Collaborate Disseminate
The use of publicly accessible MQTT brokers is prevalent across numerous verticals and technology fields. I was able to identify systems related to energy production, hospitality, finance, healthcare, pharmaceutical manufacturing, building management, … Continue reading Adventures in MQTT Part II: Identifying MQTT Brokers in the Wild
As I had mentioned previously, this year, I’m going back to school. Not to take classes, but to teach a course at my alma mater, Fanshawe College. I did this about a decade ago and thought it was interesting, so I was excited to give it another go. Add… Continue reading Lessons from Teaching Cybersecurity: Week 7
Compliance is very important to any organization. Organizations have many standards to choose from including PCI, CIS, NIST and so on. Oftentimes, there are also multiple regulations that are applicable in any country. So, organizations need to commit … Continue reading 7 Challenges that Stand in the Way of Your Compliance Efforts
Recently, the Securities and Exchange Commission’s exam division issued a Risk Alert (the “Alert”) where it carried out several targeted cybersecurity investigations. The agency is now concerned with how there’s been an increase in a specific type of h… Continue reading SEC’s Office of Compliance Inspection and Examinations Warns of a Sudden Increase in Credential Stuffing Hack
An undisclosed number of customers of outdoor clothing retailer The North Face have had their passwords reset by the company, following a credential-stuffing attack. The company has revealed that on October 9, 2020, it became aware that hackers had use… Continue reading The North Face resets passwords after credential-stuffing attack
Policy compliance within the information security space can be an exhausting concept to wrap our heads around. Writing a policy document, publishing it to staff and then staying hands-on to ensure it is followed in perpetuity is easily seen as an arduo… Continue reading What is Policy Compliance? Four Tips to Help You Succeed
Japanese game developer Capcom has revealed that it suffered a security breach earlier this week which saw malicious hackers access its internal systems. The maker of such well-known video games as “Resident Evil” and “Street Fighter” disclosed in a sh… Continue reading Capcom hacked. Resident Evil game developer discloses cyber attack
According to the Accenture State of Cybersecurity 2020 report, the average cost of a cyber attack for ‘non-leaders’ stands at $380,000 per incident. The report classifies organizations into ‘leaders’ and ‘non-leaders.’ The ‘leaders’ are those who set t… Continue reading 3 Steps to Building a Resilient Incident Response Plan
Tripwire‘s October 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Apple, Adobe, and Oracle. First on the patch priority list this month is a very high priority vulnerability in Oracle WebLogic Server. The vuln… Continue reading Tripwire Patch Priority Index for October 2020
In the last quarter of 2019, researchers at ClearSky uncovered an attack operation that they dubbed the “Fox Kitten Campaign.” Iranian actors used this offensive to gain persistent access into the networks of dozens of companies operating in Israel and… Continue reading N-Day Vulnerabilities: How They Threaten Your ICS Systems’ Security