Managed service providers (MSPs) have been a boon to midsize enterprise. They allow for offloading technical debt to an agent with the skills and resources to manage it, thereby giving an organization room to focus on growing a business, rather than the particulars of infrastructure. For a long while, third-party service providers were not targeted dire

Back in July, a group of cyberattackers called Magecart made the e-commerce word shake. Its malicious skimming code, which is inserted into the websites of these businesses to steal personal and financial data from their customers when making purchases, was discovered on nearly 18,000 domains. And this incident wasn’t the only one. A year ago, British Airway

The Internet of things (IoT) has revolutionized the business world. It has helped to streamline industrial processes, reduce costs, and has even created new business models. But, as is often the case, all of these advantages go hand in hand with a series of disadvantages. The most important of these disadvantages is the significant increase in the attack sur

Working together in perfect harmony like the wind and percussion sections of a symphony orchestra requires both rigorous practice and a skilled conductor. Wouldn’t it be great if our cybersecurity solutions did the same to better protect organizations? The methods and tools used to accomplish this are often referred to as security orchestration. Even tho

Over the last few years, fake news has been a major worry. Fake news is believed to have played an important role in such important electoral processes as the 2016 US presidential election and the Brexit referendum on the withdrawal of the United Kingdom from the European Union the same year. There is now another kind of fake that is causing concern: deep fa

BEC scams (business email compromise) are big business for cybercriminals. According to the Financial Crimes Enforcement Network (FinCEN), these scams generate around $301 million every month, or $3.6 billion a year. The aim of a BEC scam is to trick an employee into carrying out a fraudulent bank transfer. To do this, cyberattackers send an email impersonat

Last year, an average of 45 vulnerabilities were discovered every day. This is almost three times more than in 2016. . Cyberincidents as well-known as WannaCry, the Equifax data breach, and the cyberattack on the Winter Olympics are were all facilitated by a vulnerability. Last month, a vulnerability in the WebAdmin plugin of OpenDreamBox 2.0.0.0 was discove

In the past, a signature-based cybersecurity solution could be relied on to protect your organization against malware – with updates being posted to you on a floppy disk each month. Signature based solutions are very efficient and accurate at spotting known malware. Signature detection was sufficient until polymorphic techniques (compression and encryption)

I published the following diary on isc.sans.edu: “Huge Amount of remotewebaccess.com Sites Found in Certificate Transparency Logs“: I’m keeping an eye on the certificate transparency logs using automated scripts. The goal is to track domain names (and their variations) of my customers, sensitive services in Belgium, key Internet players

It’s been a little over a month since several Trend Micro apps were kicked out of the Mac App Store by Apple over allegations of stealing user data, but several crucial questions remain unanswered. To recap, security researchers discovered that seven Trend Micro apps were collecting users’ browser data without notifying users (the vendor claims t

The Meltdown and Spectre vulnerabilities disclosed in early 2018 dominated much of the infosec discussions and news coverage last year, including those at RSA Conference 2018. But at this year’s event, speculative execution threats are virtually non-existent. RSA Conference 2019 has a single item on its agenda for speculative execution threats: a class

Even if you’ve set up parental controls on your devices, your teen is just as tech-savvy as you are, if not more. They’ve been raised in a digital age where surfing the web and social media use are second-nature. They can easily disarm a simple pop-up blocker or clear their browser history. So how do you protect them from the Internet when your original safe

Critical infrastructure is one of the favorite targets for the sophisticated attacks carried out by APTs (advanced persistent threats). What makes these APTs really dangerous is the fact that their attacks are never random, and always have a specific target. If an advanced cyberattack managed to paralyze the water supply, or interrupt hospital service, the A

Cybercriminals have a litany of techniques to get onto their victims’ IT systems: vulnerabilities, social networks, and even snail mail. The most popular method, however, is email: according to sources in the sector, 91% of cybercrime starts with a phishing email. Quasar: a new version of a popular tactic Towards the end of August, security researchers disco

I published the following diary on isc.sans.edu: “Agent Tesla Trojan Abusing Corporate Email Accounts“: The trojan ‘Agent Tesla’ is not brand new, discovered in 2018, it is written in VisualBasic and has plenty of interesting features. Just have a look at the MITRE ATT&CK overview of its TTP. I found a sample of Agent Tesla spr