** UPDATED 2018 Blog Here: The Top 17 Information Security Conferences of 2018 ** 2017 is finally here. You know what that means: another information security conference season is upon us. We couldn't be more excited! Just like we did last year, we at The State of Security have assembled a list of the top 13 conferences in information security...

It's 2017, which means we're less than a year and a half out from the EU General Data Protection Regulation (GDPR) taking full effect. The European Commission has a lot to do in the meantime. One of its most pressing objectives is to adapt the current rules, which are enshrined in European Union's ePrivacy Directive, to the GDPR and thereby help...

Purple Teaming is gaining a lot of movement and popularity. Before delving deeper into some top tips for exercises, I thought I would re-iterate that “Purple Team” is essentially a buzzword for getting the most out of a pentest / red team exercise. There’s nothing complicated about it. Yes, it is a buzzword, but one that instantly helps everyone to...

There are a lot of great benefits to a connected car like the new Toyota Highlander: increased integration, a more comfortable driving experience and personalized controls, just to name a few. However, with increased computing power comes increased risk that hackers could take control of a car remotely, causing it to speed up, turn off, or turn...

Researchers believe the BlackEnergy group launched malware attacks against the Ukrainian financial sector in the second half of 2016. ESET malware researcher Anton Cherepanov says the malware attacks started off with spear-phishing emails. Attached to the messages were Microsoft Excel documents containing malicious macros as an initial infection...

IT professionals are instrumental to strengthening an organization's digital security. They must fulfill a variety of duties to work towards that end. One of their most important responsibilities is helping their company detect and respond to data breaches. But there's a problem. Most information security personnel are overconfident in their...

The fact that you're reading this blog means that you're probably familiar with the EU GDPR, the possible impact it may have on your business, and the consequences should you find yourself on the wrong side of non-compliance – especially if that non-compliance is highlighted as the result of a breach in which identifiable personal data is...

Compliance is a concern for every organization that handles customers' data. Unfortunately, it's not always easy for companies to meet the security requirements of frameworks like PCI DSS. Each organization faces technological and/or business constraints; factors which shape its security decisions and sometimes rule out the implementation of certain...

Women are eagerly needed in information security because we offer unique perspectives and there are so few of us. So far in this series, I interviewed Tiberius Hefflin, Tracy Maleef, Isly, Kat Sweet, and Jess Dodson--five different women from different parts of the English-speaking world and from different areas of IT. For my sixth and final interview...

Attackers are leveraging a new malware campaign – dubbed Gooligan ­­– to target Android devices and compromise users’ Google accounts, researchers unveiled on Thursday. To date, the attackers have gained access to more than 1.3 million Google accounts with an additional 13,000 devices being breached each day, according to cybersecurity firm Check...

"Do you buy, build, or partner for cyber security capability" This is a question a lot of MSPs and IT providers are looking a right now. It’s no secret that according to the CompTIA data (see below chart), the Cyber Security discussion with businesses will be a hot topic worldwide. Another...

On the cusp of 2017, one thing's clear: distributed denial-of-service (DDoS) attacks made their mark in 2016. Arbor Networks tracked 124,000 DDoS attacks each week between January 2015 and June 2016. Furthermore, 274 of the attacks observed in the first half of 2016 reached over 100 Gbps (as compared to 223 in all of 2015), while 46 attacks...

In my ongoing blog series “Hacker Mindset,” I explore an attacker's assumptions, methods and theories, including how information security professionals can apply this knowledge to increase cybervigilance on the systems and networks they steward. In this article, I examine attribution and its relation to information systems and crime. Methodology...

A malicious image file is distributing the Nemucod malware downloader to unsuspecting users via Facebook chat. Threat intelligence analyst Bart Blaze heard about the malware campaign from a friend. They told him they had received a message on Facebook chat that contained only a Scalable Vector Graphics (SVG) file, which is an XML-based vector image...

A few well-known UK brands have hit the headlines recently as a result of a breach or security issue. For instance, Tesco Bank announced 40,000 customer accounts were affected by a “sophisticated” attack. Half of those had money taken from them. As a result, Tesco Bank could incur a severe penalty imposed by regulators. That fee would be in addition...

Today's industrial control systems (ICS) face an array of digital threats. Two in particular stand out. On the one hand, digital attackers are increasingly targeting and succeeding in gaining unauthorized access to industrial organizations. Some actors use malware, while others resort to spear-phishing (or whaling) and other social engineering...

At some point in our lives, we have all experienced a time when we had something break, quit working, or at the very least not work the way we expected. After exhausting our personal skills in trying to figure out how to fix the problem, we end up calling the repairman – the expert that will help us get back on track. In the IT Ops and IT Security...

The webcam is a cherished tool of digital extortionists. With the help of a remote access trojan (RAT) like BlackShades or Dark Comet, a bad actor can "slave" a user's computer, assume control over their webcam, record the unknowing individual, and leverage that footage to get what they want from their victim. Those demands could consist of money,...

A perfect storm is definitely brewing. Severe and hazardous internet weather warnings have been out there for some time now, and last week’s DDoS downpour on Dyn, along with the escalating events leading up to it, may prove to be a mere shower compared to what is yet to come. Let’s start by considering another type of forecast, that of the projected...

We at The State of Security have explored all the ways people can strengthen their security online in acknowledgement of National Cyber Security Awareness Month (NCSAM) 2016. We kicked off the public awareness campaign by providing tips on how users can protect their passwords, as well as defend against ransomware and other common IT security...