Are Wikileaks and ransomware the precursors to mass extortion?

pexels-photo-1

Despite Julian Assange’s promise not to let Wikileaks’ “radical transparency” hurt innocent people, an investigation found that the whistleblowing site has published hundreds of sensitive records belonging to ordinary citizens, including medical files of rape victims and sick children. The idea of having all your secrets exposed, as an individual or a business, can be […]

Continue Reading →

The Enemy Within: A Free Security Training Course by Troy Hunt

the-enemy-within-standard

It takes a very long time to discover a threat on your network according to the Verizon DBIR: Which is mind-boggling given the most devastating breaches often start with an insider—either an employee or an attacker that gets inside using an insider’s credentials. Target, OPM, Panama Papers, Wikileaks. The list goes on and on. The […]

Continue Reading →

Yahoo Breach: Pros react to massive breach impacting hundreds of millions of users

Yahoo has confirmed a data breach affecting at least 500 million users in the latest mega breach to make headlines. Here’s what some infosec pros had to say about it. If Yahoo waited ~2mo to inform Verizon of the breach, that says interesting things about the acquisition negotiations during that period. — Jeremiah Grossman (@jeremiahg) September […]

Continue Reading →

Why the OPM Breach Report is a call-to-action for CSOs to embrace data-centric security

The Committee on Oversight and Government Reform released a fascinating 231-page report detailing the how and why behind the epic breach at the United States Office of Personnel Management. Richard Spires, the former CIO of the IRS and DHS, remarked on OPM’s failure to take a data-centric approach to information security: “[I]f I had walked […]

Continue Reading →

Protecting Bridget Jones’s Baby

miramax__120329094238

In the wake of the Sony Pictures breach, studios are getting much smarter when it comes to data protection. A shining example is Miramax, a global film and television studio best known for its award-winning and original content such as 2016’s Bridget Jones’s Baby with Universal Pictures and Studio Canal. Read the full case study ⟶ Miramax was […]

Continue Reading →

The Best Ransomware Defense: Limiting File Access

pexels-photo-90099

If ransomware lands on your machine, but can’t find your files, are you really infected? This isn’t a philosophical thought experiment, I promise.  Let me explain. Keeping data off your endpoints A common paradigm in IT for many years has been to keep user data on network drives–departmental shares, home folders, etc. Not only do network […]

Continue Reading →

21 Free Tools Every SysAdmin Should Know

pexels-photo-29596-large

Knowing the right tool to the right job is something that can save you hours of extra work and tedium. We’ve compiled a list of of some of the best general purpose sysadmin tools for troubleshooting, testing, communicating and fixing the systems that you need to keep running. WireShark http://www.wireshark.org/ Wireshark is the world’s foremost […]

Continue Reading →

Email security in the wake of #DNCLeaks

DatAlert

Back in December, our #1 prediction for 2016 was that the U.S. Presidential campaign would be impacted by a cyber attack. And here we are. Watching the fallout from #DNCLeaks it’s evident just how devastating email breaches can be. For many organizations email is the most sensitive asset they have, yet monitoring for anomalous access […]

Continue Reading →

The Difference Between Active Directory and LDAP

Active Directory (AD) is a directory service made by Microsoft. It provides all sorts of functionality like authentication, group and user management, policy administration and more. LDAP is a way of speaking to Active Directory. LDAP, which stands for Lightweight Directory Access Protocol, is a means for querying items in any directory service that supports […]

Continue Reading →

Football player hacked live during NFL draft

Experts had Laremy Tunsil flagged as one of the top prospects in Thursday night’s NFL draft. But shortly before the opening pick, something disturbing happened. An incriminating video tweeted from Tunsil’s own verified Twitter account showed the Ole Miss star smoking a “marijuana-like substance” from a gas mask. It quickly became clear that Tunsil’s account […]

Continue Reading →

The DROWN Attack

pexels-photo

First Heartbleed, then Poodle, now DROWN. Yet another SSL vulnerability. Here’s what you need to know. With DROWN, a rather significant portion of the web (mail servers, VPNs, etc.) are open to an attack that, while tricky to execute, can decrypt a securely encrypted TLS connection. Researchers estimate more than 3.5 million HTTPS servers are […]

Continue Reading →