Blog

Blog

ModPOS – The Mechanics of a POS Malware Framework

Malware as a business model rests on two core tenets—the first is innovation. Malware authors are constantly innovating tools and techniques that allow their software to slip past network defenses, to brute force their way past weak authentication credentials, and to escalate local privileges—all in an attempt to counter the work of security...
Blog

Email Scam Defrauded American Corporation Out of $100 Million

Last year, attackers used an email scam to defraud an unidentified American corporation out of $100 million, report U.S. authorities. According to Reuters, the American corporation was targeted by a business email compromise between August and September of 2015. A business email compromise (BEC) is a type of payment fraud where an attacker...
Blog

Former Reuters Journalist Sentenced to Two Years for Hack

A former Reuters journalist has been sentenced to two years in prison for helping to hack a multimedia corporation. Last October, a California jury found Matthew Keys, 28, guilty of one count of conspiracy to make changes to a corporate website, one count of transmitting malicious code, and one count of attempting to transmit malicious code for an...
Blog

Mutating Qbot Worm Infects Over 54,000 PCs at Organizations Worldwide

Researchers at BAE Systems have published a report investigating the return of the Qbot network-aware worm, revealing infections on some 54,517 PCs. 85% of the affected systems are based in the United States, with academic, government and healthcare industry networks particularly badly hit. Earlier this year, for instance, the media reported that...
Blog

Hacker Confessions: Let There be "Light"

As a child, I loved taking things apart. I was always overly precocious and immensely curious—so much so, that I was frequently disciplined for “breaking” things. Years later, as a young adult—I would find myself taking things apart again—only this time, I was a divorced mother of three and going back to college, where the taking-apart part inspired...
Blog

How to End the Gender Diversity Problem in Cyber Security Forever

"We ourselves feel that what we are doing is just a drop in the ocean. But the ocean would be less because of that missing drop.” – Mother Teresa. I live by this quote. It’s powerful. It inspires me and it’s one of the reasons why I do what I do. Let me explain. It all began with a blog. I was in a state of shock after having read an (ISC)² report,...
Blog

VERT Threat Alert: April 2016 Patch Tuesday Analysis

Today’s VERT Alert addresses 13 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-666 on Wednesday, April 13th. Ease of Use (published exploits) to Risk Table Automated Exploit Easy ...
Blog

Shredder Counter-Forensics: Secure Physical Data Destruction

Despite increased digitization and other paper reduction efforts, global paper usage has nonetheless increased in the last 30-odd years. With the average officer worker in the US using 10,000 sheets of copy paper annually, the security risks related to the circulation of potentially sensitive documents pose a serious issue for information security...
Blog

7 Habits of Highly Effective Endpoint Security

The threat landscape has grown considerably since the the first PC arrived on the tech scene in the 1980s. Indeed, as the amount of information transmitted and stored by organizations has grown, we have seen a corresponding increase in computer crime. Today, approximately one million new malware samples are developed each day. External actors use...
Blog

How Hospitals Are at Risk of Ransomware Attacks

In mid-March, news first broke about a ransomware attack at The Ottawa Hospital in Ottawa, Ontario. The hospital released a statement soon after the attack confirming ransomware had infected four of its 9,800 computers. It is believed a staff member clicked on a suspicious link that in turn downloaded the ransomware onto the hospital's computers....
Blog

Two Years After End-of-Life, 11% of Machines Still Run Windows XP

Despite the operating system reaching end of life exactly two years ago today, statistics show Windows XP still runs on one out of every ten desktops around the world. According to IT security firm ESET, however, the statistics have lowered significantly since Microsoft pulled support for its once dominant platform. Compared to April 8, 2014, nearly...
Blog

FTC Issues Alert on Tech-Support Call Scam

The Federal Trade Commission (FTC) has issued an alert warning users to be on the lookout for a new tech-support call scam. In a post published on Tuesday, Andrew Johnson from the FTC's Division of Consumer and Business Education identifies a variation on the age-old tech-support scam where someone attempts to access a victim's computer or sensitive...
Blog

Adobe to Issue Patch for "Critical" Flash Player Vulnerability

Adobe has announced its plans to release a patch for a "critical" Flash Player vulnerability that is currently being exploited in the wild. In a security advisory, the transnational computer software company explains that the vulnerability (CVE-2016-1019) exists in all current versions of Flash Player for Windows, Macintosh, Linux, and Chrome OS. ...
Blog

Baselines and Security Patches – A Tough NERC CIP Challenge

There are roughly 200 requirements and sub-requirements in NERC CIP, and to satisfy each one requires performance-based compliance evidence that produces the comprehensive documentation that proves each requirement and sub-requirement was met for all activities that fall under it. That by itself is no mean feat. Of those 200 requirements, baseline...
Blog

What Apple May be Able to Learn From a Guitar Amplifier Manufacturer

By now, unless you have been living in a cave with no electricity, you are aware that the FBI successfully unlocked the infamous San Bernadino iPhone. While there is plenty of speculation about the company that assisted in the unlocking of the device, the FBI made it clear very early in the process that encryption was the main roadblock to gaining...