Blog

Blog

How We Can Identify Promising Candidates for Open IT Security Positions

No one today is immune to the cybersecurity talent shortage. Whether you’re a company or individual, you feel the pain of a shortage of good IT security staff members. Companies feel the pain of trying to maintain an adequate staff, who need to be educated enough to maintain the company's environment and to avoid the risk of breaches and regulatory...
Blog

Epic Games' Forums Hacked...for the Second Time in a Year

American video game development company Epic Games has announced someone hacked its forums, making it twice in one year. On 22 August, the Cary-based organization disclosed the breach on its website: "We believe a recent Unreal Engine and Unreal Tournament forum compromise revealed email addresses and other data entered into the forums, but no...
Blog

Bringing Greater Information Security to the Automobile Industry

We are moving into an era of inter-connectivity with billions of devices, including a previously disconnected industry of automotive vehicles. Vehicles were not designed with computer security in mind, and that worked just fine for the last few decades. However, now we are at a point where we can take an "unhackable" 1997 Honda Civic and add in a...
Blog

Log Management: Understanding What Happened in a Security Event

Security configuration management (SCM) is central to an endpoint detection and response (EDR) strategy. It allows organizations to keep track of changes to their network devices, including those implemented by an unauthorized actor. As I discuss in another blog post, one of the most important features of an SCM program is the creation of a "secure...
Blog

Teen Walks Free After Launching DDoS Attack Against Australian Bank

A teenager received no prison time after launching a distributed denial-of-service (DDoS) attack against an Australian bank, among other targets. The 15-year-old boy, who by state law cannot have his name identified, admitted in court he had some fun and satisfied his curiosity when he DDoSed the online banking portal for the Commonwealth Bank of...
Blog

How to Torrent Safely and Legally

Torrenting is usually associated with copyright infringement. Online pirates use torrents to illegally download movies, video games, music, software, and much more. Even before Netflix banned the use of VPNs to watch movies and TV shows, many resorted to torrents to pirate video. But as authorities crack down on torrent trackers and users, demand...
Blog

‘Wicked’ Problems in Information Security

Incorporating security activities into the natural workflow of productive tasks makes it easier for people to adopt new technologies and ways of working, but it’s not necessarily enough to guarantee that you’ll be able to solve a particular security-usability issue. The reason for this is that such problems can be categorised as wicked. Rittel and...
Blog

Another Data Breach Notice, This Time from Eddie Bauer

Eddie Bauer LLC, which manages the Eddie Bauer clothing line, is just the latest company to issue a notice warning customers of a data breach. On 5 July, 2016, infosec journalist Brian Krebs reached out to Eddie Bauer. Sources had told him about a pattern of fraud with customers who had used their...
Blog

Cisco Confirms Two Exploits Found in Shadow Brokers' Data Dump

Cisco has confirmed the legitimacy of two exploits found in a data dump of code released by the Shadow Brokers hacker group. On 13 August, the mysterious hacking group announced an auction of files allegedly containing exploit code used by the Equation Group, a sophisticated threat actor which leverages unknown vulnerabilities in multiple vendor...
Blog

The Evolution of Hacking

Nowadays, the word “hacker” carries an overwhelmingly negative connotation, conjuring up images of digital thieves intent on stealing identities and letting disruptive viruses loose into cyberspace. It wasn’t always that way. In fact, computer hackers were originally viewed by society as technology enthusiasts who wanted nothing more than to...
Blog

DOE Awards $34M in Funding to Help Bolster Power Grid Security

The United States Department of Energy (DOE) has awarded $34 million in funding for projects aimed to protect the U.S. power grid against digital attacks. The 12 projects are still waiting congressional approval. If given the green light, they will proceed across nine states through the Energy Reliability’s Cybersecurity of Energy Delivery Systems ...
Blog

SCM: Balancing Security, Availability and Performance

An organization's computer network is never fixed. It is constantly changing. To illustrate, as a company continues to grow, it might adopt a different mission that requires the installation of new endpoints onto its network. Additionally, with the detection of new exposures, security teams will need to update all critical devices running the...
Blog

Silk Road Admin "Libertas" to Be Extradited to the United States

The High Court of Ireland has ordered the extradition of a former Silk Road site administrator named "Libertas" to the United States. Back in 2013, U.S. federal authorities put the kibosh on Silk Road, an underground web marketplace accessible only via the Tor anonymity network where members could purchase illegal drugs, fake IDs, and other stolen...
Blog

Security and Usability

Many employees find information security secondary to their normal day-to-day work, often leaving their organisation vulnerable to cyber attacks, particularly if they are stressed or tired. When users perform tasks that comply with their own mental models (i.e. the way that they view the world and how they expect it to work), the activities present...
Blog

Germany Readies Cyber Unit to Fight Terrorism on the Web

Germany has a message for terrorists who use the Internet to carry out their aims: "Your number is up." Thomas de Mazière On 11 August, Germany's federal interior minister Thomas de Mazière announced the creation of Zentrale Stelle für Informationstechnik im Sicherheitsbereich (ZITiS), or "Central...
Blog

The Key to Cyber Security May be A.I. Combined with Human Minds

Maintaining a secure company network can be a daunting task, and that’s putting it lightly. The number of cyber threats out there seem to be multiplying by the day, while the incidents of cyber attacks have become a common headline. Just ask Target or Sony about the damage that can come from infiltration by cyber criminals and hackers. And those...
Blog

Internet of Things – An Easy Life at a Much Expensive Price

Gone are the days when the only internet-connected devices we had were our phones and computers. With the passage of time, more and more home appliances and products are being added to the list of devices that are connected to the internet, or the so-called "Internet of Things" (IoT). The list includes but is not limited to smart thermostats,...
Blog

Why Phishing Works

This morning, I checked my email and immediately spotted something suspicious in my inbox. I easily identified this email as a phishing attempt. It contained sparse wording, a link to a file, and the implication that it was sent to me from a safe place “securefileshares.com” (sounds trustworthy to me!) that I had never heard of before. I immediately...