The idea of crowdfunding to raise enough money to buy NSA-linked hacking tools from the Shadow Brokers is picking up steam and making some people steam. The price tag for getting hold of stolen Equation Group hacking tools is 100 Zcash. When I started the article about the Shadow Brokers revealing details about its June
The WannaCry outbreak has been troubling in many regards – exposing flaws, and opening doors to much finger-pointing and blaming that have gone well beyond the handling and disclosure of nation-state cyber weapon stockpiling. The attackers likely had a good idea of how quickly and widely the attack would spread, evidenced by the fact that
This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe. Anyone who has spent any amount of time trying to secure their organization’s endpoints or network would not be surprised to learn that phishing is now the #1 delivery vehicle for malware and ransomware. According to Mandiant, phishing was used
The Shadow Brokers revealed pricing and other details about its monthly dump service which kicks off in June. Subscribers of the dump of the month club will not be shelling out bitcoins, but a different cryptocurrency: 100 (ZEC) Zcash. At the time of publishing, 100 Zcash was equal to $23,251. Over the weekend, the Shadow
Another common misconception is that if a device is working on default configuration, then that is enough. For example, setting up an IP camera on the network without first changing the default password. FACT: This default configuration poses a significant threat by exposing the device to attacks from other unsecured devices. Failing to change the
Penetration testing was much like taking a battering ram to the door of the fortress. Keep pounding away and maybe find a secret backdoor to enter through. But what happens if pieces of the network are outside of the fortress? With the flurry of Internet of Things devices, is it harder to conduct a pen
One year from today, the recently passed regulation known as “GDPR” (General Data Protection Regulation) goes into effect. While EU-specific, it can still dramatically affect how businesses that work with personal data of citizens and residents of the EU. GDPR was approved a year ago and will be going into effect in another year. It
Deploying password quality checking on your Debian-base Linux servers can help to ensure that your users assign reasonable passwords on their accounts, but the settings themselves can be a bit misleading. For example, setting a minimum password length of 12 characters does not mean that your users’ passwords will all have twelve or more characters.
Network traffic analysis should be used more in the fight against malware. That’s because pointers show up on the network “weeks and even months” in advance of new malicious software being uncovered, scientists from the Georgia Institute of Technology explain in an article on the school’s website. The researchers, who have been studying historic network
If your website, in common with roughly 25% of all websites, is running WordPress then it’s pretty much certain that it’s being constantly attacked. WordPress is to hackers what raw meat is to jackals because unless sites are assiduously maintained, they quickly become vulnerable to a huge number of exploits. The root cause of this
