Category: Kamban
Over the past 11 years, I’ve done hundreds of audits for organizations of all sizes around the world. I specialize in audits for SSAE 16/18 (SOC1 and SOC2),1 Sarbanes Oxley,2 and PCI DSS.3 I’ve seen a lot of audit failures, and there are some common themes to them from which other companies can learn. My work…
Read MoreSince that paper was published, new algorithms have found currency in the community. However, the process of choosing one is a little like auditioning actors for the lead role in Hamlet. You quickly find that none are perfect and, in fact, some suffer from facial warts! Current Candidates for Post-Quantum Asymmetric Encryption Algorithms Several…
Read MoreAs security professionals, whether we know it or not, we all have a role to play in protecting the critical infrastructure. We see almost daily in the news that ordinary people around the world are being targeted in cyberattacks by terrorist groups, nation states, and organized crime groups. These groups use cybercrime to advance their…
Read MoreExecutive Summary The Internet of Things (IoT) and, specifically, the hunt for exploitable IoT devices by attackers, has been a primary area of research for F5 Labs for over a year now—and with good reason. IoT devices are becoming the “cyberweapon delivery system of choice” by today’s botnet-building attackers. And, why not? There are literally…
Read MoreOn the shoulders of manufacturers lies the responsibility to address vulnerabilities, because the next generation of thingbots is taking advantage of known vulnerabilities to gain control of devices. Persirai is an adaptation of Mirai that shares code as well as command and control servers, but targets all models of IP cameras from a single Chinese…
Read MoreCyber crooks use several common URL disguising techniques to trick users into thinking their sham sites are legitimate. Source link lol
Read MoreImage by Eva Rinaldi / License Creative Commons 3. The Nation State One of the supposed benefits of bitcoin and other cryptocurrencies is that they aren’t tied to any particular nation state. This prevents bitcoin assets from being frozen by the state, and gives consumers the freedom to do anything they want with their money.10 State sponsorship of…
Read MoreSeveral surveys talk about CISO salaries and job prospects, but we felt that the industry as a whole needed to fully understand what goes into the day-to-day job of a CISO. F5 and research firm Ponemon teamed to survey CISOs to draw as complete a picture as we could on the modern security executive. In…
Read MoreIf you missed parts 1, 2, 3, and 4 of this blog series, it’s probably worth visiting these links to understand why phishing scams are becoming so rampant. Information about individuals and corporations is readily available and easy to find on the Internet, making it easy for attackers to pull phishing schemes together—and with great success. None of the bits…
Read MoreFrom these 49 breaches, it is apparent that the “Information” industry is the most vulnerable by more than double of any other industry. By nature, the “Information” industry has massive amounts of data available to be harvested for resale and other malicious use, as opposed to the relatively small amount of data or high-dollar information…
Read More