Researchers have determined that those who stole approximately $81 million from the Bangladesh Bank most likely did so by hacking into SWIFT's client software. SWIFT, or the Society for Worldwide Interbank Financial Telecommunications, provides banks and other organizations with secure messaging services. According to its 2015 traffic, more than 11...

WhatsApp is an instant messaging service with well over one billion global users. To put it into perspective, one in seven people on the planet actively use this popular messaging app to send some 30 billion texts, voice messages and videos every single day. In 2014, WhatsApp was acquired by Facebook for $19.3 billion. It is now the most powerful...

A former Reuters journalist has been sentenced to two years in prison for helping to hack a multimedia corporation. Last October, a California jury found Matthew Keys, 28, guilty of one count of conspiracy to make changes to a corporate website, one count of transmitting malicious code, and one count of attempting to transmit malicious code for an...

There are roughly 200 requirements and sub-requirements in NERC CIP, and to satisfy each one requires performance-based compliance evidence that produces the comprehensive documentation that proves each requirement and sub-requirement was met for all activities that fall under it. That by itself is no mean feat. Of those 200 requirements, baseline...

Transport Layer Security (TLS) is the unsung champion and defender of all good citizens of the Internet. Rather like some invisible, altruistic Marvel superhero, it works tirelessly behind the scenes each and every day helping to protect the things we need and like to do online. Along with its now atrophied predecessor Secure Sockets Layer (SSL), it...

I’ve been following the FBI vs. Apple case, and now that it seems it's tentatively over, I find myself keeping up with the conversations around who won and who lost. In my opinion, the software industry should strive to provide the strongest possible protections for users' individual privacy and security. Apple has done just that – so well, in fact,...

It’s been a month since Hollywood Presbyterian Medical Center joined the ranks of Premera Blue Cross, Anthem, CareFirst BCBS, and a considerable number of other healthcare institutions that have experienced recent hacks where personal patient data might have been exposed. While it may have played out like the plot of a bad "cyber"-thriller movie,...

Early February is when Red River College puts on its Directions conference, which I attended twice as a student. The purpose of this conference is to connect students and businesses and to assist the former in the transition from student to professional. This year, I had the privilege to speak about my journey of starting out with little experience...

What is SCM? Well, let’s start with what it stands for. Generally, it represents "Security Configuration Management," but it is also referred to as "Secure Configuration Management." Both are equally acceptable and mean the same thing. SCM exists at the point where IT Security and IT Operations meet. It’s a software-based solution that aims to...

Last weekend, I was doing some work around the house and needed a flashlight. I cursed having to get up and get one from the closet when my daughter said, "Use the flashlight app, Dad." Then we discovered that my Android phone doesn't have a built-in light. This, of course, led me to look for an app and spend much more time than getting off my lazy...

A typo helped prevent a group of hackers from successfully stealing one billion dollars during a bank heist that occurred last month. In the heist, a group of attackers infiltrated Bangladesh Bank's systems and made off with the credentials necessary for making payment transfers, reports Reuters. ...

Security Configuration Management (SCM) exists where IT security and IT operations meet. It has evolved over the years from a ‘nice to have’ to a ‘must-have.’ The last line of defence is on the endpoint, as network intrusion detection becomes less effective and as the attacks become more sophisticated. One area where a good SCM solution should...

Security breaches, also known as a safety violation, occur when a person or application illegally enters a confidential IT border. This could result in the hacking of unauthorized data, services, networks and applications that are highly critical. Breaches can also cause bankruptcy and destroy a company’s reputation, which is why most businesses...

Social engineering is perhaps the most dangerous vector of attack available to hackers. Social engineering could be a phone call made by an attacker to extract data; an email phishing attack that is composed to look like a legitimate request to gain sensitive information; or a physical intrusion into the building by someone claiming false credentials....

Unless you’ve been living out in the remotest frontier of some Data Protection Wild West, you will no doubt be aware that a ‘supervisory authority’ Sheriff will soon be riding into town, clutching a lengthy new scroll of law and order in the form of the General Data Protection Regulation (GDPR). ICYMI or simply passed over it as not particularly...

Even if you are not a developer, you should be familiar with GitHub. If you are not familiar, then consider this blog post your introduction. GitHub is a large cloud-based software repository that uses the git protocol. Creating a GitHub account is painless and free for anyone who is interested. You don’t even need to supply a valid email address to...

Fuzz testing is one of the most powerful tools in the bug hunter’s toolset. At a basic level, fuzzing is the art of repeatedly processing crafted test inputs while checking for ill-effects, such as memory corruptions or information disclosures. One of the main advantages of fuzz testing is that it works 24x7 without a break and with no need for...

Developers today recognize the importance of secure software development. Indeed, security was one of the key topics at this month's DeveloperWeek conference in San Francisco. This level of focus should be applauded. At the same time, however, we must recognize that planning for secure software development is not the same thing as implementing it. In...

Cisco has patched a 'critical' buffer overflow vulnerability affecting the Internet Key Exchange (IKE) implementation in Cisco ASA. On Wednesday, the multinational technology company published a security advisory for CVE-2016-1287. First discovered and reported by researchers at Exodus Intelligence, the vulnerability could lead to a complete...

Security researchers have identified a new phishing scam that is targeting customers of the popular accommodation booking site Airbnb. Christopher Boyd, a malware intelligence analyst at Malwarebytes, says he recently discovered an email phishing campaign impersonating the company and redirecting users to a fake Airbnb login page in an attempt to...