I’ve spent a lot of time in the depths of aging industrial power plants and the control houses of transmission substations. I’ve walked the aisles of countless steel cabinets taking inventory of the gear used to protect and control what’s been described as the most complex system on earth. Within these cabinets can be found a smattering of equipment...

As part of a three-part series on incorporating security into the container environment, I've talked all about containers and how to inject security into the pipeline. Let's now discuss tips on how to secure the container stack. What Do I Mean by "Stack"? What I’m calling the stack, in this case, refers to all of the layers or components involved...

November didn’t shape up to be revolutionary in terms of ransomware, but the shenanigans of cyber-extortionists continued to be a major concern. The reputation of the Hidden Tear PoC ransomware project hit another low as it spawned a bunch of new real-life spinoffs. The crooks who created the strain dubbed Ordinypt should be really ashamed of...

With more than 174 million Americans shopping over the Thanksgiving holiday weekend, it’s looking to be a busy holiday season for retailers this year. As shoppers continue hunting for the perfect gift over the next couple weeks, it’s important to remember that cyber criminals will likely be on the hunt as well. How prepared are retailers to deal...

Last time, I got to speak with Claudia Johnson. She's been in the tech industry for a long time, and she got into security the same way Brian Krebs did – by being attacked. Now I got to talk to Kristen Kozinski. She knows about secure code and web vulnerabilities. She also maintains a pretty nifty website for educating end users about security. Kim...

The holiday season is upon us, and nearly every day, my wife asks me what I want for Christmas. As a pop culture geek with interests in most fandoms, I have dozens of items that I could ask for, but the ultimate question is what do I really want to ask her to spend money on. In a perfect and very geeky world, I would likely come up with a method of...

Looking for a scalable solution and not sure what to ask? The best way to start off is to get an understanding of what scalability means because it can vary depending on the problem(s) that are trying to be solved, the company, and who you are talking to. According to Merriam-Webster, scalability is “capable of being easily expanded or upgraded on...

As we introduced in part 1 of this “word crimes” series, cybersecurity terminology is important. Cybersecurity, IT professionals and legal professionals routinely abuse the terms “policy” and “standard” as if these words were synonymous. In reality, these terms have quite different implications, and those differences should be kept in mind since the...

Black Friday is a big day for shoppers. In 2016, 154 million consumers shopped over Thanksgiving weekend and spent $9.36 billion, constituting a year-over-year increase of 16.4 percent. More than half of that money spent ($5.27 billion) occurred online. Building on those figures, Black Friday 2017 looks like it will be even bigger than in previous...

The Australian Broadcasting Corporation (ABC) leaked sensitive data online through a publicly accessibly Amazon Web Services (AWS) S3 bucket. Public search engine Censys indexed the misconfigured asset on 14 November during a regular security audit of the S3 environment. Researchers at the Kromtech security center don't know who might have accessed...

In the first part of this blog series, we discussed some core objectives, characteristics and principles of the GDPR, which is due to take effect on 25th May 2018. In this second article, we will discuss in greater depth some of the core IT security objectives relating to GDPR. The purpose of the GDPR is to establish directions to protect “natural...

Security researchers have discovered a new banking Trojan that is actively targeting U.S. financial institutions. Dubbed IcedID, the malware is believed to have emerged in the wild back in September 2017, when its first test campaigns were launched. According to IBM X-Force, IcedID was developed with “modular malicious code and modern capabilities”...

Security patches and updates leave companies at risk when they're running systems designated as end of life (EOL), such as .Net systems, Windows Server 2003, and Windows XP. When Microsoft releases an update or patch after the operating system (OS) is no longer supported, cybercriminals and malicious software develops dissect the update and reverse...

46.2 million mobile numbers have appeared online following a data breach that affected several Malaysian telecommunication companies. The incident involves 15 Malaysian telcos and mobile virtual network operators (MVNO). Included in the leak are customers' mobile numbers along with their personal and device information. Of note, those exposed...

Last time, I had the opportunity to speak with Carrie Roberts. She's a red team engineer at Walmart with lots of penetration testing experience. This time, I had the pleasure of speaking with Glenda Snodgrass. She's a founder and the president of The Net Effect, a cybersecurity services company that's based in Alabama. They must be doing something...

Halloween is upon us! It isn’t just a time for Steven King movies and trick-or-treating, but it's also a time to reflect back on some of our own horror stories in IT. To help celebrate Halloween, we have asked some folks from the security industry to share their scary security stories with us. We hope you enjoy. Feel free to share your own stories in...

On October 2-4, 2017, the Retail Cyber Intelligence Sharing Center (R-CISC) hosted Securing Retail 002, the second iteration of its annual summit first held in April 2016. Speakers from Microsoft, Target and other Fortune 500 companies shared their thoughts on the retail digital security landscape with attendees over the course of the two-day event....

Words have meaning. Cybersecurity and IT professionals routinely abuse the terms “policy” and “standard” as if they are synonymous. The same holds true for compliance terms since these terms tend to get thrown in the same bucket even though there are significant differences that should be kept in mind. Why Should You Care? Beyond just using...