Blog

Blog

How the Blockchain Is Helping Secure IoT Technology

For those reading this who were cognizant of such topics as the Internet of Things (IoT) and security architecture back in 2016, you may have had some passing knowledge of the Mirai botnet attacks that showed us all just how risky the present client-server model of IoT can be. At issue is the reality that the vast majority of these kinds of networks...
Blog

Inside Job Behind Theft of $3B from Bitcoin Exchange, Says CEO

The chief executive officer of a Bitcoin exchange believes the theft of more than $3 billion from the platform was an inside job. On 12 April, the team behind Coinsecure replaced the Indian exchange's website with a statement. The notice reveals that someone exposed users' Bitcoin funds and then stole them out of a wallet under the platform's...
Blog

Thousands of compromised websites spreading malware via fake updates

Malicious hackers have been exploiting thousands of legitimate websites since at least December 2017 in a sophisticated campaign that has disguised malware as fake software updates. Security researchers at MalwareBytes report that they have uncovered evidence of thousands of compromised websites running popular content management systems (CMS) such...
Blog

How to Fix a Hacked WordPress Site

Getting hacked is among the most discouraging experiences you'll deal with as a website owner. No matter how secure your site is, there is always a chance that your site may get hacked. According to Forbes, about 30,000 websites are hacked every day, and who knows if/when hackers will target your site next. Now think: your site is getting popular,...
Blog

VERT Threat Alert: April 2018 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s April 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-773 on Wednesday, April 11th. In-The-Wild & Disclosed CVEs CVE-2018-1034 A vulnerability in SharePoint Server could allow specially crafted web requests to read unauthorized content or...
Blog

Ransomware Named Most Prevalent Malware in Verizon's 2018 DBIR

Verizon Enterprise has named ransomware the most prevalent variety of malware in its 2018 Data Breach Investigations Report (DBIR). For the 11th edition of its report, Verizon Enterprise analyzed 53,308 incidents with 2,216 confirmed data breaches. Researchers with the American multinational telecommunications conglomerate found that three in 10...
Blog

Women in Information Security: Sorene Assefa

In my last interview, I had the pleasure of speaking with Senior Security Analyst and Brakeing Down Security podcast host Amanda Berlin. Defensive security and blue teams are cool, and it’s about time that the area gets the recognition it deserves. This time, I spoke with Sorene Assefa. She’s the founder of Cyber Czar, a cybersecurity firm based in...
Blog

New Scam Targeting Corporations' Chip Cards, Warns Secret Service

The United States Secret Service is warning of a new scam in which thieves are targeting the chip-based debit cards issued to corporations. As reported by Brian Krebs, the scam involves criminals intercepting a newly issued debit card along its way to a corporation, tampering with the chip and waiting until it's activated so that they can profit off...
Blog

ISO/IEC 27001 and Why It Matters for Your Business

ISO/IEC 27001 is a set of standards for information security management systems (ISMS) created by the International Organization for Standardization and the International Electrotechnical Commission, both independent, and non-governmental organizations. ISO/IEC 27001 is part of the broader ISO/IEC 27000 family, a set of standards designed to “[help]...
Blog

How to Confront the Cyber Security Workforce Crisis

The number of cyber security job openings around the globe is staggering. Cisco estimated that there were 1 million unfilled cyber security jobs worldwide in 2014, and Cybersecurity Ventures predicted there will be 3.5 million openings by 2021. The unprecedented need for cyber security experts has intensified as the industry has grown nearly 35...
Blog

The Many Hats Club: Color Doesn't Matter

Recently, I spoke with Stu and Dave, the founders of The Many Hats Club. I'd seen quite a few people talking about it on social media, so I wanted to find out what all the fuss was about. Here is how our conversation went: Joe Pettit: Let's get started. Can you tell me a bit about The Many Hats Club? How did it come about? Stu: Myself and Dave were on a thread talking about Steak and Infosec,...
Blog

Cloud vs. On-Premises: Understanding the Security Differences

More and more organizations are now entrusting their IT resources and processing to the cloud. This trend is likely to grow in the coming years. To illustrate, Gartner predicts that cloud data centers will process 92 percent of workloads by 2020. Cloud workloads are expected to increase 3.2 times in that same span of time, Cisco forecasts. With...
Blog

Mark Zuckerberg Doesn't Plan to Extend GDPR to All Facebook Users

UPDATED 05/04/18: Zuckerberg has since refuted this story in a call with reporters. As quoted by TechCrunch: Overall I think regulations like this are very positive. We intend to make all the same controls available everywhere, not just in Europe. Is it going to be exactly the same format? Probably not. We’ll need to figure out what makes sense in...
Blog

Practical Attacks with DNS Rebinding

One of the tools I expect to see gain in popularity in the wild is DNS rebinding. DNS rebinding is a technique that turns a victim’s browser into a proxy for attacking private networks. Attackers can change the IP associated with a domain name after it has been used to load JavaScript. Since same-origin policy (SOP) is domain-based, the JavaScript...