step out of the stream and to look back at what has happened in the last year and peer forward at what’s to come. This year, I think we have reached an inflection point around the way we as a profession treat the “human...
Blog

TeamSpy Data-Stealing Malware at It Again with New Spam Campaign

Attackers have lots of ways of gaining access to a target's information. One of their preferred attack vectors is exploiting careless end user behavior. This is especially true when it comes to users who don't adequately protect their web accounts. For instance, bad actors targeted users of TeamViewer, software which allows IT professionals to gain...
Blog

The Top 10 US Cities for Information Security Professionals in 2017

A lack of skilled information security professionals poses a threat to most organizations. In Tripwire's 2016 Security Challenge Survey – Skills Gap, 75 percent of IT security professionals said they don't have enough skilled personnel to detect and respond to a breach. Almost the same percentage (66 percent) of respondents reported a dearth of...
Blog

One Million Coachella User Accounts Found For Sale on The Dark Web

Nearly one million user accounts for the Coachella Valley Music and Arts Festival website have been found for sale on the underground marketplace. According to a recent report by Motherboard, the data available for purchase includes email addresses, usernames and hashed passwords. The data trader, who identifies as ‘Berkut,’ wrote on the Tochka...
Blog

Destructive Mac ransomware spread as cracks to pirate commercial software

In their ever-increasing aggressiveness to wring even more money out of victims, it's perhaps no surprise to see some online extortionists creating ransomware targeted against affluent Mac users. The latest example of Mac ransomware, OSX/Filecoder.E, has been discovered by malware analysts at ESET after it was distributed via BitTorrent distribution...
Blog

Malicious Chrome Extension Punishes Users with Tech Support Scam

A malicious Google Chrome extension punishes users who search for certain keywords by redirecting them to a tech support scam. Attackers introduce users to the rogue extension via a malvertising campaign. Most of the time, malicious adverts redirect users to an exploit kit that installs ransomware or other baddies. In this case, the advertisement...
Blog

GDPR and the DPO: Five Things to Know About Your Next Job Vacancy

If the GDPR (General Data Protection Regulation), the EU's data protection harmonisation project, was to become Hollywood movie, its genre would most likely be horror. Focus on the regulation over the past twelve months has been mostly aimed toward its penalties, with scare stories in no short supply. The GDPR has been called many things; visionary,...
Blog

Here's What You Missed at BSidesSF 2017

BSides is known for its collaborative and welcoming environment – something that truly sets it apart from the many other security conferences that are held these days. Today, the conference series has spread all across the world, yet its mission remains the same: to provide an open forum for infosec discussion and debate. Tony Martin-Vegue, a...
Blog

Gordon Ramsay's Father-in-Law Charged with Hacking Chef's Emails

Police have charged Gordon Ramsay's father-in-law and three of his family members with hacking the celebrity chef's emails. On 21 February, the Metropolitan Police announced charges against Chris Hutcherson, 68, along with Adam Hutcheson, Orlanda Butland, and Chris Hutcheson, 37. The four individuals are accused of having violated the Criminal Law...
Blog

The Cost of Stolen Information Available on the Dark Web

Large hacks and cyber-attacks aimed at exploiting information, affecting everyone from major company databases to politician’s email accounts, have now become a common occurrence in our ever-connected world. This hacked information – and the act of accessing it – has rapidly become a sought-after product and service on dark web marketplaces. Coupled...
Blog

A Primer on GDPR: What You Should Know

What is GDPR, when is it coming, and what steps should you take to comply? If you’ve been following the information security news or Twitter feeds, then you’ve no doubt seen the increase in traffic around the General Data Protection Regulation (GDPR). And there’s a good chance you’ve been ignoring it, as well. It’s time to pay attention, for GDPR...
Blog

The "Can You Hear Me" Scam Might Not Be as Serious as It First Appears

Scammers want nothing more than to steal our personal and/or financial information. Towards that end, they've come up numerous ways of tricking us into giving them our details. One particularly persistent method is the Grandma scam. Unlike email-based ploys, the Grandma scam centers around a fraudster who rings up an older individual. They pose as...
Blog

Fraud Forum Administrator Sentenced to Four Years in Prison

A Ukraine citizen will spend close to four years in prison for administering a fraud forum in addition to perpetrating other computer criminal activities. As reported by Brian Krebs, 29-year-old Sergey Vovnenko received a sentence of 41 months in prison on 16 February for wire fraud conspiracy and aggravated identity theft. ...
Blog

Information Technology: Spending Is Investing

As the cloud continues to gain momentum, companies worldwide are increasing their spending towards the IT sector. Traditional IT systems are declining as modern digital technologies like AI and virtual reality are proving to be strong business driving forces. Indeed, the IT sector is being dominated by emerging cloud infrastructure, AI, VR,...
Blog

Rasputin Hacker Uses SQLi to Hack 60 Universities and Government Agencies

A hacker known as Rasputin used SQL injection (SQLi) to breach the databases of over 60 universities and government agencies. The threat actor, a Russian-speaking computer criminal who gained notoriety back in December 2016 for hacking the U.S. Election Assistance Commission (EAC), is targeting universities and government facilities based in the...