Based on the past year, one thing that is certain to be on every company’s mind is security. Among the various concerns associated with security, perhaps the most important is how much it costs to effectively secure your company data in the age of large-scale cyberattacks and breaches. According to Accenture’s 2017 “Cost of Cybercrime” report, the...

You can now read the 2019 edition here! With 2017 now in the rear-view mirror, the security industry is turning its attention to 2018. The new year will no doubt present its fair share of challenging digital security threats. So too will it present numerous opportunities for infosec professionals to discuss shared difficulties at conferences and...

If this first week is any indication, 2018 could mark a significant paradigm shift in trusted computing and open source hardware. Chip makers have been very effective in making enhancements to greatly improve application performance, but the revelation of Spectre and Meltdown makes it clear that more attention needs to be paid to hardware level...

The main challenge for industrial control systems is that the processes that control those systems are connected to critical infrastructure such as power, water, gas, and transport. This means they require high availability, and it is not easy to interrupt those systems to apply security updates. Effects of any downtime means that it can affect...

Ransomware is a problem on the rise, a simple threat with some very large business implications. Statistics show it has reached new levels of menace, and it's growing at a remarkable rate: 6000% in 2016, an IBM study found, and a triple-digit increase into 2018. Although a very real and present danger (as shown by some very high profile infections...

The damage done to a business's reputation and the long-term financial consequences of a data breach are never a concern that should be treated lightly. While extending an existing database into the cloud can allow users to access sensitive files and information with far greater ease, failing to address potential security concerns or underlying...

It seems like everyday you see a new report about a massive data leak caused by someone accidentally exposing files stored in AWS S3 Buckets to everyone on the Internet. Many may remember Verizon’s infamous snafu that leaked data records for six million of their customers due to a misconfiguration in their S3 buckets. Since then, there have also been...

No-one responsible for computer security should forget what happened in October 2016. The Mirai botnet launched an attack on the internet, the scale of which had never been seen before. By unleashing a massive distributed denial-of-service (DDoS) attack on DNS service company Dyn, Mirai managed to knock out significant chunks of the internet -...

Compliance with NERC regulations begin with defining your organization’s policies, promoting them in the workplace, and reinforcing positive efforts. A key takeaway to transforming your compliance philosophy into a culture of compliance is by standardizing processes to meet requirements and engaging everyone to participate. Success begins with an...

A new ransom-based email scam campaign is demanding that all recipients either meet the sender's demands and pay up or die. On 11 December, Spiceworks user Dave Lass shared the campaign with other members of the professional IT industry network. The scam doesn't waste any time in attempting to frighten the recipient. It begins with the subject line ...

Vulnerability Description A team of researchers, including Tripwire VERT’s Craig Young has announced that TLS stacks from at least 8 different vendors are vulnerable to a well-known 19-year-old protocol flaw. The problem is that these implementations allow an attacker to identify whether or not a chosen ciphertext has proper PKCS#1 v1.5 padding...

Last time, I had a chat with Kristen Kozinski. She's an expert on web development security, and she also has a pretty cool website for end user security education called Don't Click on That. This time, I have a very special interview with Jelena Milosevic. She's a nurse who has made it her mission to educate people about the cybersecurity problems...

I’ve spent a lot of time in the depths of aging industrial power plants and the control houses of transmission substations. I’ve walked the aisles of countless steel cabinets taking inventory of the gear used to protect and control what’s been described as the most complex system on earth. Within these cabinets can be found a smattering of equipment...

As part of a three-part series on incorporating security into the container environment, I've talked all about containers and how to inject security into the pipeline. Let's now discuss tips on how to secure the container stack. What Do I Mean by "Stack"? What I’m calling the stack, in this case, refers to all of the layers or components involved...

November didn’t shape up to be revolutionary in terms of ransomware, but the shenanigans of cyber-extortionists continued to be a major concern. The reputation of the Hidden Tear PoC ransomware project hit another low as it spawned a bunch of new real-life spinoffs. The crooks who created the strain dubbed Ordinypt should be really ashamed of...

With more than 174 million Americans shopping over the Thanksgiving holiday weekend, it’s looking to be a busy holiday season for retailers this year. As shoppers continue hunting for the perfect gift over the next couple weeks, it’s important to remember that cyber criminals will likely be on the hunt as well. How prepared are retailers to deal...

Last time, I got to speak with Claudia Johnson. She's been in the tech industry for a long time, and she got into security the same way Brian Krebs did – by being attacked. Now I got to talk to Kristen Kozinski. She knows about secure code and web vulnerabilities. She also maintains a pretty nifty website for educating end users about security. Kim...