It is becoming more and more evident that cybersecurity is one of the focal points regarding security risks in the twenty-first century for all organisations. It is understandable that almost every organisation which has access to any kind of computing devices will be at risk and will probably experience harmful cyber incidents. Hackers, whether...

There is no silver bullet in security awareness. What I mean by that is there is not a right or wrong way to teach people about cyber security. Just like any other type of education, you must surround yourself with it. You cannot expect to show a once-a-year "death by Powerpoint" presentation and have your staff become cyber experts. This is...

Mobile devices are rapidly becoming the primary need of any user. Ease of use, portability, user-friendly GUI, robust computing, a wide variety of applications... all of these features makes a mobile device much more compelling than a normal computer. However, mobile phones are becoming more of a security concern, and organizations need to consider...

With the 2016 Olympic Games opening on August 5, hundreds of thousands of tourists will soon be traveling to Rio de Janeiro, Brazil. Although major international events like the Summer Olympics boost tourism and economic transactions, they also present lucrative opportunities for cybercriminals. Rio visitors and Olympic travelers alike have been...

When it comes to the Internet of Things and security, it seems individuals and organizations keep making the same fatal mistakes – over and over again – because we continuously see it as a technology problem. It’s not. It’s a business strategy failure. Whether it’s insecure hospital devices, hackable power grids, or lethal connected cars, the same...

It was just after 6pm on December 23, 2013, and Lennon Ray Brown, a computer engineer at the Citibank Regents Campus in Irving, Texas, was out for revenge. Earlier in the day, Brown - who was responsible for the bank's IT systems - had attended a work performance review with his supervisor. It hadn't gone well. Brown was now a ticking time bomb...

I’m working with a couple of organizations faced with NIST 800-171 compliance. The first is a small manufacturing company doing business with a prime contractor. The second is a tribal business unit with federal contracts. Both must be compliant by December 2017 or risk losing their federal business. From what I can tell, neither organization was...

TiaraCon started with a group of women having lunch in the foodcourt at Def Con last year. It was an oasis in the midst of testosterone. We bonded over shared experiences, both good and bad, of being women in a field that is unquestionably male-dominated. We really enjoyed the opportunity to come together, since many of us are “the only woman” in...

In my ongoing blog series “Hacker Mindset,” I’ll explore an attacker's assumptions, methods and theory, including how information security professionals can apply this knowledge to increase cyber-vigilance on the systems and networks they steward. In this article, I share my thoughts on NetWars – a live interactive Capture the Flag training exercise...

There is a deeper, hidden world all around us, but most of the population remains oblivious to it. An alien technology called exotic matter has broken through a dimensional barrier and leaks into our world through millions of pinprick-sized holes. This exotic matter subtly influences human creativity. Centered around the locations where this matter...

Come get your hands dirty with embedded device hacks during my DEF CON 24 workshop. Brainwashing Embedded Systems will be held in Las Vegas Ballroom 3 on Saturday, August 6, from 10AM - 2PM. This workshop is a condensed version of the full-day training offered at the 2016 AusCERT and SecTor conferences. During the workshop, you will learn about the...

Working for a security services vendor provides me the opportunity to work with a variety of cool tools in our quest to develop new and innovative security services. The most recent project I was deeply involved in is the development of a DNS security service called SecureSurf. The foundational goal of the design of this service was to provide a...

Digital attackers are constantly looking for ways to infiltrate organizations' IT environments. One of the easiest modes of entry is for an actor to exploit a weakness in an endpoint, a network node which according to Dark Reading remains "the most attractive and soft soft target for cyber criminals and cyber espionage actors to get inside." Under...

The majority of employees within an organisation are hired to execute specific jobs, such as marketing, managing projects, manufacturing goods and overseeing financial investments. Their main – sometimes only – priority is to efficiently complete their core business activity, so information security is usually only a secondary consideration....

According to new guidelines issued by the United States Department of Health and Human Services (HHS), ransomware incidents in HIPAA regulated organizations are now classified as a data breach. HIPAA is the Health Insurance Portability and Accountability Act, that must be followed by any health care provider who transmits health information in...

In June 2016, researchers at Sucuri Security tracked a distributed denial-of-service (DDoS) attack against one its customers. The campaign consisted of a layer 7 attack (HTTP Flood) that generated 50,000 requests per second (RPS) for several days. Such intensity is not by itself unusual. What made this campaign stand out, however, was the attackers'...

A teenager who launched distributed denial-of-service (DDoS) attacks against government websites and the SeaWorld theme park has received no prison time for his crimes. According to prosecutors, the teenager from Plymouth in Devon conducted a three-month attack spree from late-2014 to early-2015. During that time, the teen--who was 14 years old at...

At Infosecurity Europe 2016, Tripwire conducted a two-part survey involving 400 security professionals in attendance at the conference. In the first part, Tripwire requested that respondents reflect on the evolving ransomware threat. 93 percent of security professionals said crypto-malware attacks will continue to escalate, while 56 percent of...

I am a penetration tester by trade. What does that mean I do in my day-to-day? Well, that depends on whom you ask, as it is open to interpretation. Penetration testing means different things to different people. What it meant a decade ago is different from what it means today, and that will be different from what it means a decade from now. So,...

A new report from the Office for National Statistics (ONS) states that cybercrime is on the raise in England and Wales. According to the report, adults aged 16 and over experienced an estimated 5.8 million incidents in the past 12 months, with 3.8 million of those classified as fraud and another 2 million as computer misuse incidents. Regarding...