Blog

Blog

Customers' Personal Data Stolen in JD Wetherspoon Hack

Approximately 657,000 customers have had their personal information compromised in a hack against UK pub chain JD Wetherspoon. According to The Guardian, the names, dates of birth, email addresses, and mobile phone numbers of 656,723 customers were affected by the incident, which is believed to have occurred between June 15 and June 17 of this year...
Blog

Argentina – Where Hacking Is a Way of Life

This summer, a hacker known as "PhineasFisher" infiltrated the private Italian spyware firm Hacking Team, exfiltrated approximately 400GB of data from the company's servers and subsequently published the compromised information online via a torrent. One of the most stirring revelations from the leaks was the FBI's purchase of a "Remote Control...
Blog

WebEx Android App Users Told to Update ASAP, Due to Risk of Attack

There are often (quite rightly) concerns raised about operating system vulnerabilities on smartphones, and the need for users to patch their devices with the latest software. But the truth is that probably a bigger risk to the typical mobile user are the actual apps that they choose to run on them. Have they been coded reliably, are they taking...
Blog

5 Key Challenges for the Industrial Internet of Things (IIoT)

The Internet of Things (IoT) is one of the most significant trends in technology today. A melding of innovations in the fields of computing and communication, IoT and its "smart" devices are poised to revolutionize not only user-machine interaction but also the way in which machines engage with one another. Already we are beginning to see the...
Blog

China Blamed for Hack into Australia's Bureau of Meteorology

China has been accused of conducting a "massive" hack against a supercomputer owned by Australia's Bureau of Meteorology (BoM). Source: Security Affairs The BoM supercomputer is the largest of its kind in Australia and passes information to several different agencies, including the Department of...
Blog

Unnecessary Risks: Vulnerabilities in ICS Devices

The NERC Critical Infrastructure Protection standards are the most effective tools for securing the electrical supply today. If you think that's a controversial statement, let me explain why I make it. Cybersecurity in the context of the electrical supply is synonymous with reliability. The cyber-risks to electric utilities are ultimately risks to...
Blog

Threat Intelligence Fundamentals

With so many disparate offerings and so much pressure to be ‘conducting’ threat intelligence, companies today risk investing a lot of time and money with little positive effect on security. Threat intelligence is the process of moving topics from ‘unknown’ to ‘known unknowns’ by discovering the existence of threats within your environment and moving...
Blog

Scope of FBI's National Security Letters Revealed by Lifted Gag Order

The scope of the FBI's national security letters (NSL) has been revealed by a lifted gag order on a man who fought against compliance for 11 years. On Monday, the United States District Court - Southern District of New York permitted the filing of a NSL received by Nicholas Merrill, founder of Calyx Internet Access, back in 2004. He has refused to...
Blog

The Three Principles of a Secure System

I recently attended a conference for security professionals at which a number of experienced (sounds better than seasoned) CISOs and SOs were presenting their insights into the challenges of cyber attacks and cyber crime faced by their organisations. Almost without exclusion, each presenter used the term CIA when discussing methodologies and...
Blog

Europol Takes Down 1,000 Websites Selling Counterfeit Goods

Europol, the European Union’s law enforcement agency, has seized nearly 1,000 websites illegally selling counterfeit merchandise to online consumers, authorities reported. In a press release, the agency said its international operation – known as In-Our-Sites (IOS) VI – tackled the sale of counterfeit...
Blog

The Industrial Internet of Things: Fueling a New Industrial Revolution

A transformative event is occurring where countless industrial devices, both old and new, are beginning to use Internet Protocol communication technologies. We refer to these collections of IP-enabled industrial devices and associated networks as the Industrial Internet of Things (IIoT). The Industrial IoT is at the very core of disruptive visions,...
Blog

Open Source Router Updates Its Own Security, Analyzes Network Traffic

This open source, crowdfunded router boasts a unique set of features, including the ability to update its own security and analyze the traffic between the Internet and the host network. Based on the Latin word for "tower", the Turris Omnia router is open source and runs OpenWrt, a free operating system that not only provides Omnia's users with the...
Blog

‘Tis the Season for Cyber Crime: 6 Tips for Safe Online Holiday Shopping

Cyber Monday is the heaviest online shopping day in the United States, with last year’s sales exceeding $2 billion within 24 hours. Unfortunately, for bargain-hungry consumers, the holiday shopping season is also a bonanza for cyber criminals. The huge uptick in website traffic means more potential targets, making the holiday season the perfect time...
Blog

MagSpoof Device Can Wirelessly Emulate Magnetic Stripes, Credit Cards

A security researcher has developed a device called MagSpoof that can emulate any magnetic stripe or credit card wirelessly. Hacker Samy Kamkar first came up with the idea shortly after he lost his American Express card last August. At that time, he noticed a pattern in his replacement card's last four digits when compared to those of his previous...
Blog

My SecTor Story: Root Shell on the Belkin WeMo Switch

*Updated 12/7/2015 – NOTE: The WeMo attack vector described in this article was resolved with WeMo firmware release 2.00.8643. Customers are encouraged to install the latest update immediately. There were many activities hosted at SecTor 2015. My favorite activity was the Internet of Things Hack Lab sponsored by Tripwire. The term Internet of...
Blog

How to Make Risk More Tangible for your Board

You know that cybersecurity risks exist for your company; so does your board. They know cybersecurity is a business issue, and they also know they need to be concerned about what it means to their business. But more often than not, the board doesn’t have a concrete understanding of how they can actually help. In a recent paper, Top 5 Tips for...