Bill C-59 – the National Security Act 2017 – outlines a new vision for Canadian national security. Reading between the lines of this “anti-terror” bill, there is a clear attempt here to comprehensively rework decision-making mechanisms to enhance oversight and ministerial control over counter terrorism, surveillance and cyberspace operations. While...

The role of cyber security in modern business is hard to overstate. Almost all business processes are automated to a degree and thus need to be thoroughly protected from any potential tampering. Vendors use anti-malware and anti-reverse engineering techniques to protect their products, but they can’t possibly weed out every vulnerability. One...

I'm sure that everyone out there identifies with the title of this article in some way. We've all faced an issue where we were trying to get the attention of someone outside of the security field, so that they would pay attention to some sort of digital security issue. Basically, they were outside of the digital security field and decided not to...

The Blank Slate attack campaign is pushing out one of two ransomware to unsuspecting Windows users via Microsoft-themed malspam. An attack begins when a user receives a malicious spam ("malspam") email message. As in previous instances of Blank Slate, the email's subject line doesn't give away the attack. It incorporates seemingly random numbers and...

There are currently 50,416 plugins available in the WordPress repository. Out of these, roughly seven percent are security-based plugins. At the same time, when you search Google for "WordPress security plugin," 14,600,000 results come up. How can you choose a plugin from all these options? To answer that question, it's important to understand what...

There's bad news for internet music fans, as it has been revealed that the details of millions of users of the 8tracks internet radio service and music social network have been stolen by hackers. In a message posted on its corporate blog, 8tracks confirms it has suffered a security breach: "We received credible reports today that a copy of our user...

On June 27, 2017, a digital attack campaign struck banks, airports and power companies in Ukraine, Russia and parts of Europe. Security experts who analyzed the attack determined its behavior was consistent with a form of ransomware called Petya. They also observed the campaign was using a familiar exploit to spread to vulnerable machines. Let's...

Security concerns at firms continue to increase. It’s estimated that the cost of a single data breach is $4 million. Analysts estimate that cyber security attacks have caused the value of shares of publicly traded companies to drop by over $52 billion. The losses incurred by firms are only going into grow. Increasingly, bad actors are focusing on...

In our first article, we defined a ransomware attack and its impact on non-profit organisations, and we made some recommendations for preventing such attacks. In this article, we look at ransomware in more depth to provide a better understanding of how to build cyber resilience. There is a growing threat to cyber-security in various dimensions but...

The latest attack the world has seen recently is a variant of the Petya ransomware virus. As of this writing, it appears a new variant of Petya has been released with EternalBlue exploit code built in, which WannaCry utilised to propagate around organisations. Unlike WannaCry, Petya is a different kind of ransomware. Common delivery methods are via...

A new variant of Petya ransomware has reportedly struck banks, airports, and power utilities in an apparent outbreak affecting Ukraine, Russia, and parts of Europe. Ukraine's national bank, state power company, and airport appear to have been some of the attack campaign's first victims. In a statement, the National Bank of Ukraine attributed the...

A new aircraft carrier built for the Royal Navy appears to be running the outdated 2001 Windows XP operating system on at least some of its machines. During a tour of the £3.5 billion HMS Queen Elizabeth, someone reportedly spotted a screen inside the aircraft carrier's control room running Windows XP. Microsoft hasn't supported this operating...

Data security is rife with complexities. The threats against an organization’s data are massive and ever-evolving, and the consequences of a breach are devastating, sometimes crippling, for a business, so it’s unsurprising that there are dozens if not hundreds of factors to be taken into consideration when it comes to securing databases. That’s why...

While attending the RSA show in February, I met Kevin (@KevinMitnick) and obtained a copy of The Art of Invisibility, which I immediately read. Due to the great many references to Kevin’s past, I thought it would be informative and worthwhile to read Ghost in the Wires. It’s also listed on the Tripwire 10 must-read books for information security...

Anthem has agreed to pay $115 million to settle a class-action lawsuit over the 2015 data breach that compromised the personal information of nearly 80 million customers. If approved, the proposed settlement – which will be heard in a federal court next month – would be the largest ever in regards to data theft. The funds would be used to provide at...

Koler ransomware is masquerading as fake adult-themed apps to infect unsuspecting Android users based in the United States. An infection begins when a user visits a suspicious adult-themed website. The attack campaign says the user must download an app for a popular adult site to view their desired content. But the app is a fake. Catalin Cimpanu of...

Today, the major threats facing every nation in the world are digital in nature. In response, most – if not all – countries implement serious measures to counter these threats and enhance the overall security of their networks. As such, securing cyberspace is a high priority today for every country’s administration, but not all of them. Some are...

It's no secret attackers used insufficient IoT security to their advantage in 2016. Who can forget October 21? On that day, multiple distributed denial-of-service (DDoS) attacks struck the internet performance management company Dyn, a multi-pronged offensive which caused Etsy, Spotify, Twitter and other large web services to suffer connectivity...

Virgin Media is advising 800,000 of its customers to change their router passwords over the fear that attackers could easily hack their devices. On 23 June 2017, consumer choice advocacy organization Which? published the results of an investigation it conducted to analyze the security of connected devices in the home. It set up wireless cameras, a...

In April 2016, the government of Australia forwarded a cyber security strategy proposal to solidify its cyber space and fend off the increasing digital threats hurled by enemy states, cybercriminal organizations, and amateur opportunists. In the digital age where cyber-attacks are increasing every year, it is imperative that we have a stringent...