Feb 12, 2018 4:34:11 PM

The New Theft: Drive-By Cryptocurrency Mining

You may be able to wrap your head around the concept of a cybercriminal stealing money from your bank accounts, or monetizing your customers’ personal financial information, but have you considered that an attacker might be able to steal money from you through your utility bill, and maintenance budget for computer hardware? Cryptocurrency mining through malicious advertising on popular sites like YouTube is the new theft and could put your organization's bottom line at risk.

Topics: Penetration Testing, cybersecurity, advanced penetration testing, incident response, Malware, Attack Surface

Jan 10, 2017 9:07:34 AM

A Dangerous Shift in Ransomware Targeting

There’s good news for commentators that really “phoned it in” on their 2017 predictions: ransomware is becoming even more of problem. While you’ll be hard pressed to find analysts who thought otherwise, the reason that malware has become more dangerous may be less obvious to those not in the trenches. It’s time to put the forecasts for 2017 aside and start looking at the reality of what’s being perpetrated against the victims of cybercrime this year.

Topics: cybersecurity, ransomware

Dec 1, 2016 10:01:00 AM

Compliance Alone Won’t Save You: The Next Attack Will Hit Harder Than the Last

This past weekend, the San Francisco Municipal Transportation Authority (SFMTA) was hit with a ransomware attack that left it unable to process payments for rides. The SFMTA was forced to continue providing service, for free, as they repaired the systems that were damaged in the attack. Even in an incident where the ransomware author was not successful in extorting a payment, the financial impact on the victim can be significant.

Topics: cybersecurity, cyber risk

Sep 28, 2016 10:00:00 AM

Strengthening Your Cyber Resilience: Six Questions to Ask Yourself

As a former network administrator and IT Manager, I’ve spent most of my IT career defending networks from the bad guys along with keeping the daily IT ship afloat. Take that and add a couple projects and helpdesk tickets and you’ve got yourself a never ending to-do list. It’s not an easy job to say the least, and sometimes you can’t help but wonder if you and your team have the all bases covered on the security front.

Topics: IT administration, cybersecurity, information security

Sep 27, 2016 8:39:21 AM

Four More Years and Four Hundred Pounds of “You’re On Your Own”

Last night at Hofstra University, at the first of three scheduled presidential debates in 2016, Lester Holt introduced a segment of questions on “Securing America”. While as an avid consumer of the news, I was determined to watch the entire debate, this segment engaged my personal and professional interests. Holt went right to the point of cyber security, a “21st century war happening every day”, and I was eager for a glimpse at the candidates’ vision of how the nation can protect its own secrets, as well as the operations of businesses, over the next four years. In my analysis, regardless of what the nation decides on November 8th, the message to American business is the same: “You’re on your own”.

Topics: cybersecurity, politics, information security, debate

Aug 15, 2016 11:22:51 AM

Delta Airlines and the Security of Critical Infrastructure

Last week, I had the pleasure of joining Elizabeth Wharton on her radio show, Buzz Off with Lawyer Liz, to talk about the security of critical infrastructure, specifically as it relates to the significant downtime Delta Airlines experienced last week. Liz had asked me to be a guest on the show for a couple of reasons: the research I have been involved with with regards to critical infrastructure security and my personal connection to last week's incident.

Topics: Penetration Testing, cybersecurity, critical infrastructure

Jul 13, 2016 12:00:00 PM

6 Talks We’re Looking Forward to at Black Hat USA

A number of us at HORNE Cyber are attending Black Hat USA's briefings on August 3rd and 4th. I am looking forward to sharing my work on conducting more secure penetration testing operations on August 3rd at 1:50PM.

Topics: cybersecurity