Blog

Blog

Dropbox Addresses Security Concerns for New Initiative's Kernel Access

Dropbox has responded to security concerns regarding one of its new technology's abilities to obtain kernel access. Back in April, the secure file sharing and storage service announced "Project Infinite," an initiative which will help revolutionize the way Dropbox interfaces with a user's computer. Dropbox software engineer Damien Deville provides...
Blog

Google Announces Plans to Help Kill Off Passwords on Android Devices

Google has announced plans that will help kill off the need for passwords on Android mobile devices. During his Friday talk at Google I/O, an annual software developer conference, Daniel Kaufman of the tech giant's Advanced Technology and Projects (ATAP) division revealed the upcoming roll-out of Trust API. Instead of relying on passwords, Trust API...
Blog

Overlooking the Value of Your Pawns

Instead of imagining myself as a chess piece, I prefer to try and look at the chess board as a whole and see where the biggest perceived vulnerabilities or weakness lie. Most organisations could be seen as being modelled the same ‘in terms of staff ratio’ to a chess board. Usually, there is only 1 king (CEO), and then the rest of the chess pieces...
Blog

DMA Locker's Latest Updates Improve Ransomware's Maturity

The malware authors behind DMA Locker have outfitted the ransomware with numerous updates that advance its maturity. Malwarebytes researcher Hasherezade explains in a blog post that she first detected the crypto-malware variant back in January of this year. DMA Locker's first iterations were easily decryptable. Additionally, they could work offline,...
Blog

Financial Services: A Positive Shift in Cyber Security Posture

There is some promising news regarding the state of cyber security among financial services organizations. As an industry, risk-averse financial services companies are investing more in cyber security, with a security spending increase of 14 percent. This heightened focus on security might explain why organizations working in financial services...
Blog

Hacker Confessions: Stuck in the MUD

In my last blog post, I covered old school hacking from the mid to late 90s, where my experience delved into the realm of hacking for information sharing purposes only. Remember—I never hacked for malicious purposes, but tended to hang more with my local group of like-hackers, where curiosity was always the primary motivator behind breaking into...
Blog

Hacking Team Hacker Steals $11K, Donates It to Rojava Plan

A hacker responsible for the Hacking Team leaks stole approximately US$11,000 in Bitcoin and donated it to an ecological initiative in Syria known as the Rojava Plan. The hacker, who claimed responsibility last June for a data heist against the Italian spyware firm Hacking Team, announced his donation on Twitter in early May. https://twitter.com...
Blog

Researcher Finds XSS Bug in Google By Accident

A security researcher recently discovered a cross-site scripting (XSS) vulnerability in Google by accident. Patrik Fehrenbach explains in a blog post that he came across the flaw after deciding to take advantage of Google Cloud Console's 60-day free trial and test for XSS bugs. XSS flaws come in two types. A bug is 'reflected' if the payload...
Blog

117 million LinkedIn email addresses and passwords put up for sale

The LinkedIn hack of 2012 just got a whole lot worse. If you recall, in 2012 LinkedIn reset users' passwords after hackers broke into the network, stole a database of password hashes, and posted some 6.5 million account credentials on a Russian password forum. LinkedIn was left humbled by the security breach, which revealed that they had not used a...
Blog

Cybersecurity Automation and Orchestration: Next Generation Solutions to Today’s Big Cyber Problems

Very quietly, in 2011, the US Department of Homeland Services published a paper entitled "Enabling Distributed Security in Cyberspace," a paper that was then way ahead of its time. The paper "explores the idea of a healthy, resilient – and fundamentally more secure – cyber ecosystem of the future, in which cyber participants, including cyber devices...
Blog

How EDR Can Complement Your Organization's Security Policies

Information security is more than just checking a box. It also includes security awareness, a feature I discussed in my previous article on endpoint detection and response (EDR) which is just as important as the tools, technologies and other solutions an organization uses to strengthen its digital security. To make a difference, security awareness...
Blog

Breach at Nulled.io Hacker Forum Exposes Over 500K Registered Users

A popular underground hacker forum used by cybercriminals to trade and purchase leaked data, stolen credentials and software cracks was recently breached. According to Risk Based Security, hackers leaked a 1.3GB compressed archive containing a massive 9.45GB database file with the details of more than 536,000 Nulled.io user accounts, including...