Blog

Blog

The Challenge Facing Digital Forensics

As new means consumers and the general public can increasingly use services such as Silent Circle, Talk a Tone, Frogger and Guerrilla Mail, digital forensics experts are being challenged to take a deeper dive into how to obtain information from devices, networks and computers. The more of these types of technologies there are, the more time it takes...
Blog

Women in Information Security: Dr. Jessica Barker

My last series of interviews on women (and non-males) in information security was really popular. I spoke to some amazing minds in the cybersecurity field last fall. As spring arrived, I figured that there are probably a lot more professionals in our field who also have interesting stories to tell. Encouraging more non-males to enter the industry...
Blog

March 2017: The Month in Ransomware

Whatever the reason is, ransomware activity skyrocketed last month. An influx of crude, unprofessionally tailored samples bombarded home users and enterprises, sometimes simply destroying data beyond recovery due to broken crypto. Meanwhile, high-profile threats like Spora, Sage, Cerber and Jigsaw became more sophisticated. The statistics for March...
Blog

Book Review: The Art of Invisibility by Kevin Mitnick

I was fortunate enough to meet the author, Kevin Mitnick, while attending RSA in February. I was given a signed copy of The Art of Invisibility, one of The State Security's must-reads for infosec pros, so I made it a point to read the book. I knew a bit about Kevin’s past and had seen a few of his DEF CON talks, so I had a general idea as to the...
Blog

Graduating in Information Security: Part One

There has been a lot of news recently about the cybersecurity skills shortage. While there is a lot to be concerned about with all of the news about insecure devices and unsecured networks, I am confident that the shortage alarms are more headline-grabbing sensationalism than actual fact. In this two-part article, I will explore the problem of the...
Blog

A Hacker's Perspective on Cyber Security

Just like cyber security professionals are constantly looking for ways to develop better and more secure software programs, hackers are always staying on top of the newest updates to overcome the latest defenses. To understand the importance of cyber security and how to stay ahead of hackers, it can be helpful to look at things from the opposite...
Blog

Reflecting on MIT’s Report for Keeping America Safe

Last week, MIT and its Center for International Studies along with its Internet Policy Research Initiative released a report titled Keeping America Safe: Toward More Secure Networks for Critical Sectors. The report is focused on strategic challenges that are needed to enhance cybersecurity for critical infrastructures and sectors. Moreover, the...
Blog

U2F: Next Generation 2-Factor Authentication

Brute force attacks are mitigated by using 2-factor authentication, which comes in many forms, such as time-based tokens, SMS and push authentication using a cell phone. A new contender has emerged: Universal 2nd factor or U2F. U2F is an authentication standard sponsored by the FIDO Alliance, whose members include the technology industry’s top...
Blog

VM: Protecting Known Assets against Known Vulnerabilities

Two security controls, file integrity monitoring (FIM) and security configuration management (SCM), help organizations manage change. The former monitors for unauthorized changes to a system's state, whereas the latter looks for configuration changes that introduce security risk. Both components are crucial to a company's strategy for defending...
Blog

Moving Beyond Network Security to a Data-Centric Approach

In my last post, I briefly summarized the evolution of network security. I will now discuss how network security strategies are no longer meeting the needs of organizations' increasingly complex IT environments. A Different Strategy Technological innovation has changed the nature of the network itself. No longer are employees limited to their...
Blog

Immutable Integrity? – Blockchain Beyond the Bluster

Sometimes you could be forgiven for thinking that the incessant overuse of the word ‘disruptive’ these days could do with some, well, disrupting of its own. So much is written, presented and marketed around apparently ‘disruptive’ use of technologies like AI, IoT and of course blockchain, when much of it could perhaps be better described as...
Blog

iCloud Hacking: The Cybersecurity Gift that Keeps on Giving

You probably remember the massive iCloud breach in 2014 that resulted in compromised celebrity photos spreading through the internet like wildfire. That egregious invasion of privacy caused great embarrassment and damage to the reputations of nearly 100 A-list stars. Fortunately, these bad deeds did not go unpunished. In 2016, two men were brought...
Blog

Malspam Campaign Personalizes Emails with Recipient's Name and Address

A spam campaign is personalizing its emails with the recipient's name and address so that more people will feel inclined to open the malicious attachment. Sophos Labs has seen several versions of this scam pop up in recent weeks. But although the text differs across samples, all the emails generally follow the same format. The scam email includes...
Blog

Five Scams That Won't Make You Laugh on April Fool's Day

If there's one day of the year when everyone has their guard up, it's April Fool's Day. After all, who can put their hand up and say that they have never been duped by an April Fool's trick? Some of the classic April Fool's stunts have gone down in history, such as the BBC's news report from 1957 showing the annual spaghetti harvest in Switzerland....
Blog

Understanding the Evolution of Network Security

Network security has been around almost as long as we’ve had networks, and it is easy to trace the various elements of network security to the components of networking that they try to mitigate. Over the past 30-35 years or so, the expansion of networking, especially the increased reliance on the Internet both as an avenue for commerce and as the...
Blog

The Six Commandments of the GDPR

Otherwise known as the measuring stick by which your GDPR compliance will be assessed, the six core principles of the GDPR are the basic foundations upon which the regulation was constructed. Unquestionable and pure in nature, they are rarely acknowledged for one simple reason: five of the six have no real application in helping you in peddling...