Cybersecurity has always been a significant challenge for businesses, mostly due to the increasing financial and reputational cost of data breaches. As a result, there has been a consistent rise in tactics and technologies used to combat these threats. These methods fulfill the need for better, smarter ways to augment enterprise-level security and...

Cloud computing is an integral part of most businesses globally. Technology has transformed the way businesses operate and thrive in the industry. However, the cloud industry has been facing huge challenges when it comes to complying with various data protection and data privacy standards. With the enforcement of the General Data Protection...

The Biden Administration published a new executive order (EO) to strengthen the digital security of U.S. federal government networks. Published on May 12 by The White House, the executive order covered much of what many media outlets reported would appear in the draft. This included the issue of supply chain security. For example, the EO stated...

Ofwat, the water services regulator for England and Wales, has revealed that it has received over 20,000 spam and phishing emails so far this year. The Water Services Regulation Authority (better known as Ofwat) which is the government department responsible for regulating the privatised water and sewage industry in England and Wales, said it...

Over the weekend, the Alpharetta-based Colonial Pipeline was hit by an extensive ransomware attack that shut down its information technology (IT) and industrial operational technology (OT) systems. Simply put, an all-too-common ransomware event targeting IT systems encouraged a voluntary shutdown on the production side (OT) of the business to...

I am very excited to share that I will be offering my Ghidra training course at Black Hat USA 2021. As an online event, this is the perfect opportunity for Black Hat caliber training without hotel and airfare costs. Registration for "A Beginner’s Guide to Reversing with Ghidra "on July 31 and August 1 2021 is now available via the Black Hat web site...

For most internet users, there's not much of a perceivable difference between the domain name they want to visit and the server that the domain queries. That's because the Domain Name System (DNS) protocol does a good job of seamlessly routing users to different IP addresses that are all associated with a single domain name. The bad news is that...

Tripwire's April 2021 Patch Priority Index (PPI) brings together important vulnerabilities from Google Chrome and Microsoft.First on the patch priority list this month are patches for insufficient input validation vulnerabilities in Google Chrome (Chromium). Exploits for these vulnerabilities have been recently added to the Metasploit Exploit...

The US Defense Department and third-party military contractors are being advised to strengthen the security of their operational technology (OT) in the wake of security breaches, such as the SolarWinds supply chain attack. The guidance comes from the NSA, which this week has issued a cybersecurity advisory entitled "Stop Malicious Cyber Activity...

The Biden administration said it’s drafting an executive order to help the United States government better defend itself against digital supply chain attacks. A Step Up for Federal Procurement According to NPR, the executive order that’s being drafted will include several initiatives designed to strengthen the security of the United States’...

In December 2020, the world discovered that the SolarWinds' Orion Platform had been compromised by cybercriminals, potentially affecting thousands of businesses the world over. Security groups such as the National Cyber Security Centre (NCSC) provided advice and guidance to security teams and IT companies on what actions they should take to minimize...

Whilst employment has taken a downward curve over the last year or so, there are a variety of approaches I use when applying for a role to help my CV stand out. One key point is knowing what the job entails before submitting my cover letter and CV. This allows me to tailor my message effectively. Additionally, it enables me to find positions that I...

When an unfortunate event occurs, people tend to be curious about who was responsible for the event. It can be interesting and helpful to know who your enemy is and what their motives might be. But in cybersecurity, the primary focus is ultimately on preventative and detective measures to avoid similar issues. Let’s use a recent example to illustrate...

In this episode, Curtis Dukes, executive vice president and general manager of the Center for Internet Security (CIS), explains the need for their Community Defense Model. He also details their process for designing their models as a non-profit organization. https://open.spotify.com/episode/2d6L3efAWhvAyu3qT0jcVb?si=b012c0db7ac74dd0 Spotify:...

On December 16, Prime Minister Justin Trudeau released mandate letters tasking his ministers of national defense, foreign affairs, public safety, and industry to develop a new “National Cyber Security Strategy.” He specifically highlighted the need for the strategy to “articulate Canada’s long-term strategy to protect our national security and...

Due to urbanization, which involves a complex set of economic, demographic, social, cultural, technological, and environmental processes, governments are developing smart cities to address some of the challenges unique to urban areas. This development occurs through the transmission of data using wireless technology and the cloud. Smart cities are...

IT environments have always been considered the forefront when it comes to cybersecurity, and OT environments have been the forefront when it comes to physical security. As more and more cyber threats are taking place, and with an increasing number recently focused on OT environments, everyone seems to be concerned with how to upscale and secure...

The cybersecurity market offers excellent solutions and services to combat the threats that are exploited by cybercriminals. However, are these tools enough to fully protect an organization? It is clear that human error is a strong attack vector for many popular cybercrimes, so the best way to augment any security program is to create a cyber-aware...

This blog contains a discussion about stress, trauma, and domestic violence. This may be difficult for some readers, and given the alarming figures around Post-Traumatic Stress Disorder (PTSD), trauma, and early life experiences (ACEs), this will likely concern at least a small population of readers. Please take care of yourself when reading this...

The United States Department of Homeland Security (DHS) is inviting security researchers to uncover vulnerabilities and hack into its systems, in an attempt to better protect itself from malicious attacks. The DHS says that it is launching the "Hack DHS" bug bounty program to "identify potential cybersecurity vulnerabilities within certain DHS...