Why UBA Will Catch the Zero-Day Ransomware Attacks (That Endpoint Protection Can’t)


Ransomware attacks have become a major security threat. It feels like each week a new variant is announced –Ransom32, 7ev3n. This malware may even be involved in the next big breach. New variants such as Chimera threaten to not just ransom your data, but also leak it online if you don’t pay up. These cyber […]

Continue Reading →

TIL: They should have called it DHCPDOS


Most mornings, you wake up and think you at least have a semblance of what your day will be like. But if someone tells you that you now have to worry about your DHCP server messing up your network, you might want to just go back to bed and stay there. If you haven’t yet […]

Continue Reading →

Building a Security Culture


In addition to demonstrating quick wins so that your CEO will take data security seriously, you should also be planning for the long term by building strong security awareness within your organization. When the FTC held a webcast on “Building a Security Culture,” I was very curious to hear what tips they had to share. […]

Continue Reading →

Lessons from the Malware Museum


If you haven’t already seen Mikko Hypponen’s collection of vintage malware at the Internet Archive, take the time for a brief tour. If you’re on a lunch hour, it’s also worthwhile to hear Mikko’s talk on how malware has evolved from its primitive roots.

Continue Reading →

Today I Learned: There are some things you REALLY don’t want in bulk


Everybody knows that you can have too much of a good thing: high impact yoga, deep water yodeling, reading TIL posts while unicycling, or any hobby where you’re required to “shuck” things. But what if you take an ordinary bad thing and raise it to the power of awful! In other words, you ratchet up […]

Continue Reading →

New Updates to the CIS Critical Security Controls

If you haven’t already heard, the Top 20 Critical Security Controls has a new name. Last year, after the Center for Internet Security(CIS) integrated with the Council on Cybersecurity, the controls are now referred to as the (CIS) Critical Security Controls. In addition to a new name, these controls have also been reordered to address current […]

Continue Reading →

Lawyers, Files, and Money


After two days of being around attorneys, judges, and legal technologists, I saw a few legal truths very close up. I had always heard from my lawyer friends about billable hours, but it’s clear from LegalTech that it’s almost the prime directive for law firms. So if you tell a partner why she should encrypt […]

Continue Reading →

Bring your Geek to Court

geek to work

It’s LegalTech week. That’s the annual gathering in NYC where attorneys, corporate counsels, and IT people meet to discuss ediscovery, predictive coding, and whether it’s safe to delete a file. My first morning session was a keynote panel discussion that featured five federal judges. It was fascinating to hear these legal eagles discuss a wide […]

Continue Reading →

Identity Theft Complaint? Tell the FTC!


Hackers steal information about you, and unfortunately it’s often months later that the company realizes there’s been a breach. But in the meantime, identity thieves use your PII to open new credit card accounts, file false tax returns, or commit medical insurance fraud, as well as make fraudulent charges on existing credit card accounts. Like […]

Continue Reading →

7ev3n Demands a Whopping 13 Bitcoins to Decrypt Your Data


7ev3n is a new ransomware that encrypts your data and demands 13 bitcoins – or approximately $5,000USD – to decrypt your files. It’s the largest ransom we’ve seen to date for ransomware. 7ev3n not only encrypts your files, it also modifies your computer’s system settings so that your keyboard and system recovery options are disabled. […]

Continue Reading →