Malice Vs Greed Most discussion about security in the supply chain has been focused on detecting tampering, or preventing backdoors or sneaky things being inserted into components and software. There’s another aspect emerging and will dwarf the tampering: devices that are counterfeited for profit indirectly causing security problems. Counterfeit devices are ones that either by…
Read More
Businesses today face a security challenge: Protecting their systems and data is vital, but there aren’t enough qualified employees who can successfully make that happen. Similarly, young cybersecurity professionals need to overcome the gap between what is learned in a classroom and the practical experience required to protect real, critical business data. Trend Micro’s annual…
Read More
In April 2017 my monthly threat webinar focused on a cyberespionage group our Forward-Looking Threat Researcher, Feike Hacquebord, has been following for many years and recently published a report into the most recent two years of activities. In this post I want to focus on their tools and tactics versus who they target since this…
Read More
With the recent announcement of more than 500 million accounts impacted by a security breach, many Yahoo users have been changing their passwords. After all, that’s the official guidance. However, as ZDI’s Simon Zuckerbraun points out, a new password isn’t enough. If you have a Yahoo account, chances are you’ve seen a notification that your account…
Read More
If you live on Planet Earth right now, chances are you have heard of the Yahoo mega data breach. The internet pioneer admitted last week that highly sensitive information on 500 million account holders was stolen from its network a two years ago, but only just discovered. That may have given the bad guys a…
Read More
Three and a half years ago, The New York Times announced that their network had been breached in a targeted attack. Today, CNN is reporting another breach of The New York Times, among other press outlets. CNN’s report says that investigators are attributing these attacks to Russian sources, possibly in conjunction with the recent attacks…
Read More
The breach of VTech by an unknown cyber-criminal continues to escalate. After initial reports of a breach exposing personally identifiable data of it’s customers (despite VTech’s statement otherwise), the hacker released a limited set of personal messages and photos from VTech customers to prove a near-complete compromise. It’s been a bad week for VTech. Make no mistake, VTech…
Read MoreThere is a likely acceleration date which may require you to switch all your SHA-1 certificates to SHA-2 certificates by June 1, 2016, instead of the previous deadline of December 31, 2016. In 2013, Microsoft announced that SHA-1 certificates will have significant security problems in the following years, and therefore cannot be issued after Jan 1,…
Read More
Email security for people in sensitive positions is a growing topic of concern. There is of course the ongoing discussion around the security of former Secretary of State Hillary Clinton’s “homebrew” email server, and now news that the personal email accounts of CIA Director John Brennan and Department of Homeland Security Secretary Jeh Johnson may…
Read More
One the one hand, it’s always important to maintain a healthy skepticism when reading about the latest data breaches. Major incidents might grab the headlines, but they don’t always tell the whole story. On the other hand, cold hard facts collected over a period of 10 years offer a great opportunity for us to analyze…
Read More
