Blog

Blog

Lessons From Recent Hacks: Creating Strong Passwords

Breaches involving stolen credentials don’t surprise anyone these days. Those of us in infosec know too well that it’s a thousand times easier for the bad guys to gain access to a network and fly under the radar with a stolen login—often obtained through social engineering—than it is to get through cyber defenses. From the bad actors’ perspective, why...
Blog

Ubuntu Forums Hack Exposed 2M Users' Information

A security breach at Ubuntu Forums exposed the information of as many as two million users. Jane Silber, CEO of Canonical, which is the company that produces the Debian-based Linux operating system Ubuntu, published a statement about the hack on Friday: "At 20:33 UTC on 14th July 2016, Canonical’s IS team were notified by a member of the Ubuntu...
Blog

GDPR is Coming – Penalty Primer

It has been eight months since the Court of Justice for the European Union struck down the 15-year-old Safe Harbor arrangement between the EU and US. At the time, there was a good deal of consternation over the future of EU-US data exchange and just how businesses would continue to operate. Despite several fits and starts, parties on both sides of...
Blog

Man Receives Prison Time for Doxxing, Swatting 50 People

A man has received prison time for his role in doxxing and swatting 50 people including politicians, celebrities, and infosec journalist Brian Krebs. Mir Islam (Source: Krebs on Security) On July 11, the United States District Court for the District of Columbia sentenced Mir Islam, 22, to two years...
Blog

Internet of Things Investigations

A good definition of Internet of Things (“IoT”) found in Wikipedia is “the network of physical devices, vehicles, buildings and other items—embedded with electronics, software, sensors, and network connectivity that enables these objects to collect and exchange data.” Although this is a very broad definition, it is important to understand the...
Blog

Top 10 Security Tips For Businesses That Utilize The Cloud

Businesses must evolve their security practices in order to keep pace with ever-changing technology and the associated security threats. If they don’t, the cost of a data breach can be devastating. According to the 2016 Cost of Data Breach Study published by the Ponemon Institute, the average total cost of a data breach is $4 million, and the...
Blog

Mandatory Security Design Considerations for the IoT / IoE

In the first part of this series, we have learned about the imminent risks with the IoT / IoE world and that we need to do something about it; introduced the typical C-I-A triple; as well as the concept of “openness.” Now, we continue to add several key points for the secure system design and development concepts: Secure System | Software...
Blog

VERT Threat Alert: July 2016 Patch Tuesday Analysis

Today’s VERT Alert addresses 11 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-680 on Wednesday, July 13th. Ease of Use (published exploits) to Risk Table Automated Exploit Easy ...
Blog

How & Why is Ransomware Becoming So Popular?

Organized cybercrime is a business just like any other legitimate business; they want to have low-risk and efficient operations in order to maximize their profits. The main caveat for criminals is that pesky problem of getting caught and spending the rest of your life in jail. Data is the currency of the 21st century – historically, cyber criminals...
Blog

5 Best WordPress Security Plugins to Keep Your Site Secure

WordPress (WP) is the most popular and widely used blogging platform. It supports every kind of website, from a simple blog to a full-featured business website. Twenty-six percent of all websites globally use WordPress. As a result of this popularity, hackers and spammers have taken keen interest in breaking the security of WP-operated sites. In this...
Blog

Malicious Pokémon GO App Spreading DroidJack RAT

An infected Android version of the Pokémon GO app is infecting unsuspecting users with the malicious remote access tool DroidJack. First released in the United States on July 6, Pokémon GO is a mobile game available for Android and iPhone. It leverages Niantic’s Real World Gaming Platform to help players find and catch Pokémon as they explore real...
Blog

5 Types of Partnerships in Information Security

One thing is clear in information security: defending against digital threats today is more challenging than ever. Part of the problem has to do with an increase in the number of threats. For example, the United States Internal Revenue Service in January 2016 received 1,026 reports of tax-related phishing and malware attacks – a 400 percent increase...
Blog

June 2016: The Month in Ransomware

Last month, we covered ransomware in the month of May. Now, we will provide you with a roundup on the state of the ransomware industry as of June 2016. The article contains reports on all the new ransomware samples, the updates made to existing crypto threats, and free decryption solutions created by security enthusiasts.CryptXXX Becomes...
Blog

Two Zero-Day Vulnerabilities Found in BMW Web Applications

A security researcher has disclosed two zero-day vulnerabilities in the online service web applications of the German luxury automobile company BMW. The first issue exists in the web application for BMW ConnectedDrive, a suite of services which includes real-time traffic updates, on-board app connectivity, and other functions built into each...
Blog

The Peril of 'Unauthorized Access' in Healthcare

I recently read an article in HealthIT Security that analyzed the breaches reported to the Department of Health and Human Services Office of Civil Rights between January 1, 2016, and June 1, 2016. According to the article: "There have been 114 incidents reported to OCR between Jan. 1, 2016 and June 1, 2016. Of those, 47 (41%) were classified as...