One of the world's leading wire and cable manufacturers, Leoni AG, has been swindled out of a jaw-dropping 40 million Euros (approximately US $44 million) after it was targeted by an email scammer. As Softpedia reports, a young woman working in the finance department of Leoni's factory in Bistrita, Romania, received an email in mid-August claiming...

Demonstrating to employees that security is there to make their life easier, not harder, is the first step in developing a sound security culture. But before we discuss the actual steps to improve it, let’s first understand the root causes of a poor security culture. Security professionals must understand that bad habits and behaviours tend to be...

The Government Savings Bank (GSB) of Thailand shut down nearly half of its ATMs following a malware attack that cost it 12 million baht, or about $378,000. On 23 August, GSB shut down approximately 47 percent of its ATM network when it disabled service to approximately 3,300 of its 7,000 machines....

A teenager received no prison time after launching a distributed denial-of-service (DDoS) attack against an Australian bank, among other targets. The 15-year-old boy, who by state law cannot have his name identified, admitted in court he had some fun and satisfied his curiosity when he DDoSed the online banking portal for the Commonwealth Bank of...

Industrial control system (ICS) security is a growing concern for organizations around the world. On the one hand, research suggests that vulnerabilities and exposures are increasingly jeopardizing the security of ICS assets. In their report Overload: Critical Lessons from 15 Years of ICS Vulnerabilities, the FireEye iSIGHT threat intelligence team...

An organization's computer network is never fixed. It is constantly changing. To illustrate, as a company continues to grow, it might adopt a different mission that requires the installation of new endpoints onto its network. Additionally, with the detection of new exposures, security teams will need to update all critical devices running the...

A federal grand jury has charged a man with selling access to bank customers' stolen account logins on a dark web marketplace. On 22 July, 2016, U.S. Magistrate Judge Janet F. King charged Aaron James Glende, 35, of Winona, Minnesota with bank fraud, access device fraud, and aggravated identity theft after the man allegedly advertised criminal...

The timing could not have been better. Or worse. On the one hand, the massive leak of the so-called Panama Papers earlier this year shone a bright light on the scope of the issues financial institutions grapple with daily to combat money laundering activity and comply with complex, global regulations. On the other, it is likely that more than a few...

Industrial Control Systems (ICS) are the technology workhorses responsible for powering the electric grid and utilities, water treatment plants, oil and gas production, food and beverage manufacturing, and transportation systems, among many others. Our society relies on these systems more than we know to keep life running smoothly. ...

There is never a dull moment for compliance and security. Case in point, amidst a brewing storm of regulation, version 3.2 of the Payment Card Industry Data Security Standards (PCI DSS) announced in late spring articulates good data security intent along with controversy. PCI has been around since 2006, and aims to protect payment data for consumers...

First, security professionals should understand that people’s resources are limited. Moreover, people tend to struggle with making effective decisions when they are tired. To test the validity of this argument, psychologists designed an experiment in which they divided participants into two groups. The first group was asked to memorise a two-digit...

It was just after 6pm on December 23, 2013, and Lennon Ray Brown, a computer engineer at the Citibank Regents Campus in Irving, Texas, was out for revenge. Earlier in the day, Brown - who was responsible for the bank's IT systems - had attended a work performance review with his supervisor. It hadn't gone well. Brown was now a ticking time bomb...

I’m working with a couple of organizations faced with NIST 800-171 compliance. The first is a small manufacturing company doing business with a prime contractor. The second is a tribal business unit with federal contracts. Both must be compliant by December 2017 or risk losing their federal business. From what I can tell, neither organization was...

According to new guidelines issued by the United States Department of Health and Human Services (HHS), ransomware incidents in HIPAA regulated organizations are now classified as a data breach. HIPAA is the Health Insurance Portability and Accountability Act, that must be followed by any health care provider who transmits health information in...

In the first and second part of this series, we introduced the risks of the IoT / IoE world and addressed the mandatory security design considerations around the C-I-A triplet; the concepts of “openness;” the secure system and SDLC; the 4 “A”s; as well as the term “non-repudiation.” To continue with our overview, we will describe the important...

Breaches involving stolen credentials don’t surprise anyone these days. Those of us in infosec know too well that it’s a thousand times easier for the bad guys to gain access to a network and fly under the radar with a stolen login—often obtained through social engineering—than it is to get through cyber defenses. From the bad actors’ perspective, why...

It has been eight months since the Court of Justice for the European Union struck down the 15-year-old Safe Harbor arrangement between the EU and US. At the time, there was a good deal of consternation over the future of EU-US data exchange and just how businesses would continue to operate. Despite several fits and starts, parties on both sides of...

In May 2016, the Federal Bureau of Investigations issued an alert warning hospitals, state and local governments, law enforcement, small businesses, and individuals to be on the lookout for a rise in ransomware attacks. The FBI acknowledges in its letter that in the absence of data backups, victims of a ransomware attack have no option but to pay...

Organized cybercrime is a business just like any other legitimate business; they want to have low-risk and efficient operations in order to maximize their profits. The main caveat for criminals is that pesky problem of getting caught and spending the rest of your life in jail. Data is the currency of the 21st century – historically, cyber criminals...

The Internet as we know it is only possible thanks to cryptography and specifically TLS (formerly known as SSL). Without this crucial technology providing a means for private online communications, e-commerce would quite simply not be a thing, and the Internet would likely be little more than a world-wide party line for sharing bad jokes. Despite...