Author: nlqip
There’s a lot of hype surrounding cryptocurrencies, but what’s good for currency traders may not be great for security-minded professionals. Source link lol
Read MoreOrganizations often overlook the many ways in which their own systems put useful information right into the hands of attackers building cyber scams. Source link lol
Read MoreSeveral surveys talk about CISO salaries and job prospects, but we felt that the industry as a whole needed to fully understand what goes into the day-to-day job of a CISO. F5 and research firm Ponemon teamed to survey CISOs to draw as complete a picture as we could on the modern security executive. In…
Read MoreLast week, our esteemed colleague David Holmes answered the board’s question “Are we doing anything with bitcoin?” by slamming the door on a technological trend that is not only underway but is rapidly expanding. (Heck, bitcoin itself is “old news” now.) Still, it should be on every CISO’s brain. Even if CISOs don’t need to talk to…
Read MoreTrickbot Rapidly Expands its Targets in August, Shifting Focus to US Banks and Credit Card Companies
- by nlqip
Figure 13: Top TrickBot C&C hosting networks by ASN owner, geo, and count Conclusion The analyzed configurations initially saw TrickBot shift away from the Nordic countries and into France, Spain, the US, and the UK; it appeared for a time that the targeting of this malware was becoming more focused on fewer countries and more…
Read MorePhishing for Information, Part 5: How Attackers Pull It All Together, and How You Can Fight Back
- by nlqip
If you missed parts 1, 2, 3, and 4 of this blog series, it’s probably worth visiting these links to understand why phishing scams are becoming so rampant. Information about individuals and corporations is readily available and easy to find on the Internet, making it easy for attackers to pull phishing schemes together—and with great success. None of the bits…
Read MoreCybercrime in general—and most recently, crime perpetrated using IoT devices—has become a serious problem. Legislatures around the world have struggled to write laws to rein things in. The problem has been that governments have issued cybersecurity laws that are either too burdensome or ineffective. We’ve seen various breach disclosure acts designed to “name and shame”…
Read MoreThis year, it seems like you can hardly turn around without bumping into some commentary on a breach. There’s expert analysis on every blog. The trade press eats up controversy stirred up by responses. Twitter trends. My inbox fills up with quotes and offers to hear more about the breach. It’s all bad news, so…
Read MoreFrom these 49 breaches, it is apparent that the “Information” industry is the most vulnerable by more than double of any other industry. By nature, the “Information” industry has massive amounts of data available to be harvested for resale and other malicious use, as opposed to the relatively small amount of data or high-dollar information…
Read MoreFigure 1: Bug types across valid submissions shows a decline in low value bug types such as clickjacking, and steady submissions in XSS and mobile bugs. XSS, SQLi, and CSRF are among the OWASP “Top Ten”, with reams of documentation, tutorials, code samples, and tools capable of discovering these bugs before applications are introduced to the wild. One…
Read MoreRecent Posts
- Security plugin flaw in millions of WordPress sites gives admin access
- Phishing emails increasingly use SVG attachments to evade detection
- Fake AI video generators infect Windows, macOS with infostealers
- T-Mobile confirms it was hacked in recent wave of telecom breaches
- GitHub projects targeted with malicious commits to frame researcher