Adversaries are using sophisticated tactics to bypass security defenses and infiltrate networks. Along with employing HTTPS, they’ve begun using SSH and other advanced protocols for data exfiltration. SSH, for example, is often used for remote management access because it performs well. Adversaries now use remote desktop protocol (RDP) and data exfiltration over SSH. And when […]
Security for Intent-Based Networking
Networks have become more massive and complex than ever before. This year at Cisco Live US, people were talking about managing and defending networks at scale. Chuck Robbins, CEO of Cisco, said that 2.1 billion machine-to-machine connections have been added to the internet in the past year, and 27 billion more connections are expected to […]
Canada has a new cybersecurity strategy – does it impact you?
Do you do business with companies in Canada? A recent government survey showed that although 94% of Canadian business collect personal data from their customers, they still have a long way to go to in protecting it, with three quarters of the business executives and owners having never reviewed their responsibilities and one third not […]
How do you end up with a $4.3M HIPAA fine?
A Judge ruled in favor of the Office of Civil Rights and upheld a fine of $4,348,000 against MD Anderson, a cancer treatment and research center in Texas. This was the 4th largest fine in history for HIPAA violations. What led to this judgement, and what can we learn from it? Lesson #1 – Repeat […]
Annabelle: The Terrifying New Ransomware Variant
A new ransomware variant called Annabelle has been discovered, which seems to have been designed to ‘show off the skills’ of the developer who created it, by being as difficult to deal with as possible. The ransomware terminates numerous security programs, disables Windows Defender, turning off the firewall, encrypting your files, trying to spread through […]
State of Cybersecurity 2018
Did you know? The General Data Protection Regulation (GDPR) will take affect May 25, 2018. This will affect global organizations that hold or process personal data of any European Union resident. The definition of “personal data” is much more broad than in current US compliance regulations, and penalties for non-compliance are 20 million Euros or […]
Scam Of The Week: The Most Sophisticated Netflix Phishing Yet
This Netflix phishing campaign goes after your login, credit card, mugshot and ID! Paul Ducklin at Sophos wrote: “Think of the big security stories of recent months. Security holes like KRACK [and Meltdown]; a plethora of ransomware attacks ending in extortion; data breaches that were big, bigger or biggest, there are plenty of candidates for […]
How one letter can lead you to a scam: James Lyne talks typosquatting with NBC News
Sophos’ James Lyne talks to NBC Nightly News about the simple, but effective scam, and how you can protect yourself Everyone’s done it – in the rush to get on a website, typing in a URL that is close, just a letter or two off, from your intended destination. Cybercriminals take advantage of this everyday […]
The Aftermath of 2017 Data Breaches
We hear a lot about the latest data breach, but we don’t always hear so much about the aftermath. Let’s look at some examples from 2017 to drive home the impact that a cyber incident can have on an organization. Uber was a classic study in what not to do in response to a breach. […]