Blog

Blog

LokiBot Banking Malware Triggers Ransomware if User Tries to Remove It

A new variant of Android banking malware known as LokiBot triggers ransomware capabilities if a victim attempts to remove it from their infected device. The malware, which bears the same name as a Windows info-stealer that can exfiltrate credentials from over 100 software tools, is making its rounds as a kit sold on hacking forums. Interested...
Blog

Women in Information Security: Carrie Roberts

In my last interview, I spoke to Katherine Teitler, who is the director of content for MISTI Training Institute. She also helps run the InfoSec World conference. This time, I spoke with Carrie Roberts. She has a senior red team role with Walmart. She's also a pretty good cartoonist if I say so myself. Kimberly Crawley: Tell me a bit about what you...
Blog

How to Block Ransomware Using Controlled Folder Access on Your PC

Microsoft has released a new feature called "Controlled Folder Access" that helps Windows users protect their data against ransomware. First announced in June 2017, Controlled Folder Access is an option in Windows Defender Security Center that went live in mid-October. Its purpose is to protect files contained in designated folders against...
Blog

How Safe Are You on Public WiFi? Not Very

At the U.S. Republican National Convention in Cleveland last year, more than 1,200 people connected to free WiFi networks with names like “I Vote Trump! Free Internet,” “I Vote Hillary! Free Internet,” and “Xfinitywifi.” They transferred gigabytes of data, doing things like checking e-mails and chatting. Some even shopped on Amazon or logged into...
Blog

Google Unveils Bug Bounty Program for Popular Android Apps

Google has announced a bug bounty program covering other developers' popular Android apps available for download in its Play Store. On 19 October, the American multinational technology company launched its Google Play Security Rewards Program. Here's a high-level description of the new framework: "Google Play is working with the independent bug...
Blog

The Need for Increased Investment in Medical Device Security

In 2014, the FBI warned that healthcare systems, including medical devices, were at an increased risk of cyber-attacks due to the unfortunate coupling of poor cybersecurity practices in the healthcare industry with patient health information (PHI) that commands high value on the dark web. This warning has largely been realized. The cost and...
Blog

New Android Malware Found in Minecraft Apps on Google Play

A new, “highly prevalent” strain of Android malware was found infecting several Minecraft-related apps on the Google Play store, adding compromised devices into a botnet. According to security researchers at Symantec, at least eight mobile apps – with an install base ranging from 600,000 to 2.6 million devices – were infected with Sockbot. “The...
Blog

419 Scammers Offer $60M in Exchange for Adopting Their Teenage Son

419 scammers are tempting unsuspecting users with a fake offer of $60 million in exchange for adopting their teenage son. The scam begins when a user receives a Twitter DM from the account of someone who appears to serve in the armed forces. Such unexpected correspondence could (and should) strike the recipient as odd. But the United States, the...
Blog

How to make your Google account more secure than ever before

Nobody welcomes the prospect of having our online accounts hacked. It's a pain in the neck resetting passwords, warning your contacts, and worrying about the prospect that your identity may be stolen. But for some of us, the consequences of having our Gmail account compromised by state-sponsored hackers could be even more catastrophic and even life...
Blog

‘KnockKnock’: New Attack on Office 365 Discovered

Microsoft’s Office 365 suite of cloud applications is now the most popular cloud service in the world by user count. While this has fast-tracked Microsoft’s path to becoming a cloud-first enterprise software company, it has also put a bulls-eye on Office 365, making it a target of choice for hackers. Given the fact that enterprises store a...
Blog

Survey Says: Soft Skills Highly Valued by Security Team

Continuing the discussion around the skills gap our industry is facing, I’m excited to share our final set of results from the Tripwire skills gap survey. My previous post highlighted the need for technical skills. But as this next set of findings indicates, soft skills in cybersecurity are not be overlooked. Every single participant in our survey...
Blog

Women in Information Security: Katherine Teitler

In my last interview, I spoke with Tarah Wheeler, who is a technology and cybersecurity executive, entrepreneur, hacker, keynote speaker, scientist, and author. She's also the author of Women in Tech: Take Your Career to the Next Level with Practical Advice and Inspiring Stories. This time, I spoke to Katherine Teitler. She's the director of content...
Blog

KRACKs: What They Are and How You Can Protect Yourself

On 16 October, news first emerged of what's known as "KRACKs." These malicious techniques exploit vulnerabilities that affect a protocol used for securing Wi-Fi networks. Bad actors could therefore leverage KRAcks to potentially expose encrypted information exchanged over otherwise secure wireless connections. As of this writing, the computer...
Blog

Pizza Hut Notifies Customers of Data Breach

American restaurant chain Pizza Hut has notified customers of a data breach that might have exposed some of their personal and financial information. On October 14, the Italian-American cuisine franchise wrote to a portion of its customer base about an "unauthorized third party intrusion" involving its website. Pizza Hut thinks that the incident...
Blog

Secure Defaults and The Design of the Credit System

When designing systems today, everyone is aware that security is an essential feature, even in systems that you don’t think are critical. The recent Equifax breach brought home to me one of the most important factors of designing secure systems (software or not): delivering systems with secure defaults. In today’s threat-rich environment, the...
Blog

Will the World Really Cooperate in Curbing Cybercrime?

As part of this ongoing series (previous parts, in order, here, here, here and here), I have been trying to make the case that differing interests make cooperation on cybersecurity issues virtually impossible. This is not criticism. It’s just reality. And while it would be easy to look at Brexit or Eastern European and American politics as a push...
Blog

That One Time I Recorded a Microsoft Tech Support Cold Call Scammer…

Tech support scams are no laughing matter. They're capable of infecting unsuspecting users' computers with malware and robbing innocent people of their hard-earned money. It's therefore not surprising that we've witnessed the emergence of numerous initiatives designed to counter tech support scammers over the past few years. Many of these offensives...