Blog

Blog

BSidesLV Preview: Your Taxes are Being Leaked

Even if you don’t store your tax data in financial software yourself, chances are your CPA or tax preparer does. Have you ever wondered what kind of software or security procedures your trusted advisor has in place to protect your name, address, W-2, tax filings, or Social Security Number? Better yet, have you audited them? I have, and you won’t...
Blog

Women in Information Security: Jessica Hebenstreit

Last time, I had the pleasure of speaking with Roxy Dee. Her expertise is in vulnerability management, and she also loves to pay it forward by giving away books to her lucky Twitter followers. This time I got to speak with Jessica Hebenstreit. She’s worn an awful lot of hats in the cybersecurity field, and now she’s a senior security consultant. She...
Blog

8 Insights on the Future of Ransomware

1. Is ransomware as big a threat as the media claims it is? Ransomware is a variant of malware that we are seeing as the next wave of quick compromise attacks. What that means is quick entry and quick exit. No longer do the bad guys need to hover around on networked devices and perform complicated breaches only to get sensitive information or data....
Blog

Communication: A Significant Cultural Change for Embracing DevOps

Organizations can reap huge rewards by switching to a DevOps software development model. Some enterprises don't know how to make the change. Recognizing that fact, I've spent the past few weeks discussing the benefits of a DevOps model, outlining how organizations can plan their transition, identifying common problems that companies commonly...
Blog

The UK’s Minimum Cyber Security Standard: What You Need to Know

In June 2018, the UK Government, in collaboration with NCSC (National Cyber Security Centre), produced a new security standard that all Government “Departments,” including organisations, agencies, arm’s length bodies, and contractors must adhere to without exception. These measures will continue to increase over time in order to ‘address new threats or classes of vulnerabilities’ and to ...
Blog

Average cost of a data breach exceeds $3.8 million, claims report

Data breaches are getting more expensive. That's one of the findings of a new global study by the Ponemon Institute that examines the financial impact of a corporate data breach. So what is the actual cost of a data breach? Well, obviously it varies depending on the nature of the organisation that has lost control of its data, the nature of data...
Blog

Ease the Squeeze – Cyber Security with Small Teams

The competition is fierce; each team looking to find the best talent and get the most from every member. Sometimes, to fill a position you have to go to your bench, but this is a battle, and you are in it to win it. No, it isn't the national team looking to grab top honors at the World Cup, it's your cyber security team working to defend the...
Blog

How to Receive a Clean SOC 2 Report

Controls—SOC 2 is all about controls. It's right there in the name: Service Organization Controls, S-O-C. A SOC 2 report is a de facto requirement for any organization that wants to store any customer data in the cloud, which means most SaaS or cloud service providers. Unlike PCI DSS, which is prescriptive and very technical, the American Institute...
Blog

Macy’s, Bloomingdales Alert Online Customers of Data Breach

Macy’s is notifying customers of a data breach involving unauthorized access to their payment card data and personal information. In a notice sent to affected customers, Macy’s said it first detected suspicious login activity from certain Macys.com accounts on June 11, 2018. “Based on our investigation, we believe that an unauthorized third-party –...
Blog

VERT Threat Alert: July 2018 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s July 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-786 on Wednesday, July 11th. In-The-Wild & Disclosed CVEs CVE-2018-8278 Microsoft Edge is vulnerable to a spoofing vulnerability that could allow an attacker to design a malicious fake...
Blog

Credential Stuffing List Containing 111 Million Records Found Online

A security researcher discovered an online credential stuffing list containing 111 million records that attackers could abuse to prey upon unsuspecting users. Troy Hunt, an Australian web security expert and creator of the second version of Pwned Passwords, learned about the list from several supporters of his Have I Been Pwned service. They...
Blog

The FBI's 10 Most-Wanted Black-Hat Hackers – #1

It all comes down to this. In surveying the FBI's 10 most-wanted black-hat hackers, we have come across nine criminals who have all made the web a less safe place for users. But we still have one more hacker to discuss. This individual’s crimes have surpassed all the rest in the eyes of law enforcement, so he gets the top spot on our list. In completion of our countdown, the FBI's most wanted...
Blog

Women in Information Security: Roxy Dee

Last time, I had the pleasure of speaking with Rebecca Herold. She’s a long time cybersecurity industry veteran and the founder of SIMBUS, LLC. This time, I got to talk with Roxy Dee. As a professional in vulnerability management, she knows that it takes a lot more work than just patching. She also has a habit of giving away cybersecurity-related...
Blog

6 Steps for Establishing and Maintaining Digital Integrity

To create a secure digital profile, organizations need digital integrity. This principle encapsulates two things. First, it upholds the integrity of files that store operating system and application binaries, configuration data, logs and other crucial information. Second, it protects system integrity to make sure applications, endpoints and networks...
Blog

How to Ensure Safety from Fraud Within Your Business

Fraud is a major problem in modern-day businesses. It significantly hampers the progression of business and leads to loss of revenue. According to PriceWaterhouseCoopers’ evaluation reports, over half of all businesses today have in one way or another suffered fraud. In particular, 88 percent of companies within the United States have suffered fraud...
Blog

UK Financial Regulators Cracking Down on Banks' IT Failures

Financial regulators have ordered British banks and other financial services firms to provide a detailed plan for responding to IT outages and cyber-attacks. The Bank of England (BoE) and the Financial Conduct Authority (FCA) published a joint discussion paper on Thursday, asking firms to report on their exposure to risk and incident response...