Blog

Blog

It’s All About the People – A Lesson Learned from A Security Summit

Earlier in June, I attended the Gartner Security Summit in National Harbor Maryland, where I had a chance speak to many great CISOs and security experts. Together, we shared and learned a lot of information. The conference focused on seven key principles that are integral to building trust and resilience: Business Outcomes Facilitator Detect &...
Blog

My Time at Cisco Live 2015

Looking back now, it’s all a bit of a blur but what a wild ride it’s been! https://twitter.com/5683Monkey/status/608293161455206400 It was early spring 2015. I was fully immersed in the Cisco Networking Academy program at Red River College. As I spent my days deep in technology running my own small MSP, the future possibilities seemed endless as...
Blog

Industrial Control Systems (ICS): Next Frontier for Cyber Attacks?

It’s safe to say that cybersecurity is a common issue for all industries. But what is the cybersecurity state of affairs for Industrial Control Systems (ICS), and why should we care? ICS monitor and control industrial and physical infrastructure processes that are crucial for industries like manufacturing, transportation, energy, oil and gas, and...
Blog

Intrigued by a Career in Infosec? Ask an Expert

On a day-to-day basis, we hear about new digital security threats that are growing in frequency and in sophistication. Responding to this ever-increasing number of challenges makes a career in information security challenging. But it's not all bad. Infosec is also profoundly rewarding to the extent that security personnel help protect businesses',...
Blog

RAA Ransomware Written Entirely in JScript

Researchers have spotted a new crypto-ransomware called "RAA" that is written entirely in the JScript scripting language. Originally detected by security researchers Benkow and JamesWT, RAA is distributed to users as an attached JS file. When a user clicks on the attachment, the file displays what appears to be a corrupted Word document, which allows...
Blog

The Trouble with Web Conferences

We sold our house and moved to an apartment in January, waiting for our new home to get built. Cleaning up the house for a move is a big chore, and one of my tasks for a weekend before the sale was cleaning up a big pile of post-it notes left in a box. I chanced upon a post-it note with a 1-888 number that was an AT&T teleconferencing line. I had...
Blog

Securing Applications During Development: The Ins and Outs of Open Source Static Code Analysis Tools

Just as having a larger family inevitably results in more children forgotten at swim practice, the bigger your software project, the harder it becomes to find every bug, security vulnerability and logic flaw. In-house enterprise developer teams can become overwhelmed by the number of branches in a project and bugs can go unnoticed until the worst...
Blog

"Spam King" Receives Jail Time for Spamming Facebook Users

Just as every king ascends the throne, so too must they in time forfeit their rule. That fateful day came on Monday for Sanford "Spam King" Wallace, 47, of Las Vegas, who was sentenced to two and a half years in prison as a result of his spamming activities against Facebook users. According to a statement published by the U.S. Attorney's Office in...
Blog

Business Email Compromise Scams Have Cost Victims $3B, Reports FBI

Companies have handed over more than three billion dollars to fraudsters as a result of business email compromise (BEC) scams, reports the FBI. In a public service announcement published on Tuesday, the FBI warns companies of a growth of BEC scams, sophisticated ploys where fraudsters attempt to use social engineering techniques such as phishing or...
Blog

Man Charged with Economic Espionage for Stealing Source Code

Our story begins when Xu Jiaqiang, 29, decided to resign from his employer. Xu began working as a developer for a United States company in November 2010. During that time, he enjoyed access to the company's proprietary software, a clustered file system which enhanced computer performance by coordinating tasks across multiple servers. The developer...
Blog

So, Just Why Is 18atcskd2w Such a Popular Password?

Users of popular online forums are being advised to change their passwords following the leak of some 45 million credentials. As LeakedSource reports, millions of user credentials from over 1,100 websites and communities - including techsupportforum.com, autoguide.com, petsguide.com and motorcycle.com - have been exposed after parent company...
Blog

411 Million Photos Available to FBI via Facial Recognition System

The FBI can draw on upwards of 411 million photos as part of a facial recognition system to identify potential criminal suspects. The Government Accountability Office (GAO) explains in a report (PDF) that a facial recognition service, which is known as the Next Generation Identification-Interstate Photo System (NGI-IPS), became fully operational in...
Blog

Insider Threats Often Overlooked by Security Experts

In today’s world, where technology is becoming an ever greater part of our everyday lives, it appears we aren’t quite keeping up with it. Believe it or not, we still tend to underestimate the importance of cyber security, as a recent survey by Soha System’s Third Party Advisory Group has shown. According to the survey, less than two percent of IT...
Blog

Expert Tips on How Password Hygiene Can Protect Your Accounts

In May 2016, security researchers discovered millions of user accounts from social networking sites like LinkedIn, MySpace and Tumblr for sale on the dark web. The victims' personal data came from multiple data breaches that are believed to have taken place between 2011 and 2013. Together, the breaches exposed over 642 million passwords. This could...
Blog

Russian Hackers Infiltrated DNC, Steal Research on Donald Trump

Hackers associated with the Russian government infiltrated the Democratic National Convention's computer network and stole opposition research on Republican presidential nominee Donald Trump. The DNC said no financial, donor, or personal information was compromised in the breach, reports The Washington Post. Instead the intrusion appears to be a...
Blog

VERT Threat Alert: June 2016 Patch Tuesday Analysis

Today’s VERT Alert addresses 16 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-675 on Wednesday, June 15th. Ease of Use (published exploits) to Risk Table Automated Exploit Easy ...
Blog

Developer Shares Tips on How to Nab Facebook Bug Bounty Rewards

Back in 2011, Facebook launched its bug bounty program in an effort to provide recognition and compensation to security researchers for practicing responsible disclosure. The program is not bound by a maximum bounty reward. Instead, it awards monetary rewards based on the severity of each disclosed vulnerability, with $500 USD serving as the minimum...