Blog

Blog

Destructive Mac ransomware spread as cracks to pirate commercial software

In their ever-increasing aggressiveness to wring even more money out of victims, it's perhaps no surprise to see some online extortionists creating ransomware targeted against affluent Mac users. The latest example of Mac ransomware, OSX/Filecoder.E, has been discovered by malware analysts at ESET after it was distributed via BitTorrent distribution...
Blog

Malicious Chrome Extension Punishes Users with Tech Support Scam

A malicious Google Chrome extension punishes users who search for certain keywords by redirecting them to a tech support scam. Attackers introduce users to the rogue extension via a malvertising campaign. Most of the time, malicious adverts redirect users to an exploit kit that installs ransomware or other baddies. In this case, the advertisement...
Blog

GDPR and the DPO: Five Things to Know About Your Next Job Vacancy

If the GDPR (General Data Protection Regulation), the EU's data protection harmonisation project, was to become Hollywood movie, its genre would most likely be horror. Focus on the regulation over the past twelve months has been mostly aimed toward its penalties, with scare stories in no short supply. The GDPR has been called many things; visionary,...
Blog

Here's What You Missed at BSidesSF 2017

BSides is known for its collaborative and welcoming environment – something that truly sets it apart from the many other security conferences that are held these days. Today, the conference series has spread all across the world, yet its mission remains the same: to provide an open forum for infosec discussion and debate. Tony Martin-Vegue, a...
Blog

Gordon Ramsay's Father-in-Law Charged with Hacking Chef's Emails

Police have charged Gordon Ramsay's father-in-law and three of his family members with hacking the celebrity chef's emails. On 21 February, the Metropolitan Police announced charges against Chris Hutcherson, 68, along with Adam Hutcheson, Orlanda Butland, and Chris Hutcheson, 37. The four individuals are accused of having violated the Criminal Law...
Blog

The Cost of Stolen Information Available on the Dark Web

Large hacks and cyber-attacks aimed at exploiting information, affecting everyone from major company databases to politician’s email accounts, have now become a common occurrence in our ever-connected world. This hacked information – and the act of accessing it – has rapidly become a sought-after product and service on dark web marketplaces. Coupled...
Blog

A Primer on GDPR: What You Should Know

What is GDPR, when is it coming, and what steps should you take to comply? If you’ve been following the information security news or Twitter feeds, then you’ve no doubt seen the increase in traffic around the General Data Protection Regulation (GDPR). And there’s a good chance you’ve been ignoring it, as well. It’s time to pay attention, for GDPR...
Blog

The "Can You Hear Me" Scam Might Not Be as Serious as It First Appears

Scammers want nothing more than to steal our personal and/or financial information. Towards that end, they've come up numerous ways of tricking us into giving them our details. One particularly persistent method is the Grandma scam. Unlike email-based ploys, the Grandma scam centers around a fraudster who rings up an older individual. They pose as...
Blog

Fraud Forum Administrator Sentenced to Four Years in Prison

A Ukraine citizen will spend close to four years in prison for administering a fraud forum in addition to perpetrating other computer criminal activities. As reported by Brian Krebs, 29-year-old Sergey Vovnenko received a sentence of 41 months in prison on 16 February for wire fraud conspiracy and aggravated identity theft. ...
Blog

Information Technology: Spending Is Investing

As the cloud continues to gain momentum, companies worldwide are increasing their spending towards the IT sector. Traditional IT systems are declining as modern digital technologies like AI and virtual reality are proving to be strong business driving forces. Indeed, the IT sector is being dominated by emerging cloud infrastructure, AI, VR,...
Blog

Rasputin Hacker Uses SQLi to Hack 60 Universities and Government Agencies

A hacker known as Rasputin used SQL injection (SQLi) to breach the databases of over 60 universities and government agencies. The threat actor, a Russian-speaking computer criminal who gained notoriety back in December 2016 for hacking the U.S. Election Assistance Commission (EAC), is targeting universities and government facilities based in the...
Blog

More Yahoo users warned of malicious account access via forged cookies

Yahoo is warning more of its users that their accounts might have been accessed by unauthorised parties. Yahoo believes that hackers managed to break into its internal systems, and used the proprietary code they accessed to forge cookies that would allow attackers to access accounts without needing a password. It goes without saying that the ability...
Blog

Cyber Insurance Coverage Concerns

The perceived silver bullet of cyber insurance has existed since the 1990s, but companies were forced to consider coverage limitations when a New York Court ruled in February 2014 that Sony’s general liability policy would not cover the $2 billion in costs the company had incurred from the huge data breach in 2011 involving the online network for...
Blog

New Research Highlights Top Cyber-Attack Concerns for 2017

With such a lively 2016 ­for infosec – mega-breaches, new malware strains, inventive phishing techniques, and big debates between security and privacy – there’s plenty of reason to pause and consider what the security community should be most concerned about for 2017 and what they can do to prepare. http://www.slideshare.net/Tripwire/tripwire-survey...
Blog

4 Tips for a Successful OT & IT Security Marriage

Securing critical infrastructure is becoming a priority for the public and private sectors. Cyber professionals everywhere are rejoicing about the increasing investments in protecting the networks and systems that keep us safe at night. The Oval Office has even signaled its intentions to make security a priority. We welcome the new administration’s...
Blog

Check that Czech Post Email! It Could be a Smishing Scam

Phishing scams are a persistent threat to users' inboxes. But that's not all they target. Fraudsters have other ways of delivering their ploys to unsuspecting users. One of the more common techniques is known as smishing. It's when a scammer sends a phishing ploy containing a suspicious link via SMS text message to a user's phone. Despite this...
Blog

New Proof-of-Concept Ransomware Can Target PLCs at Industrial Sites

A new proof-of-concept ransomware is capable of targeting the programmable logic controllers (PLCs) that help manage critical infrastructure. Researchers at Georgia Institute of Technology designed a cross-vendor ransomware worm known as LogicLocker to specifically seek out vulnerable PLC computers that are exposed online. At they write in their...
Blog

Hacker Mindset: The Future of Encryption

In my ongoing blog series “Hacker Mindset,” I explore an attacker’s assumptions, methods, and theories, including how information security professionals can apply this knowledge to increase cybervigilance on the systems and networks they steward. In this article, I explore the intense debate surrounding encryption and what it means for policy makers...