Blog

Blog

Getting Ahead of the EU General Data Protection Regulation (GDPR)

The fact that you're reading this blog means that you're probably familiar with the EU GDPR, the possible impact it may have on your business, and the consequences should you find yourself on the wrong side of non-compliance – especially if that non-compliance is highlighted as the result of a breach in which identifiable personal data is...
Blog

Man Receives 5 Years in Jail for Hacking Celebrities' Email Accounts

A man has received five years in prison for hacking into the email accounts of a number of celebrities and athletes. On 6 December, the Federal District Court in Manhattan passed down the sentence to Alonzo Knowles, 24, who gained unauthorized access to celebrities' email accounts and stole sensitive data. Back in December 2015, an undercover agent...
Blog

Compensating Controls: An Impermanent Solution to an IT Compliance Gap

Compliance is a concern for every organization that handles customers' data. Unfortunately, it's not always easy for companies to meet the security requirements of frameworks like PCI DSS. Each organization faces technological and/or business constraints; factors which shape its security decisions and sometimes rule out the implementation of certain...
Blog

Trust: The Social Basis of the Internet Ecosystem

Societies function on the basis of trust, and Internet users are no different. Users need to trust the Internet. They need to trust it to keep their data secure, protected and private, and they need to trust it to reliably give them the content they want to view and share. If governed in an inclusive way, users will continue to place their trust in...
Blog

Is Quantum Networking The End of Man-in-the-Middle Attacks?

Research on quantum networking is well under way. In April 2012, Gerhard Rempe and other researchers at the Max Planck Institute of Quantum Optics in Germany announced their first working quantum network to the world. Then, just this year, Wolfgang Tittel and his researchers at the University of Calgary transported a light particle's properties...
Blog

Thieves Used Radio Jammers to Block Motorists from Locking Their Cars

Thieves used radio jammers to steal from motorists by preventing them from locking their cars after they parked at service stations. According to BBC News, Thames Valley Police said it received 14 reports of theft at the Chieveley, Reading, and Membury stations on the M4 in Berkshire during the last two weeks of November. Each of those incidents...
Blog

Women in Information Security: Zoё Rose

Women are eagerly needed in information security because we offer unique perspectives and there are so few of us. So far in this series, I interviewed Tiberius Hefflin, Tracy Maleef, Isly, Kat Sweet, and Jess Dodson--five different women from different parts of the English-speaking world and from different areas of IT. For my sixth and final...
Blog

Shamoon 2: Nothing Whets Disttrack's Appetite Like Destroyed Data

Most families of malware operate on a common assumption: a user's data is valuable. For instance, some malware samples transmit pieces of a victim's data to their command-and-control (C&C) server as means of setting up an attack, while others fully embrace the spyware classification and collect as much information about a user as possible. At the...
Blog

Uber Now Tracks Users' Location Data After a Trip Ends

Uber has issued an update allowing the online transportation network company to track passengers' data after a trip ends. Hoping to improve passengers' experience using the service, Uber released the update as a means of broadening its ability to collect "trip-related data." The company clarifies that point on its website: "Uber collects your...
Blog

Under attack: How hackers could remotely target your pacemaker

Once again, researchers have uncovered security flaws that could allow malicious hackers to attack implanted medical devices, such as heart pacemakers and cardiac defibrillators, with the potential to deliver fatal shocks. In a newly-published paper, "On the (in)security of the Latest Generation Implantable Cardiac Defibrillators and How to Secure...
Blog

FBI's Expanded Hacking & Surveillance Powers Take Effect Under Rule 41

Changes that expand the Federal Bureau of Investigation's (FBI) hacking and surveillance powers took effect on 1 December under Rule 41. Previously, it was an established fact of criminal procedure that a judge's warrants pertained only to a suspected criminal's misdeeds in particular district. If the subject committed crimes in multiple districts,...
Blog

How “Peter Parker’s” Mirai Variant Took Down 900,000 Routers

What happens when service providers issue routers with remotely exploitable flaws? This weekend, we saw a glimpse of what is possible when attackers attempted to load Mirai-based malware on routers through a vulnerability in an exposed remote management protocol. Although the attackers probably failed in their ultimate goal of creating a large...
Blog

Hacking the Human at BSides Philly: Social Engineering Basics

My talk at BSides Philly on December 3 is called "Hacking the Human: Social Engineering Basics," and it's about providing a social engineering foundation for people to adapt to their individual situation and needs. "Teach a man to fish" and all that, you know? Over the course of the talk I reference many thinkers, philosophers, psychologists, and...
Blog

The 5 Most Significant DDoS Attacks of 2016

On the cusp of 2017, one thing's clear: distributed denial-of-service (DDoS) attacks made their mark in 2016. Arbor Networks tracked 124,000 DDoS attacks each week between January 2015 and June 2016. Furthermore, 274 of the attacks observed in the first half of 2016 reached over 100 Gbps (as compared to 223 in all of 2015), while 46 attacks...
Blog

Cerber 5.0.1 Starts the Horrors of Christmas Ransomware

Christmas is around the corner, and cyber criminals are as restless as Santa’s dwarves. All big ransomware families are being updated on quite a regular basis, leaving users breathless and file-less. The Cerber ransomware family is an excellent example of a crypto family constantly being renewed. Cerber 5.0.1 is now making its rounds in the wild,...
Blog

Who Will Follow Facebook In Buying Customer Leaked Databases?

Facebook has taken the privacy of their customers seriously, as their Chief Security Officer (CSO) Alex Stamos has stated that the company has engaged in black market purchases of leaked or hacked databases that contain Facebook account credentials. A Preface To The Facebook Black Market Trade Facebook has publicly disclosed that it has bought...