Blog

Blog

Email Is Not a File System

On Monday, the news buzzed with a story about a high school student who had managed to break into the email accounts of CIA Director John Brennan and DHS Secretary Jeh Johnson. We've seen this scenario played out all too often. The teen used the standard social engineering techniques to find out enough information about the targets to force a...
Blog

10-Second Hack Delivers First Ever Malware to Fitness Trackers

A security researcher has developed a method by which one can exploit a vulnerability in FitBit fitness trackers and subsequently deliver malware to the target device in 10 seconds. FitBit (Source: PCMag) Axelle Apvrille (@cryptax), a malware researcher at network security firm Fortinet, has found...
Blog

Security Hygiene: Protecting Your Evolving Digital Life

This week marks Week 4 in National Cyber Security Awareness Month (NCSAM), a program sponsored by the Department of Homeland Security (DHS) in cooperation with the National Cyber Security Alliance and the Multi-State Information Sharing and Analysis Center. NCSAM emphasizes our shared responsibility in strengthening the cyber security posture of our...
Blog

Attacking Automobiles: Inside a Connected Car's Points of Vulnerability

Hacking cars has made big headlines in recent months. Back in July of this year, security researchers Charlie Miller and Chris Valasek won the attention of the information security community and beyond when they successfully hacked a Jeep Cherokee's computer via its Uconnect infotainment system. The duo was able to rewrite the automobile's firmware,...
Blog

CIA Director’s Private Email Account Allegedly Hacked

Federal law enforcement is investigating claims of an anonymous hacker allegedly infiltrating the personal email account of CIA Director John Brennan earlier this month. According to a report by The New York Post, Brennan’s private AOL account contained sensitive information, including Social Security numbers and personal information of more than a...
Blog

Defensibility: Moving from Defensible to Defended

Defensible and defended are not the same thing. There are characteristics of an environment that make it more or less defensible. While IT and OT environments both have some mixed results, in general, OT environments are more defensible than IT environments. My hypothesis, as a reminder, is that a more defensible network is one in which currently...
Blog

Securely Navigating the World of Social Networking

Earlier this week, as part of Week 3 of National Cyber Security Awareness Month (NCSAM), we discussed tips on how we can safely use our mobile devices to access our online accounts while on the go. We now focus on best practices for securely navigating the world of social networking. The Dangers of Indulging in Social Media Like any online account...
Blog

BSidesDC Preview: Point-of-Sale to Point-of-Fail

I am looking forward to presenting at BSidesDC this weekend, where I'll be giving a talk titled "Point-of-Sale to Point-of-Fail." In my presentation, I will be discussing the recent rash of retail breaches over the past couple of years and how and why they are occurring, and what retailers can do to protect themselves. The epidemic of mega-retail...
Blog

Dridex P2P Malware Nets Cybercriminals $40 Million

US-CERT published an advisory today regarding the Dridex banking Trojan following a massive resurgence of the malware over the past few weeks as part of a large phishing campaign. Dridex is an evolution of an increasingly sophisticated family of malware focused on stealing banking credentials. This particular strain of bank credential-stealing...
Blog

VERT IoT Hack Lab: Developing Your Inner Hacker

Getting root is fun, and with IoT gadgets, getting root is generally easy. This is why the IoT Hack Lab @ SecTor will be so much fun! If you still reminisce about (or look forward to) the first time you got root on a device, and you will be in Toronto on October 20-21, visit us at the convention centre where we’ll be setup in the expo hall. Expo...
Blog

Protected Passwords: The Key to Web Security in a Mobile Age

This week marks Week 3 of National Cyber Security Awareness Month (NCSAM). A program sponsored by the Department of Homeland Security (DHS) in cooperation with the National Cyber Security Alliance and the Multi-State Information Sharing and Analysis Center, NCSAM emphasizes our shared responsibility in strengthening the cyber security posture of our...
Blog

VERT Threat Alert – October 2015 Patch Tuesday Analysis

Today’s VERT Alert addresses 6 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-638 on Wednesday, October 14th. Ease of Use (published exploits) to Risk Table Automated Exploit Easy ...