Blog

Blog

Shredder Counter-Forensics: Secure Physical Data Destruction

Despite increased digitization and other paper reduction efforts, global paper usage has nonetheless increased in the last 30-odd years. With the average officer worker in the US using 10,000 sheets of copy paper annually, the security risks related to the circulation of potentially sensitive documents pose a serious issue for information security...
Blog

7 Habits of Highly Effective Endpoint Security

The threat landscape has grown considerably since the the first PC arrived on the tech scene in the 1980s. Indeed, as the amount of information transmitted and stored by organizations has grown, we have seen a corresponding increase in computer crime. Today, approximately one million new malware samples are developed each day. External actors use...
Blog

How Hospitals Are at Risk of Ransomware Attacks

In mid-March, news first broke about a ransomware attack at The Ottawa Hospital in Ottawa, Ontario. The hospital released a statement soon after the attack confirming ransomware had infected four of its 9,800 computers. It is believed a staff member clicked on a suspicious link that in turn downloaded the ransomware onto the hospital's computers....
Blog

Two Years After End-of-Life, 11% of Machines Still Run Windows XP

Despite the operating system reaching end of life exactly two years ago today, statistics show Windows XP still runs on one out of every ten desktops around the world. According to IT security firm ESET, however, the statistics have lowered significantly since Microsoft pulled support for its once dominant platform. Compared to April 8, 2014, nearly...
Blog

FTC Issues Alert on Tech-Support Call Scam

The Federal Trade Commission (FTC) has issued an alert warning users to be on the lookout for a new tech-support call scam. In a post published on Tuesday, Andrew Johnson from the FTC's Division of Consumer and Business Education identifies a variation on the age-old tech-support scam where someone attempts to access a victim's computer or sensitive...
Blog

Adobe to Issue Patch for "Critical" Flash Player Vulnerability

Adobe has announced its plans to release a patch for a "critical" Flash Player vulnerability that is currently being exploited in the wild. In a security advisory, the transnational computer software company explains that the vulnerability (CVE-2016-1019) exists in all current versions of Flash Player for Windows, Macintosh, Linux, and Chrome OS. ...
Blog

Baselines and Security Patches – A Tough NERC CIP Challenge

There are roughly 200 requirements and sub-requirements in NERC CIP, and to satisfy each one requires performance-based compliance evidence that produces the comprehensive documentation that proves each requirement and sub-requirement was met for all activities that fall under it. That by itself is no mean feat. Of those 200 requirements, baseline...
Blog

What Apple May be Able to Learn From a Guitar Amplifier Manufacturer

By now, unless you have been living in a cave with no electricity, you are aware that the FBI successfully unlocked the infamous San Bernadino iPhone. While there is plenty of speculation about the company that assisted in the unlocking of the device, the FBI made it clear very early in the process that encryption was the main roadblock to gaining...
Blog

United States, Canada Issue Joint Alert on Ransomware

The United States and Canada have issued a joint alert on ransomware and the threat it poses to both individuals and businesses. In their bulletin, the Canadian Cyber Incident Response Centre (CCIRC) and the United States Computer Emergency Readiness Team (US-CERT), which operates under the Department of Homeland Security (DHS), provide an overview...
Blog

Creating a Malware/Ransomware Defendable Network

The risk of sophisticated malware, especially of ransomware, has grown exponentially over the years. This means we need to evolve our techniques for mitigation, detection and monitoring of malicious behavior on our assets. It's a wise move given the durability of this threat. Indeed, ransomware, which attempts to scare users and organizations into...
Blog

Catching Stingrays at BSides Canberra

Stingrays (also known as IMSI Catchers) are devices that are used to spy on cellphones and their owners. A Stingray mimics the operation of a legitimate cellphone base station to reveal the movements, communications and personal information of the cellphones that attach to them. Some illicit IMSI Catchers have been discovered attached to the light...
Blog

Reuse Attacks Threaten Users of Popular Firefox Extensions

Millions of users are open to attacks that can quietly compromise machines by exploiting a weakness in some of Firefox's most popular browser extensions. On Thursday, Boston University PhD Ahmet Buyukkayhan and Northeastern University Professor William Robertson presented their research on the attacks at Black Hat Asia in Singapore. Black Hat Asia...
Blog

Opportunistic Knocks – TLS & Mail Security

Transport Layer Security (TLS) is the unsung champion and defender of all good citizens of the Internet. Rather like some invisible, altruistic Marvel superhero, it works tirelessly behind the scenes each and every day helping to protect the things we need and like to do online. Along with its now atrophied predecessor Secure Sockets Layer (SSL), it...
Blog

FBI vs. Apple - Did Anyone Win?

I’ve been following the FBI vs. Apple case, and now that it seems it's tentatively over, I find myself keeping up with the conversations around who won and who lost. In my opinion, the software industry should strive to provide the strongest possible protections for users' individual privacy and security. Apple has done just that – so well, in fact,...