You May Already Know Your Next Hacker

Over the last couple of weeks I’ve seen a pattern of companies frustrating an individual to the point where the person gives up trying to communicate with the company and hacks them in a major way instead. I guess you could call it Revenge Hacking. In each case, the company was communicating with the person in an above-board manner.

> Read More

Doom-Playing Canon Printer Raises Security Concerns About IoT

If you can hack a wireless printer to play one of the most famous videogames of all time, what else can you do with it?

And if printer hardware can be reprogrammed by hackers to perform functions far beyond its intended use, what does it say about other the other devices that make up “the internet of things”?

> Read More

PayPal left red-faced after more security holes found in two factor authentication

Just over a month ago, security researchers revealed that one of PayPal’s primary mechanisms to protect accounts from hackers had been fundamentally flawed for years.

Researchers at Duo Security discovered a method of bypassing the two-factor authentication (2FA) technology used by the site, which is supposed to protect your account should your PayPal username and password fall into the hands of online criminals.

> Read More

7 Out of Top 10 Internet of Things Devices Riddled With Vulnerabilities

It has become the trendy thing to connect more and more household and office devices to the internet. It is becoming increasingly common to find yourself typing a WiFI password not just into your smartphone, but also your smoke alarm, your fridge, your printer, your baby monitor and maybe even your car.


> Read More

Security Tips for Football World Cup Fans

The FIFA World Cup has kicked off in Brazil, with fans travelling to the country from around the globe in the hope that their country’s football team will make it to the grand final.

But if you’re travelling (whether it be to South America watch the world’s greatest soccer tournament, or a couple of days away on a business trip) what precautions should you take to stay safe online?

> Read More

People Are Your Last Line of Defense

The increasing numbers of attacks profiled in news reports over the last several months demonstrate that we live in an unsecure world.  The Target breach in particular shows how important a complete cyber security program is to an enterprise network environment.  Target’s security systems generated events from the attack, but the events were not followed up on

> Read More

Who Does China Blame for a Third of All Cyber Attacks Against It? The USA

A few years ago, in what we call the BS era (“Before Snowden”), there were frequent accusations levelled against China for attempting to hack into foreign country’s computer systems and steal information.

And, to be fair, there was often good reason to suspect that some attacks were conducted with the endorsement of the Beijing authorities.

> Read More

Employ a Targeted Defense Against Targeted Threats

In my last post, I discussed the reality of APT hitting unsuspecting organizations with a predictable pattern. Study after study indicates people are being hit by malicious hackers and the attack goes on for months before anyone is any the wiser. If they ever know.

Some very large companies, with hundreds of business units and locations,

> Read More

The Predictable Pattern of APTs

It used to be that only large, Fortune 500-sized businesses had to worry about targeted threats, or APTs. Today, it’s a whole new ballgame. Sophisticated, malicious hackers use focused resources for small- and medium-sized companies too. Everyone is a target and your risk is multiplied if you do business with important partners and business associates who have valuable intellectual property.

> Read More

NIST Releases Preliminary Cybersecurity Framework for Critical Infrastructure

In February, President Obama signed an Executive Order that called for increased cyber-threat information sharing between government and private companies who oversee our country’s critical infrastructure. The goal was to break down the barriers that cause privately-managed critical infrastructure companies to work independently of the government groups that could create a repository of intel on trending cyber attacks.

> Read More

Social Media: the Bad Guys’ Perfect Playground

October marks the 10th anniversary of National Cyber Security Awareness Month, a public education campaign spearheaded by our colleagues at the National Cyber Security Alliance. It’s somewhat disheartening to consider the lack of progress made in cyber security over the last 10 years; cyber criminals continue to wreak havoc stealing personal identities, corporate IP, and even national secrets.

> Read More

Advice for the Incoming DHS Secretary

A few weeks after retiring Department of Homeland Security Secretary Janet Napolitano gave a farewell speech, we are still unclear on her replacement unfortuntely. In that departure speech, Napolitano advised her successor “You will need a large bottle of Advil.” Given the DHS Secretary is responsible for dealing with everything from natural disasters to terrorists attacks,

> Read More