Blog

Blog

2016 Phishing Nightmare Stories

‘Twas the night before Christmas, when all through the house, not a creature was stirring, not even a mouse...” But you can bet your Inbox received at least one lump of coal in the form of a phishing email. That’s right, the bad actors have been very naughty in 2016 delivering millions of fraudulent messages trying to entice trustworthy people to...
Blog

Infosec in Review: Security Professionals Look Back at 2016

2016 was an exciting year in information security. There were mega-breaches, tons of new malware strains, inventive phishing attacks, and laws dealing with digital security and privacy. Each of these instances brought the security community to where we are now: on the cusp of 2017. Even so, everything that happened in 2016 wasn't equally significant...
Blog

RansomFree Tool Helps Defend Windows PCs against Ransomware

A free tool called RansomFree that helps protect computers and servers running Windows against ransomware is now available for download. Boston security firm Cybereason developed its tool to respond to the evolution of ransomware, including the ability of most crypto-malware to bypass anti-virus solutions. As Cybereason Labs researcher Uri Sternfeld...
Blog

10 Security Tips for Linux Post-Install

Ask any geek and they'll tell you how fun it is to install Linux on a new machine. Whether you're trying out a new distro or installing an upgraded version, there is something cathartic about jumping on the Linux bandwagon and hacking away on a new system. Although Linux by nature is more secure than Windows, there are still steps that need to be...
Blog

FBI Arrests Man for Using Xtreme DDoS-for-Hire Service

The Federal Bureau of Investigations (FBI) has arrested a man for renting out portions of the Xtreme DDoS-for-hire service to conduct distributed denial of service attacks. On 9 December, the FBI arrested and charged Sean Sharma, a 26-year-old graduate student at the University of Southern California, for launching a DDoS attack against the San...
Blog

What Will Protect Your Connected Car Against Hackers?

There are a lot of great benefits to a connected car like the new Toyota Highlander: increased integration, a more comfortable driving experience and personalized controls, just to name a few. However, with increased computing power comes increased risk that hackers could take control of a car remotely, causing it to speed up, turn off, or turn...
Blog

The Top 10 Ransomware Strains of 2016

2016 was a busy year for ransomware. Some samples targeted critical infrastructure, while others went after rival crypto-malware families. Some adopted new techniques to prey upon users, whereas others went offline entirely. Hundreds if not thousands of ransomware families now dominate the playing field. But they're not all created equal. Here are...
Blog

Man Arrested on Charges of Coordinating Hack against JPMorgan, Others

U.S. law enforcement has arrested a man on charges that he helped orchestrate hacking attacks against JPMorgan Chase and other financial institutions. On 14 December, FBI agents arrested Joshua Samuel Aaron, also known as "Mike Shields," at John F. Kennedy International Airport. BBC News reports that Aaron had been living in Russia as a fugitive. He...
Blog

Phishing Attack Uses Punycode to Try to Steal Office 365 Credentials

To convey language, the computing industry relies on American Standard Code for Information Interchange (ASCII), or 7-bit binary numbers used to depict every letter, number, and special character. ASCII doesn't allow for the straightforward representation of Unicode, or all the characters and symbols which factor into the computing industry's...
Blog

BlackEnergy Group Conducted Malware Attacks against Ukraine Banks

Researchers believe the BlackEnergy group launched malware attacks against the Ukrainian financial sector in the second half of 2016. ESET malware researcher Anton Cherepanov says the malware attacks started off with spear-phishing emails. Attached to the messages were Microsoft Excel documents containing malicious macros as an initial infection...
Blog

Eyes Wide Open with the Internet of Things

Vacuums, refrigerators and thermostats – OH MY! Take a stroll through the homewares section of your favorite store and you are likely to find that nearly all home appliances lighting, and thermostats have a “smart” model or feature. Such is the reality of the Internet of Things (IoT). With two IT professionals in our household, we run it a bit...
Blog

Cyber Security Risk: You Can't Secure It If ...

In the course of working with our clients to improve their security posture, I have come across several common themes that often limit a business's ability to assess and mitigate cyber security risk. Let's take a look at some of these themes and real-world examples of how they apply. You can't secure it if... You Don't Know It's There As wireless...
Blog

.Osiris Locky Ransomware: the Afterlife of Your Files

In the past, Osiris was mostly known as an Egyptian god of the afterlife, the underworld, and the dead. Now it's known as the latest extension of the Locky ransomware menace, as its creators decided to switch from a Norse mythology theme to an Egyptian one. .osiris Locky Gets Better at Avoiding Detection No user wants to see the .osiris file...
Blog

VERT Threat Alert: December 2016 Patch Tuesday Analysis

Today’s VERT Alert addresses 12 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-703 on Wednesday, December 14th. Ease of Use (published exploits) to Risk Table Automated Exploit Easy ...
Blog

KFC Urges Users to Change Passwords After Attack against Website

Kentucky Fried Chicken (KFC) has told members of its Colonel's Club to change their passwords following an attack against its website. The fast food giant confirmed that the attack affected only Colonel's Club users. The loyalty program allows its 1.2 million registered members to collect Chicken Stamps and exchange them for rewards like meals. KFC...
Blog

Festive Phishing in the Workplace

It’s that most wonderful time of the year again – for cyber-criminals and all manner of online miscreants, that is. Whilst next-gen malware samples may be finding new and inventive ways of delivering their payloads, the tried and tested phishing scam isn’t going anywhere just yet. Especially during this distracting and emotive season when even the...
Blog

7 Online Tools for Security Managers

Protecting the company’s servers and online presence is a task that requires a lot of effort. As a result, the reality of securing the online environment is hitting companies hard because hackers and malware constantly find new ways to compromise their online security and privacy. Following a hack or breach, days, months and even years of work could...