We’ve all been warned – no matter what we do online, somebody is out there watching. It might be to gather information for marketing purposes. The exposure of personal information to the wrong party, however, is a real concern. All of our emails, photos, passwords, addresses, credit card numbers, and social media messages are out there for someone...

On September 20, 2016, the Mirai botnet temporarily brought down Brian Krebs' information security blog KrebsonSecurity.com. It did so by launching a distributed denial-of-service (DDoS) campaign, the attack traffic of which peaked at approximately 620 Gbps in size – one of the largest DDoS offensives the Internet has ever seen. A week or two later,...

Organizations around the world are taking a more innovative approach to managing threats in today’s digital era, reveals the 19th annual Global State of Information Security Survey (GSISS). This year’s study – produced by PwC in conjunction with CIO and CSO – includes the responses of more than 10,000 business and IT security executives from over...

Some people hate the red team. They think of them as the adversary, and at the extreme, people worry that their jobs are on the line. If any holes are found, network defenders worry it could be a mark on their competency. However, this should not be the case. Although it does not come across this way initially, the red team is leveraged to help the...

The chief of the International Atomic Energy Agency (IAEA) has confirmed a targeted attack caused "some disruption" at a nuclear power plant. Yukiya Amano, director of the IAEA, said the attack was not destructive, a term which some have used to describe the 2014 Sony hack because actors destroyed corporate data and denied employees access to some...

We at The State of Security kicked off National Cyber Security Awareness Month (NCSAM) 2016 with a review of how companies can defend against common IT security threats. In one guide, we discussed how organizations can leverage their people, processes and technologies to protect against the likes of phishing and other risks. We then crafted...

As most of you already know, October is National Cyber Security Awareness Month (NCSAM). The aim of NCSAM is to raise awareness across the international community about cyber threats, discuss best practices, and educate the public and private sector on how to stay safe online. Cyber Security is promoted extensively during this month, and many events...

Security experts have been warning companies and policymakers that systems protecting power utilities and other critical infrastructure are vulnerable to cyber attacks. Those intrusions could produce widespread damage, if they proved to be successful. In fact, as reported by Dark Reading, the Industrial Control Systems Cyber Emergency Response Team ...

You know you’ve got them. Employees with nearly unfettered access to every nook and cranny of your organization’s network, devices and servers. While often a necessity in the digital age, privileged users represent a huge cybersecurity risk that you should not overlook. Employees who hold the “keys to the kingdom” are an appealing target for hackers...

Since 2003, the Department of Homeland Security (DHS) has designated October as National Cyber Security Awareness Month (NCSAM). Each week of NCSAM carries its own theme that is meant to help users stay safe online. To help promote those topics, the DHS partners with public and private entities. Together, they create resources, hold special events...

Cybersecurity has become a board level discussion, and worries about cybersecurity breaches are part of what keeps C-suite execs and BOD members up at night. So much so that many organizations have started to adopt the mentality that they’ve likely been breached already and they just don’t know it yet. It’s what’s known as the “assume breach”...

James Bond always orders his martini prepared a special way: “Shaken, not stirred.” Being a teetotaler, I have always wondered what would happen if Bond – James Bond – was served a stirred martini. Would he be able to tell? Many of the more notable drink masters in the infosec community could probably educate me about the subtle differences between...

Signing up with a social media site is fun, but it's not without its risks. Scammers prowl about LinkedIn, Twitter, Facebook and other social networking platforms looking for ways to trick users into doing something they wouldn't ordinarily do. Usually, these fraudsters are after their targets' profiles, money, or computer files. But some want...

We all know that cybercrime is increasing and likely to jump from a $75 billion problem last year to a $170 billion problem in 2020. Most will argue that this out of control spiral is unavoidable. It’s just the nature of the game. We will always be one step behind – that much is true. At the rate we are traveling, though, we are slipping behind by...

I remember when I first learned about some of the powerful spy satellites orbiting the earth. Some of the rumors stated the cameras on these machines were so accurate that they could read a car license plate from space. The idea that such technology existed back then was amazing. Now, some of the newer satellites are putting those early spy rumors...

A federal court has sentenced the man behind the 'Guccifer' moniker to four years in prison for hacking a number of high-profile targets. On 1 September, U.S. District Judge James C. Cacheris handed down a sentence of 52 months in prison to Marcel Lehel Lazar, 44, of Arad, Romania. According to a statement released by the U.S. Department of Justice,...

One of the world's leading wire and cable manufacturers, Leoni AG, has been swindled out of a jaw-dropping 40 million Euros (approximately US $44 million) after it was targeted by an email scammer. As Softpedia reports, a young woman working in the finance department of Leoni's factory in Bistrita, Romania, received an email in mid-August claiming...

Demonstrating to employees that security is there to make their life easier, not harder, is the first step in developing a sound security culture. But before we discuss the actual steps to improve it, let’s first understand the root causes of a poor security culture. Security professionals must understand that bad habits and behaviours tend to be...

The Government Savings Bank (GSB) of Thailand shut down nearly half of its ATMs following a malware attack that cost it 12 million baht, or about $378,000. On 23 August, GSB shut down approximately 47 percent of its ATM network when it disabled service to approximately 3,300 of its 7,000 machines....

A teenager received no prison time after launching a distributed denial-of-service (DDoS) attack against an Australian bank, among other targets. The 15-year-old boy, who by state law cannot have his name identified, admitted in court he had some fun and satisfied his curiosity when he DDoSed the online banking portal for the Commonwealth Bank of...