dcsimg

Maze: the ransomware that introduced an extra twist

An extra way to create leverage against victims of ransomware has been introduced by the developers of the Maze ransomware. If the victim is not convinced that she should pay the criminals because her files are encrypted, there could be an extra method of extortion. Over time, more organizations have found ways to keep safe copies of their important files or use some kind of rollback technology to … [Read more...]

Cybersecurity for journalists: How to defeat threat actors and defend freedom of the press

When you’re a journalist or work for the press, there may be times when you need to take extra cybersecurity precautions—more so than your Average Joe. Whether a reporter is trying to crowd-source information without revealing their story or operating in a country where freedom of the press is a pipe dream, cybersecurity plays an important role for any journalist producing work online—which is … [Read more...]

What role does data destruction play in cybersecurity?

When organization leaders think about cybersecurity, it’s usually about which tools and practices they need to add to their stack—email protection, firewalls, network and endpoint security, employee awareness training, AI and machine-learning technology—you get the idea. What’s not often considered is which items should be taken away. Nearly as important to an organization’s … [Read more...]

Hacking with AWS: incorporating leaky buckets into your OSINT workflow

Penetration testing is often conducted by security researchers to help organizations identify holes in their security and fix them, before cybercriminals have the chance. While there’s no malicious intent for the researcher, part of his job is to think and act like a cybercriminal would when hacking, or attempting to breach, an enterprise network. Therefore, in this article, I will review … [Read more...]

British Airways fine could be the start of GDPR tidal wave

Earlier this week, the ICO (Information Commissioner’s Office), the UK’s data protection authority, announced that it would be fining British Airways £183.4 million (about €204 million) for a data breach that occurred last year.  The incident, which affected 500,000 customers, involved a sophisticated attack in which criminals diverted traffic from British Airways’ website to a bogus replica, … [Read more...]

Things to consider when processing biometric data

Biometric data is being used in countless systems these days. If you’ve ever used your fingerprint scan to unlock your phone or facial recognition software, then your biometric data is being processed.  But like any form of data, biometrics – i.e. information relating to individual’s physical, physiological or behavioural characteristics – are potentially accessible by malicious sources, and the … [Read more...]

How Ireland’s Credit Unions can meet their penetration testing requirements

Credit unions in Ireland are required to conduct a penetration test once a year, and send the results to the Central Bank of Ireland for review.  According to a report published by the Bank last year, credit unions are getting better at doing this. But for those that are still unsure how to complete this process or simply want to get better at it, this blog explains everything you need to know … [Read more...]

Leaks and breaches: a roundup

It’s time for one of our semi-regular breach/data exposure roundup blogs, as the last few days have brought us a few monsters. If you use any of the below sites, or if you think some of your data has been sitting around exposed, we’ll hopefully give you a better idea of what the issue is. Seeing so many services be compromised or simply exposed for all to see without being secured is rather … [Read more...]

Medical industry struggles with PACS data leaks

In the medical world, sharing patient data between organizations and specialists has always been an issue. X-Rays, notes, CT scans, and any other data or related files have always existed and been shared in their physical forms (slides, paperwork). When a patient needed to take results of a test to another practice for a second opinion or to a specialist for a more detailed look, it would … [Read more...]

‘ZombieLoad’ vulnerabilities expose computers using Intel chips

Cyber security researchers have discovered a class of vulnerabilities in Intel chips that could be exploited to steal sensitive information, unencrypt data and spy on tasks handled by the processor.  The bugs, dubbed ‘ZombieLoad’, affect almost every computer that uses an Intel chip released since 2011.  What does ZombieLoad do?  ZombieLoad is a side-channel attack that enables criminals to … [Read more...]