Blog

Blog

APT33 Group Targeting Aerospace and Energy Sectors with Spear Phishing

A threat actor known as APT33 is actively targeting organizations in the aerospace and energy sectors with spear phishing campaigns. Between mid-2016 and early 2017, the suspected Iranian digital espionage group attacked a U.S. organization in the aerospace sector, a Saudi Arabian conglomerate with aviation holdings, and a South Korean company known...
Blog

On Bug Bounty Programs: An Interview with HackerOne's CEO

In September 2017, I created a list of 10 essential bug bounty programs for 2017. Readers with a keen eye for detail might have noticed that nearly half of the companies included in that catalog host their vulnerability research programs, otherwise known as vulnerability disclosure programs and responsible disclosure programs, through HackerOne. A...
Blog

Most Orgs Worried Skills Gap Will Leave Them Exposed to Security Flaws

In my previous post about Tripwire's latest skills gap survey, I noted that over the past couple years, it has become more challenging to hire adequately skills cybersecurity professional. In this post, I'll share Tripwire's second set of findings. These results cover which technical skills are most needed and what organizations plan to do about...
Blog

The Myth of “False Positives” in Vulnerability Assessments

While false detections should be eliminated as much as possible, these are an inherent part of any vulnerability assessment tool. Possible reasons for false detections include rapid changes in vendor-specific patches/updates, zero-day vulnerabilities, access restrictions, and network glitches. The goal is to have the fewest vulnerabilities detected...
Blog

5 Things You Should Know about PCI DSS Penetration Testing

The Payment Card Industry Data Security Standard (PCI DSS) was introduced to provide a minimum degree of security when it comes to handling customer card information. While the Standard has been around for over a decade, penetration testing has only recently been officially incorporated into the process. There’s a lot to cover in a PCI DSS...
Blog

Women in Information Security: Candy Alexander

Last time, I had an excellent discussion with Keirsten Brager, a security engineer for a utility company. This time, I had the pleasure of speaking with Candy Alexander. She got into cybersecurity at least partly because of Kevin Mitnick. Kim Crawley: Please tell me about what you do. Candy Alexander: I am currently working as a vice CISO and...
Blog

CCleaner App Hacked to Deliver Malware, 2.3 Million Users Infected

Researchers have discovered that certain versions of the popular CCleaner app were modified by hackers to deliver malware to millions of unsuspecting users. Created by Piriform and recently acquired by security firm Avast, the application allows users to perform routine maintenance on their systems, including the cleaning of temporary files and...
Blog

7 Things To Consider When Creating An Acceptable Use Policy

If you have read any of my posts or attended my webinars about security awareness, training, compliance, or other IT risk management items, you will notice a recurring theme: expecting technology to do all of the work in preventing a security or risk-related event is not the correct mindset. Rather, creating a culture of risk management is the key....
Blog

Hacked LinkedIn Accounts Spreading Malicious Links via InMail

A new phishing campaign is targeting LinkedIn users, leveraging hacked accounts to send malicious links via the platform’s private messaging feature. According to security researchers at Malwarebytes, the campaign abuses Premium membership accounts, which can message other LinkedIn users – regardless of whether they’re connected or not. “The...
Blog

Malvertising Op Pushes Code that Mines Cryptocurrencies in Browser

A malvertising campaign is distributing code that mines different cryptocurrencies inside an unsuspecting user's web browser. For the operation, computer criminals are targeting mainly visitors to video streaming and in-browser gaming sites based in Russia and Ukraine. They abuse an online advertising network to display ads containing custom...
Blog

4 Credit Bureau Data Breaches that Predate the 2017 Equifax Hack

UPDATED 19/9/17 to correct the fact that US Info Search never sold any data to Ngo Equifax made headlines on September 7, 2017, when it announced its discovery of a data breach earlier in the year. In the security incident, computer criminals leveraged a "U.S. website application vulnerability" to view some of the consumer credit reporting agency's...
Blog

Kedi RAT Phones Transmits Data to Attackers Using Gmail

A new remote access trojan (RAT) known as Kedi phones home and transmits a victim's stolen data to attackers using Gmail. The malware relies on spear-phishing, one of the most common types of phishing attacks, for distribution. These attack emails spread a 32-bit Mono/.Net Windows executable, written in C#, that masquerades as a Citrix tool. It then...
Blog

Herding Pets & Cattle: Extending Foundational Controls into the Cloud

Flexibility, on-demand computing resources, and speed are just some of the benefits that are driving information technology's shift to the cloud. In fact, market data shows that roughly a quarter of overall computing workloads already operate in public environments today. That figure is expected to grow to half over the next 10 years. At the same time...
Blog

Insider Threat Hunting: What You Need to Know

Insider threat relates to malicious activity from an organization’s internal employees, contractors, or ex-employees who abused access to the company’s internal systems and applications to compromise the confidentiality, integrity, or availability concerns to critical information systems or data with or without malicious intent. Insider threat...
Blog

BlueBorne: Billions of Bluetooth Devices Vulnerable to Wireless Attacks

Researchers have uncovered several zero-day flaws affecting billions of Bluetooth-enabled devices, including smartphones, TVs, laptops, watches, smart TVs and more. Dubbed “BlueBorne,” the attack vector enables malicious actors to leverage the short-range wireless protocol to take full control over targeted devices, access data and spread malware to...
Blog

One Million Canoe.ca Site Users Potentially Affected by Data Breach

A data breach might have exposed the personal information belonging to approximately one million users of the Canoe.ca portal. On 2 September, the news and entertainment gateway learned of a security incident that involved some of its databases containing records it collected between 1996 and 2008. The company, operated by MediaQMI Inc. and owned by...
Blog

Is It Possible to Manage a Secure Business in the Cloud?

"Cloud computing" is not a buzz phrase anymore, but it is essential for most businesses looking to achieve sound business continuity alternatives combined with a comprehensive security model. Cloud Computing What is cloud computing, and what does it do? Very simply, for the end-user, a cloud computing experience is no different than using a...
Blog

Anti-Honeypot – Repelling Attackers Using Fake Indicators

When you, your co-worker or family member are infected with the latest ransomware, it is the “successful” end of a multi-party complex venture. Cybercrime nowadays is not a single genius guy sitting in his parents’ garage – it's an enterprise. It has the equivalents of CEO, CFO, COO, and CTO. As an example, you may think about a ransomware campaign,...