Blog

Blog

Trickbot Trojan Found Targeting US Financial Institutions

Security researchers have observed a new, Necurs-powered Trickbot spam campaign targeting international and US-based financial institutions. The notorious banking Trojan has been responsible for man-in-the-browser (MitB) attacks since 2016. Until now, however, the malware’s webinject configuration had only targeted organizations outside of the US....
Blog

Price Comparison Site Fined £80K for Ignoring Customers' Email Opt-Outs

A UK price comparison website must pay an £80,000 fine after it ignored customers' requests to opt out of marketing email blasts. On 20 July, the Information Commissioner's Office (ICO) announced the penalty against Moneysupermarket.com after the business sent out 7.1 million emails over a 10-day period. Those emails included a "Preference Centre...
Blog

Are Bug Bounties a True Safe Harbor?

Security vulnerabilities are becoming the new oil, and the bug bounty economy is booming. As news of cyberattacks and data breaches continue to consume the press, never before has the market for vulnerabilities been so dynamic. “Bug bounty programs,” frameworks where security researchers legally trade previously undiscovered vulnerabilities for...
Blog

Destructive Malware and Interstate Rivalries: The Evolution of Digital Weapons and Geopolitical Conflict

When the details of Crash Override emerged earlier this summer, many argued it would be the wake-up call to finally forewarn of potential digital threats to critical infrastructure. However, when placing last December’s attack on the Ukrainian power grid in a broader context, it quickly becomes apparent that this will likely neither be a wake-up...
Blog

FBI, Europol, Others Shut Down AlphaBay and Hansa Dark Web Markets

The Federal Bureau of Investigations (FBI) and Europol led an international law enforcement operation that shut down the AlphaBay and Hansa dark web marketplaces. On 20 July, the U.S. Department of Justice announced the takedown of AlphaBay, an underground commercial exchange where members bought and sold illicit goods like drugs, stolen credentials...
Blog

Sweet Security Supercharged

Over the past few years, I have spent quite a bit of time trying to figure out a way to monitor what is happening on my home network in the same way that I have grown accustomed to doing so in an enterprise environment. Not happy with what was available on the market, I chose to start building my own solution. Back in 2015, I released the first set...
Blog

FBI Issues Alert Warning of Privacy, Safety Risks with Smart Toys

The FBI’s Internet Crime Complaint Center (IC3) issued a public service announcement earlier this week, warning parents of the privacy and safety risks associated with internet-connected toys. The advisory noted that smart toys and entertainment devices for children are increasingly incorporating technologies that learn and tailor their behaviors...
Blog

Scam Email Campaign Targeting Origin Energy Customers with Malware

Yet another scam email campaign is now targeting customers of the Sydney-based energy provider Origin Energy with malware. In this new wave of attacks, customers receive scam emails asking them to view their bills online. Those messages use the energy provider's logos to try to convince a recipient they're legitimate. If the ploy works, the...
Blog

Cyber Security Heroes Part 3: Holly Williams

They say you should never meet your heroes—often they will just disappoint you. But thankfully, there are also exceptions to this rule. In this five-part series, I will be introducing you to five of my key cyber security/infosec heroes. These individuals inspire me to continuously strive for more, with one even motivating me to move across the pond....
Blog

31 New Moms' Patient Data Exposed by Facebook Post

A researcher's Facebook post inadvertently exposed the confidential patient data of 31 new mothers. An Italian researcher who had been working on a study to improve the detection of pregnancies with a high risk of a complication known as preeclampsia is responsible for having caused the breach. On 2 July, the researcher updated his Facebook status...
Blog

Why Your C-Suite Needs Security Awareness Training

“My C-level doesn't understand that they’re being directly targeted – help me scare them!” Such was the request aimed at one of my colleagues at a cybersecurity conference not too long ago. Being in the security awareness industry, it’s not uncommon for others to solicit our feedback on how best to educate employees of all stripes. The appeal above,...
Blog

Back to Basics: Tips to Improve Your Security Hygiene

Recently, I had the pleasure of working with Amrit Chana, a 15-year-old girl from Newlands Girl School in Maidenhead, UK, who completed a week's worth of work experience at Tripwire. Amrit helped with the content of this article, providing input on the areas we believe need to be addressed by every user of a computer system. One of the tasks Amrit...
Blog

What Yoga Teaches Us About Cybersecurity

Truth be told, I have two exercise addictions: yoga and lap swimming. Yoga provides strength and flexibility benefits, while lap swimming gives my cardiovascular system a stellar workout. As with most things in life, you can take lessons learned from one activity and apply them to others – so it is with yoga and cybersecurity. Let’s “dive” in ...
Blog

Australia's New Laws Would Force Tech Companies to Decrypt Messages

The government of Australian has proposed legislation that would compel technology companies to decrypt users' messages for investigations. If passed, the new laws would function similarly to the United Kingdom's Investigatory Powers Act by requiring companies to cooperate with investigators. That could mean providing access to encrypted messages...
Blog

Are you looking at me? Welcome to the world of facial recognition

As new technologies develop, it's worth reminding ourselves that just because we can do something doesn't mean that we should. Often a new technology can bring plenty of new opportunities to do amazing things, but that doesn't mean that it cannot also be ripe for abuse. That's certainly the case with facial recognition technology, where some law...