There is some promising news regarding the state of cyber security among financial services organizations. As an industry, risk-averse financial services companies are investing more in cyber security, with a security spending increase of 14 percent. This heightened focus on security might explain why organizations working in financial services...

By now, you understand the importance of integrating multiple threat intelligence feeds into your organization's security infrastructure, cultivating security awareness among employees on an ongoing basis, and creating clearly defined security policies. Those are all crucial steps that go into the planning phase of your organization's endpoint...

In my last blog post, I covered old school hacking from the mid to late 90s, where my experience delved into the realm of hacking for information sharing purposes only. Remember—I never hacked for malicious purposes, but tended to hang more with my local group of like-hackers, where curiosity was always the primary motivator behind breaking into...

The Japanese government has unveiled plans to create a new agency tasked with protecting the country’s critical infrastructure prior to hosting the 2020 Tokyo Olympics. Currently named the “Industrial Cybersecurity Promotion Agency” (ICPA), the envisaged public-private sector body would lead the development of human resources, including recruiting ...

A hacker responsible for the Hacking Team leaks stole approximately US$11,000 in Bitcoin and donated it to an ecological initiative in Syria known as the Rojava Plan. The hacker, who claimed responsibility last June for a data heist against the Italian spyware firm Hacking Team, announced his donation on Twitter in early May. https://twitter.com...

Several days after the Panama Papers leak had echoed in global media as the greatest international tax scandal in history, security analysts confirmed that the heart of the problem lies in security flaws. As revealed by a detailed examination, the compromised law firm Mossack Fonseca used content management and emailing systems, which had dozens of...

Some people really know how to hack – others don't but say they do. In either case, it's important to know your limits so you don't get ahead of yourself. One wannabe hacker didn't follow this advice. Now he's facing decades of jail time for an ill-conceived extortion scheme. On Monday, a federal jury sitting in Nashville found Michael Mancil Brown,...

A security researcher recently discovered a cross-site scripting (XSS) vulnerability in Google by accident. Patrik Fehrenbach explains in a blog post that he came across the flaw after deciding to take advantage of Google Cloud Console's 60-day free trial and test for XSS bugs. XSS flaws come in two types. A bug is 'reflected' if the payload...

The LinkedIn hack of 2012 just got a whole lot worse. If you recall, in 2012 LinkedIn reset users' passwords after hackers broke into the network, stole a database of password hashes, and posted some 6.5 million account credentials on a Russian password forum. LinkedIn was left humbled by the security breach, which revealed that they had not used a...

Very quietly, in 2011, the US Department of Homeland Services published a paper entitled "Enabling Distributed Security in Cyberspace," a paper that was then way ahead of its time. The paper "explores the idea of a healthy, resilient – and fundamentally more secure – cyber ecosystem of the future, in which cyber participants, including cyber devices...

Information security is more than just checking a box. It also includes security awareness, a feature I discussed in my previous article on endpoint detection and response (EDR) which is just as important as the tools, technologies and other solutions an organization uses to strengthen its digital security. To make a difference, security awareness...

A popular underground hacker forum used by cybercriminals to trade and purchase leaked data, stolen credentials and software cracks was recently breached. According to Risk Based Security, hackers leaked a 1.3GB compressed archive containing a massive 9.45GB database file with the details of more than 536,000 Nulled.io user accounts, including...

Silk Road 3.0, the latest iteration of the infamous underground web marketplace, has appeared on the dark web. On Monday, a Reddit user announced the return of Silk Road and said its newest incarnation is being administered by the same person who currently operates Crypto Market, another dark web marketplace. Both portals currently share the same...

If I were a Chess piece to protect my organisation, which piece would I be and why? It’s too easy to choose the big player piece like the King but King’s rule the Kingdom and are protected by those around them, so in my mind, they don’t do very much. So, I choose to be a Knight. In Chess, I like playing the piece. It has so many unique qualities that...

In the first installment of this two-part article series, we took a brief look at the influence of Sun Tzu’s The Art of War and began our exploration of the theme of deception in warfare as it relates to cyber and information security. Let’s move on to another high-level theme running through the text: the importance of agility and variation in...

Our ability to protect our systems from vulnerabilities is often only as good as the information available to us. One source, OVAL definitions, promises to “provide enterprises with accurate, consistent, and actionable information so they may improve their security.” Unfortunately, blindly trusting that this data is accurate could still leave your...

In February 2015, the FBI seized control of computer servers running a child sexual abuse website called Playpen. But rather than shutting down the site immediately, the FBI chose to continue to make the site available, planting software that could collect the real IP and MAC addresses of users. On a regular website that might not be a hard thing to...

Adobe is expected to release a patch for a "critical" vulnerability in Flash Player in its upcoming monthly security update. On Tuesday, the American multinational computer software company released a security advisory for Flash Player. In that bulletin, it discusses the vulnerability CVE-2016-4117. "A critical vulnerability (CVE-2016-4117) exists...

Back in February, Tripwire first unveiled its 2016 Breach Detection Survey. The study evaluated the confidence and efficacy with which IT professionals in the United States could implement seven key security controls: PCI DSS, SOX, NERC CIP, MAS TRM, NIST 800-53, CIS 20 Critical Controls, and IRS 1075. Together, those controls recommend accurate...

You know you're living in interesting times when an app designed to tell you if your iOS device has been jailbroken is outselling the likes of Minecraft and Grand Theft Auto. And that's exactly what a new app called System and Security Info has managed to do, topping the paid apps chart ahead of some of the world's most famous games. ...