Blog

Blog

February 2017: The Month in Ransomware

The shortest month of 2017 was relatively slow in terms of ransomware activity, but it gave rise to several disconcerting tendencies in the cybercrime ecosystem. Crypto infections that steal sensitive information along the way, top-notch Android ransomware utilizing dropper techniques, low-cost Ransomware-as-a-Service platforms – all of these took...
Blog

Android Trojan Infects Facebook Lite Version to Steal Users' Information

An Android trojan has infected a version of Facebook Lite so that it can try to secretly steal users' device information. Facebook Lite is a version of the popular social messaging Android app that uses less data than the regular version. It's also designed for 2G networks, which helps the app work on networks with slow or unstable web connections....
Blog

Deception as a {Free} Post-Breach Detection Tool

The Clifford Stoll’s interesting story of stalking the wily hacker back in the 80s was probably the first time deception was used for catching a hacker. Since then, the technology has changed a lot, but the concept of honeypots and deception in general has remained the same. Despite the undeniable and important role that honeypots have in proactive...
Blog

4 Innovation Enablers for Every Organization's Digital Security Strategy

The digital landscape is beset with challenges that threaten businesses and individual users alike. Even so, most organizations aren't prepared to face them. For example, 70 percent of IT professionals told Tripwire at Black Hat USA 2016 they lack confidence in their organization's ability to address security risks associated with the Internet of...
Blog

And You Thought You Have Seen It All . . . and Why the IoT Needs Us

One might think that the security industry is beefing up its message with profanity and far-fetched stories, and you may regard all of it – to an extent – as scare mongering. The latest attack on the smart "HUE Light Bulbs" by Philips puts this views to rest, I hope. Apparently, modern smart light bulbs are equipped with secure communication...
Blog

Do You Know Where Your Data Is? Prove It...

Many IT decision makers look at assets as hardware, but really they should consider why they have the hardware in the first place. These decision makers remember the very significant investments they made in servers, PCs, firewalls, and so on in order to deploy that new CRM or Electronic Medical Records System. They think of the tens of thousands of...
Blog

Tech Support Scam Uses Website Elements to Spoof Microsoft Support Page

A new tech support scam is using website elements to trick users into thinking their browser has loaded a Microsoft support page. Like other ruses of the sort, this ploy begins when malicious ads redirect a user to a fake tech support web page. The first thing they see is a pop-up alert warning them that "a virus and spyware" have compromised their...
Blog

Common Solutions for DevOps and Discrete Manufacturing

Near the bleeding edge of technology, there’s a lot of talk (and work) around DevOps and the use of containers for delivering services. This is a fast-paced environment where services are spun up and down to meet demand in an elastic cloud and code is shipped to production multiple times a day. It’s also an area where security is far from ‘figured...
Blog

Fifty Shades of FIM

File Integrity Monitoring solutions have been around for a few decades now, with one purpose in mind: to monitor changes to files on the endpoint. However, there is more to integrity monitoring than just looking at files. Over the past year or so, whilst working with Tripwire, I have met a large number of people who define FIM (File Integrity...
Blog

New Study: Companies Aren't Prepared for Cyber Security Threats

In the modern world, it isn’t bank robbers we’re worried about – it’s cyber criminals. They can steal consumer information, alter data so that it gives false insights or remains corrupted for months or even years without notice, and even sell valuable intellectual property to the highest bidder, putting companies under. However, while many...
Blog

How Smart Watch Data Exposed a Cheating Half-Marathon Runner

Most security folks are familiar with the threats posed by the Internet of Things (IoT). Indeed, one need only look to what happened to Dyn in October 2016 to grasp the devastating potential of insecure IoT devices. Given this new wave of distributed denial-of-service (DDoS) attacks, as well as the Mirai-infected bots that power them, it's no wonder...
Blog

Boeing Notifies 36,000 Employees of Email-Based Security Breach

Boeing has notified 36,000 employees of a security breach involving an email that inadvertently disclosed their personal information. On 8 February 2017, the American aerospace company sent a letter to Bob Ferguson, Attorney General for Washington State. In it, Boeing says a security incident might have exposed the personal information of 7,288...
Blog

A C(I)SO View on RSA 2017: “China Is Hiring in the US”

Two weeks ago, while visiting the yearly security gathering at the RSA Conference in San Francisco’s Moscone center complex (and adjacent hotels – it’s growing like mad), I was walking across the North and South Expo halls to check out some vendors (several I had appointments with, some by curiosity, and a few that were really new kids on the block)...
Blog

Let’s Talk About Security Skillsets and Cyber Certifications

One of the key challenges with what we now call cyber is the shortage of relevant technical cyber skills. This is directly linked to what would seem to be an inability to recognise or accept the real scale of the cyber threat, which is, of course, playing into the hands of the criminals and hackers who are harvesting millions in revenue as a result...