Last time, I had the opportunity to speak with Carrie Roberts. She's a red team engineer at Walmart with lots of penetration testing experience. This time, I had the pleasure of speaking with Glenda Snodgrass. She's a founder and the president of The Net Effect, a cybersecurity services company that's based in Alabama. They must be doing something...

Halloween is upon us! It isn’t just a time for Steven King movies and trick-or-treating, but it's also a time to reflect back on some of our own horror stories in IT. To help celebrate Halloween, we have asked some folks from the security industry to share their scary security stories with us. We hope you enjoy. Feel free to share your own stories in...

On October 2-4, 2017, the Retail Cyber Intelligence Sharing Center (R-CISC) hosted Securing Retail 002, the second iteration of its annual summit first held in April 2016. Speakers from Microsoft, Target and other Fortune 500 companies shared their thoughts on the retail digital security landscape with attendees over the course of the two-day event....

Words have meaning. Cybersecurity and IT professionals routinely abuse the terms “policy” and “standard” as if they are synonymous. The same holds true for compliance terms since these terms tend to get thrown in the same bucket even though there are significant differences that should be kept in mind. Why Should You Care? Beyond just using...

In 2014, the FBI warned that healthcare systems, including medical devices, were at an increased risk of cyber-attacks due to the unfortunate coupling of poor cybersecurity practices in the healthcare industry with patient health information (PHI) that commands high value on the dark web. This warning has largely been realized. The cost and frequency...

Continuing the discussion around the skills gap our industry is facing, I’m excited to share our final set of results from the Tripwire skills gap survey. My previous post highlighted the need for technical skills. But as this next set of findings indicates, soft skills in cybersecurity are not be overlooked. Every single participant in our survey...

If you've read a security blog anytime in the last year, you haven't escaped mention of the dreaded skills gap for cybersecurity professionals. There seems to be consensus that it's getting harder to hire skilled security staff, though the reason for that is up for debate – some say we're just going about it the wrong way, while others claim it is an...

Last week, a hacking gang abused the SWIFT banking network to steal $60 million after planting malware on a Taiwanese bank's servers. The Far Eastern International Bank has confirmed that malware had been found on it computer systems, affecting PCs and servers, as well as its SWIFT terminal. SWIFT (the Society for Worldwide Interbank Financial...

Last time, I spoke with Kim Wong, a woman who recently acquired a cybersecurity role in Britain's financial services industry. This time, I'm honored to speak with Keren Elazari. Not only has she given TED talks but also founded BSidesTLV in Tel Aviv, Israel. We had a wonderful chat! Kimberly Crawley: Please tell me a bit about what you do. KE: I'm...

In 2016, I shared just a few of the exciting presentations planned for the Retail Cyber Intelligence Sharing Center's (R-CISC) inaugural Retail Cyber Intelligence Summit. The event brought together CISOs and their IT security teams from the retail and consumer services industries in North American. For two days, these notable attendees shared best...

Ask healthcare IT professionals where the sensitive data resides, and most will inevitably direct your attention to a hardened server or database with large amounts of protected health information (PHI). Fortunately, there is likely nothing wrong with the data at that point in its lifetime. But how did those bits and bytes of healthcare data get to...

In today’s rapid technological evolution, information from particular sources can be easily accessed, copied and shared out to a larger audience. If an organization fails to complete its basic role of being a guardian of the confidential business information within the company, it could convey unfavorable effects for business’ stability and...

A new variant of the BankBot malware family is exclusively targeting Google Play in a bid to steal Android users' credit card details. Infection begins when an unsuspecting user downloads Jewels Star Classic, a mobile game created by a developer named "GameDevTony." Upon successful installation, the app's malicious functionality waits 20 minutes...

Last week, I spoke with Candy Alexander. An attack by the famous Kevin Mitnick started her cybersecurity career! This time, I had the pleasure of interviewing Kim Wong. She recently started in a cybersecurity role in the UK's financial services industry. Kim Crawley: Tell me a bit about what you do. Kim Wong: I’m a security analyst in the cyber...

The Security Exchange Commission (SEC) announced on Wednesday that its EDGAR database was compromised in 2016. This database stores non-public information on businesses, such as quarterly earnings, and statements on merger and acquisition dealings. According to the agency, the compromise was due to a software vulnerability being exploited on its...

A threat actor known as APT33 is actively targeting organizations in the aerospace and energy sectors with spear phishing campaigns. Between mid-2016 and early 2017, the suspected Iranian digital espionage group attacked a U.S. organization in the aerospace sector, a Saudi Arabian conglomerate with aviation holdings, and a South Korean company known...

While false detections should be eliminated as much as possible, these are an inherent part of any vulnerability assessment tool. Possible reasons for false detections include rapid changes in vendor-specific patches/updates, zero-day vulnerabilities, access restrictions, and network glitches. The goal is to have the fewest vulnerabilities detected in...

New families of trojans continue to prosper on the Android platform as malicious hackers increasingly target mobile users in their attempt to steal login credentials and personal information. The most recent warning of Android malware relates to a new banking trojan called Red Alert 2.0 that has managed to infiltrate a number of third-party app...

UPDATED 19/9/17 to correct the fact that US Info Search never sold any data to Ngo Equifax made headlines on September 7, 2017, when it announced its discovery of a data breach earlier in the year. In the security incident, computer criminals leveraged a "U.S. website application vulnerability" to view some of the consumer credit reporting agency's...

"Cloud computing" is not a buzz phrase anymore, but it is essential for most businesses looking to achieve sound business continuity alternatives combined with a comprehensive security model. Cloud Computing What is cloud computing, and what does it do? Very simply, for the end-user, a cloud computing experience is no different than using a...