Lessons from the Malware Museum


If you haven’t already seen Mikko Hypponen’s collection of vintage malware at the Internet Archive, take the time for a brief tour. If you’re on a lunch hour, it’s also worthwhile to hear Mikko’s talk on how malware has evolved from its primitive roots.

Continue Reading →

Lawyers, Files, and Money


After two days of being around attorneys, judges, and legal technologists, I saw a few legal truths very close up. I had always heard from my lawyer friends about billable hours, but it’s clear from LegalTech that it’s almost the prime directive for law firms. So if you tell a partner why she should encrypt […]

Continue Reading →

Identity Theft Complaint? Tell the FTC!


Hackers steal information about you, and unfortunately it’s often months later that the company realizes there’s been a breach. But in the meantime, identity thieves use your PII to open new credit card accounts, file false tax returns, or commit medical insurance fraud, as well as make fraudulent charges on existing credit card accounts. Like […]

Continue Reading →

Celebrating Privacy Day [INFOGRAPHIC]


Data Privacy Day is an “effort held annually on Jan. 28 to create awareness about the importance of privacy and protecting personal information.” That’s a concept we approve of! Of, course, there are many ways to create privacy awareness. You could, for example, go over to your IT department to ask why data and privacy […]

Continue Reading →

Poll: Users Cause IT the Most Pain


We know you’re all curious about the results of our IT Pain Point poll from December. The numbers are in, and we now can say the top three sources of extreme distress for IT people. The answers are: users (24%), tech hype (18%) and, in a tie for third place, management and money (7%). You […]

Continue Reading →

And Hotels Have WiFi Issues Too!


I would like to say that hotel data security problems just end at compromised PoS systems. Unfortunately, the headlines tell another story. Last year, researchers at a security firm discovered a serious vulnerability in a router commonly used by hotels. The researchers noted that one of the processes running on some models of an InnGate […]

Continue Reading →

The Hotel Industry Has a PoS Malware Problem


Am I the only one finding the recent upsurge in hotel data breaches troubling at some primal level? You’re in a vulnerable position as a traveler, and you want to believe the suite you’ve booked is your castle. And a secure one – doors often have multiple locks, rooms have those teeny safes for storing […]

Continue Reading →

The EU General Data Protection Regulation Is Now Law. Here’s What You Need to Know.

eu map

You are back in the office after the long holiday break and busy catching up. Did you miss the story about the EU’s General Data Protection Regulation (GDPR) receiving final approval?  Some are calling it a “milestone of the digital age”. We’ve been following the GDPR on the blog over the last two years. If […]

Continue Reading →

Varonis Six Part Guide to Penetration Testing


Our sprawling pen-testing series has taken on a life of its own!  For your convenience and blog reading pleasure, we’ve assembled all the links to this six-part series below. Read consecutively, or since they’re mostly self-contained posts, skip ahead to the topics that appeal to you. Part 1: Risky Business Part 2: Rats! Part 3: […]

Continue Reading →

Penetration Testing Explained, Part VI: Passing the Hash


We’re now at a point in this series where we’ve exhausted all our standard tricks to steal credentials — guessing passwords, or brute force attacks on the hash itself.  What’s left is a clever idea called passing the hash or PtH that simply reuses a password credential without having to access the plaintext. Mimikatz Remember […]

Continue Reading →