Blog

Blog

The U.S. Government Is Getting Smarter on Cloud

Since 2010, the U.S. Executive Office has been encouraging agencies to leverage the cloud to improve citizen services. Now, according to the new “Cloud Smart” strategy, a group of federal agencies are taking the lead to identify the best way to make that happen. Relying on input from industry and the broader federal IT community, OMB, DHS, GSA and...
Blog

Scottish Ambulance Service Exposed Employees' Data Online

The Scottish Ambulance Service suffered a data breach in which it exposed its staff members' personal information online. On 12 October, the NHS Ambulance Services Trust, which is part of NHS Scotland, sent an email to its staff in which it disclosed the data breach. As quoted by BBC News: For a time, the names and telephone numbers of staff, as...
Blog

New Sextortionist Scam Uses Email Spoofing Attack to Trick Users

A new sextortionist scam is using spoofing techniques to trick users into thinking that digital attackers have compromised their email accounts. As reported by Bleeping Computer, an attack email belonging to this ploy attempts to lure in a user with the subject line "[email address] + 48 hours to pay," where [email address] is their actual email...
Blog

5 Ways Attackers Are Targeting the Healthcare Industry

The healthcare industry is one of the largest industries in the United States and potentially the most vulnerable. The healthcare sector is twice as likely to be the target of a cyberattack as other sectors, resulting in countless breaches and millions of compromised patients per year. Advancements in the techniques and technology of hackers and...
Blog

The Gap Between U.S Federal and State Policies for IoT Security

In a recent article about U.S federal policy concerning IoT security, Justin Sherman identified several gaps in both cybersecurity and privacy policies. As Sherman has highlighted: The United States federal government, like the rest of the world, is increasingly using IoT devices to improve or enhance its existing processes or to develop new...
Blog

Proactive System Hardening: Continuous Hardening’s Coming of Age

The first article in this series examined configuration hardening—essentially looking at ports, processes and services where security configuration management (SCM) is key. The second article looked at application and version hardening strategies. This third installment will discuss the role of automation in the coming of age of what’s called “continuous hardening.”Known Vulnerabilities vs....
Blog

VERT Threat Alert: October 2018 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s October 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-800 on Wednesday, October 10th. In-The-Wild & Disclosed CVEs CVE-2018-8453 This vulnerability, a privilege escalation in Win32k’s handling of objects in memory, has been exploited in the...
Blog

Over 4.5 Billion Records Breached in H1 2018, Finds Report

A recent report found that data breaches compromised a total of more than 4.5 billion records in the first half of 2018. In its report "2018: Data Privacy and New Regulations Take Center Stage," Gemalto wrote that its Breach Level Index (BLI) system tracked 4,553,172,708 breached data records during...
Blog

Women in Information Security: Alana Staszczyszyn

Last time, I had the privilege of speaking with web security specialist Pam Armstrong. This time I got to chat with Alana Staszczyszyn, someone whom I’ve had the pleasure of meeting in person. She’s very active in Toronto’s cybersecurity scene. She’s currently a student, but she has so much to teach people in our industry about evolving cyber...
Blog

Proactively Hardening Systems: Application and Version Hardening

The first article in this series examined configuration hardening, essentially looking at ports, processes and services as the “doors, gates and windows” into a network where security configuration management (SCM) becomes the job of determining which of these gateways should be open, closed, or locked at any given time. Now it’s time to look at...
Blog

BEC-as-a-service offers hacked business accounts for as little as $150

Everyone responsible for securing organisations today recognises the significant growth in BEC (Business Email Compromise) attacks, also sometimes known as "Whaling" or "CEO fraud". BEC scammers trick accounting and finance departments into wiring considerable amounts of money into bank accounts under their control, posing as genuine suppliers...
Blog

Net Neutrality Regulation – Does the Past Predict the Future?

The debate over the degree of regulation of broadband Internet providers in the U.S. has been going on almost as long as broadband Internet service has been available. In 2004, the U.S. Federal Trade Commission (FTC) first described a set of non-discrimination principles to ensure that users had access to content on an equal basis. In 2008, the FCC...
Blog

Criminals Holding Hijacked Instagram Influencers' Accounts for Ransom

Criminals are hijacking Instagram influencers' accounts and demanding that victims pay a ransom in bitcoin to regain access. Kevin Kreider, a Los Angeles-based Instagrammer who's known for his following around fitness-related topics, told Motherboard that extortionists first targeted him when someone named Lana reached out with a fake business...