Blog

Blog

Is Your Financial Data Protected?

Security breaches are becoming more common. They occur most often in the United States (followed by the UK), exposing businesses and their customers to significant risks. Most recently, in December 2017, Kromtech uncovered a breach at Ai.Type with 577GB of data stolen. It's possible the incident exposed the information of 31 million customers. And...
Blog

Man Arrested for Allegedly Hacking Car-Sharing Company Database

Australian law enforcement officers have arrested a man for allegedly hacking the company database of a car-sharing service. On 30 January, investigators of Strike Force Artsy, a division of the State Crime Command’s Cybercrime Squad, executed a search warrant at a home in Penrose. Officers arrested a 37-year-old man and charged him with two counts...
Blog

The Cyber Law of War

A recent article in the New York Times postulated America may choose to respond to a devastating cyberattack with a nuclear response. In November of 2017, a widely viewed social media video entitled Slaughterbots suggested “swarms of AI-controlled drones [could] carry out strikes on thousands of unprepared victims with targeted precision.” Both of...
Blog

Cisco Fixes 10.0 CVSS-Scored RCE Bug Affecting Its ASA Software

Cisco has patched a remote code execution (RCE) vulnerability bearing a "perfect" CVSS score of 10.0 that affects its Adaptive Security Appliance (ASA) software. On 29 January, the American multinational technology conglomerate publicly recognized the security issue (CVE-2018-0101) and revealed that it affects the ASA software found in the following...
Blog

Study: Alarming Number of Fortune 500 Credentials Found in Data Leaks

Data breaches are common in the news lately, but a recent study by credential monitoring firm VeriClouds focuses specifically on the credentials of Fortune 500 employees found in account leaks posted online. Using a corpus of 8 billion stolen credentials gathered over three years, the total number of employees of each Fortune 500 company was...
Blog

Locations of Military Bases Inadvertently Exposed by Fitness Tracker Users

Users of a fitness tracking app have inadvertently exposed the locations of military bases by publicly sharing their jogging/cycling routes. Many service people who use Strava, an app which allows them to record their exercise activity using GPS plotting, are sharing their data publicly. Their movements have ended up in Strava Labs' Global Heatmap...
Blog

Adoption of the Public Cloud in the Financial Services Industry

Cloud computing is not a new name anymore, and its adoption is growing consistently across various industries. Public cloud is a disruptive technology, irresistible to the Financial Services Industry (FSI) due to its tremendous benefits, including agility, elasticity, time to market and on-demand provisioning, to name a few. However, there are...
Blog

15 Million People Worldwide Affected by a Single Monero Mining Operation

A single Monero cryptocurrency mining operation has used malware delivery techniques to affect at least 15 million people worldwide. The campaign, which has been active since at least October 2017, delivers its payload using one of 250 unique Microsoft Preinstallation Environment (PE) files like "File4org]_421064.exe" and "[Dropmefiles]_420549.exe."...
Blog

Reddit rolls out 2FA to all its users

Reddit, the so-called "front page of the internet", has some important news for its 250 million registered users. You can now secure your Reddit account with two-factor authentication (2FA). The additional layer of security has been rolled out as an option to all users following months of beta-testing. To enable the feature, Reddit users must access...
Blog

Data Privacy Day: Expert Advice to Help Keep Your Data Private

Data Privacy Day began in the USA in 2008 as an extension of Data Protection Day in Europe. Since then, The National Cyber Security Alliance (NCSA) has led this international effort, which is held annually on January 28 to help create awareness about the importance of safeguarding data, respecting privacy, and enabling trust. In our efforts to help...
Blog

Adapting Security Communication to Different Audiences

Especially in recent weeks and months, information security has become an issue of interest to a lot of different people. Over the last several years, more people have started paying attention to infosec issues, which means the audience of infosec communication has drastically grown and changed. Effective communication is audience-dependent. You...
Blog

Engineering Firm Pays $1.3K after Ransomware Affects Servers, Backups

An engineering firm has paid attackers $1,300 after ransomware encrypted its servers along with its data backup system. The infection occurred when bad actors targeted DGH Engineering Ltd. with a malicious email. An employee at the firm clicked on a clink contained therein. This action paved the way for crypto-ransomware to encrypt the company's...
Blog

Another Indiana Hospital Hit by Ransomware Attack

Another hospital in Indiana has suffered a ransomware attack that affected some of its servers and prevented files from loading correctly. On 11 January, an employee of Adams Memorial Hospital of Decatur, Indiana notified administrators that some files didn't look correct. Susan Sefton, a spokesperson for the hospital, said the network went blank...
Blog

Cryptocurrency Hacks and Heists in 2017

The cryptocurrency rush took the world by storm last year. This dynamic environment lured new players, including hungry investors, miners, enthusiasts, looking to their hand at innovative startups not to mention threat actors. We witnessed blockchain splits, a boom of Initial Coin Offerings (ICOs), regulatory attempts by governments, the granting of...
Blog

Let’s Not Be Our Own Worst Security Enemy

If you are like most infosec professionals, you probably have to evaluate the security awareness training program that will be used in your organization. These training programs are important, and more recently, they are required in many regulated organizations. Perhaps your security awareness training is “home grown,” or perhaps you use a training program offered by one of the many third-party...