The past few months have accelerated the struggle between cybercriminals and those that defend against them. It seems that once again we are back on the defensive—as fast as law enforcement can arrest the bad guys, more and increasingly vicious cyber-attacks are unleashed. It’s been ugly, heartbreaking, and in some cases demoralizing. Even though...

Patients turned away. Ambulances diverted. Doctors and nurses locked out of patient files and unable to deliver care. On Friday, 45 National Health Service (NHS) organizations in the UK and Scotland and over 200,000 other victims in 150 countries fell prey to the WannaCry ransomware. The threat spread quickly, infecting vulnerable Microsoft systems...

As a woman who works in cybersecurity, I know that there are many amazing women in my field. Last time, I had the pleasure of speaking with Cheryl Biswas, who works as a corporate cybersecurity consultant. This time, I spoke to Thaís. She's been educated on two different continents in both physics and computer science! Now she's doing some pretty...

While May 11 saw the release of the long-awaited Trump Administration Cybersecurity Executive Order, Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, May 1 saw the less public release of an important companion document called Establishment of the American Technology Council. Focused on IT modernization and the upgrade...

Each year, the United Nations observes the International Day of Families on May 15. It's a day that focuses on the role families play in cultivating education and lifelong learning. By emphasizing the importance of caregivers, the International Day of Families encourages parents to teach their children about sustainable development, human rights,...

In a previous article, I discussed how organizations are working to protect their industrial control systems (ICS) against intentional and accidental security threats. One of their biggest challenges is figuring out whether their information technology (IT) or operational technology (OT) teams are responsible for ensuring ICS security. Given the...

Today’s VERT Alert addresses the Microsoft May 2017 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-724 on Wednesday, May 10th. In-The-Wild & Disclosed CVEs CVE-2017-0290 Also known as Microsoft Security Advisory 4022344, this is a code execution in the Microsoft Malware Protection Engine...

In previous articles on understanding big data, the need for AI, using encryption and tokenization (including the drawbacks of encryption), and the series on human vulnerabilities, we laid down just some of the building blocks necessary to create a robust cybersecurity strategy. Yet there is a larger problem we often experience: losing the trees for...

In Part 1 of this series, we covered how easy it is for any novice to set up a self-hosted WordPress site and how quickly security can fall between the cracks. In this blog post, I will share with you what to look for in a Webhost provider, how to secure and harden WordPress, and what often-overlooked items you should watch out for during this...

Online extortionists took their attacks to a whole new level last month. They brought the infamous Locky monster back to life after more than three months of hiatus. The architects of the Jigsaw ransomware campaign were busier than ever, contriving seven new variants of their plague. The Hidden Tear, EDA2, and CryptoWire proof-of-concept ransomware...

In today's expanding world of digital security threats, some truths are self-evident. Information security professionals must understand: That change happens That protecting customers and preventing unnecessary downtime is both a financial and moral imperative That we can only collect intelligence on things that we monitor That we must...

April 29, 2017, marked Donald Trump's 100th day in office as President of the United States. Since his inauguration on January 20, President Trump has fulfilled his campaign promises of nominating a conservative judge to the Supreme Court and withdrawing the United States from the Trans-Pacific Partnership. But he has yet to meet some of his other...

Earlier this year, I had the opportunity to present at S4x17 in Miami on the topic of deep packet inspection (DPI) technologies and the ways in which you could evaluate products that tout DPI features. At first glance, I thought, "Sure, no problem. How hard could it be?" It turns out that this is a difficult problem for a few reasons. The difficulties...

When the 2017 Verizon Data Breach Investigations Report (DBIR) came out last week, I read through it like I do every year. Each time I go through the report, I challenge myself to find something new and interesting. This year, I was intrigued by the "Things to consider" and "Areas of focus" at the end of each section. These two blurbs gave tips on...

Bug bounties, security acknowledgements and reward programs all have strong ties to IT security today. But that wasn't always the case. In the past, public penetration testers and security researchers mostly looked out for their personal benefit without recognizing their own responsibility to the security community. The reason? In a lot of cases,...

10 years and counting! Such is the milestone of Verizon's 2017 Data Breach Investigations Report (DBIR). Like in years past, the 10th version of Verizon's research initiative highlights new patterns, evolving trends, and interesting findings in the information security field. It does so by synthesizing reports that Verizon received of discovered...

The upcoming GDPR compliance deadline of May 2018 affects any organization across the world that collects, processes, or stores data on citizens of the European Union. The intent behind the GDPR is to better protect the privacy of EU citizens, and the mechanism to do so is through harmonizing the existing data privacy laws across Europe. “The six...

Governments ought to disclose zero-day vulnerabilities and begin to collaborate to make digital disarmament more than just ‘a thing.’ The case for these policy changes is becoming increasingly clear as new public debates begin to take shape around online privacy, trust and the prevention of cyber conflict. However, much work lies ahead in correctly...

The title of this piece is quite obvious, but it is also an unappreciated fact. Consider for a moment the change we have seen over the last 30 years: access to cyberspace was scarce, often limited to enterprise users such as governments, educational institutions and the largest corporation, whereas today, there are billions of users that treat the...

In any conflict, humans are impacted. In conflict, the best scenario is that the individual leaves unscathed and perhaps even unaware of what could have been their misfortune, whereas in the worst of cases – such as kinetic warfare – the impact can be the ultimate price: loss of life. There is also a cruel truth of conflict that often gets looked...