Recent stories have focused on ransomware, its implications, increased usage and complexity. With the usage, this is a natural progression. The digital organized crime groups have seen the potential profits involved with this. There is a vast number of new targets coming online weekly to be phished over and over. With each breach and compromise there are new lists of contacts. This is a simple, linear algorithm. The more targets in the pool represents a larger potential numbe

DDoS Charles Parker, II Over the recent year, there have been a number of articles centered on hacking and attacks, intended to disrupt business and consumer behaviors. One area that has been discussed at length has been the DDoS attack. As the acronyms continue to be thrown about, some may not know about the details. Recently the largest DDoS attack at 1.7Tbps was recorded. In the work environment, this may affect the consumer’s and business ability to login for a web-orien

This St. Patrick’s Day proved to be rather interesting this year. As with years past, an Irish pub was visited. This happened to be connected to a golf course. Granted there were the usual characters present, however this year was a bit different. As the waitresses were exceptionally busy, there was a bit more time that was not occupied. Being curious and waiting for an exceptionally long period, the WiFi was checked. This was labelled as ****** Golf and was totally insecure.

Ransomware and its effect on the targets is well-known. This is being used as an attack tool in nearly all the industries. The use of ransomware has been noted in the water processing utilities, manufacturers, banks, retail industry, to just name a few. This is partially due to its ease of use and applicability to many of the attacks. The attack vector typically has been with phishing or its variant, spear phishing, and is not that complex. To add to the issue, the encrypting

We need to learn, as an industry, from our mistakes. When these are identified, as part of the SDLC, the oversights should be addressed immediately, based on the criticality of the issue. InfoSec is no different. If there is a vulnerability noted, it should be remediated as soon as possible. This may take a bit of time to resolve and may need to be implemented in the next model year of a product or software release, depending on the circumstances. If the issue is noted and ac

Cryptocurrency is big news these days. Articles appear in economic news streams, technology blogs, and retail trade publications. On the same day you might find an article about how cryptocurrency is becoming legal tender for one country and an article on how a city is placing a moratorium on cryptocurrencies. Here are some basic findings and information on cryptocurrency to encourage more research and reflection on this dynamic topic. Basics of Cryptocurrency Cryptocurrency

In May 2017, IE and Microsoft Edge finally began to note the SSL/TLS certificates signed with the well-used SHA-1 hashing protocol as insecure. At this point, it had already been done by Chrome and Firefox. This encryption protocol has been in use since 1995. This has been replaced by SHA-2 years ago due to collision attacks. This occurs when two files have the same SHA-1 digest. Although a few attacks may be possible yet impractical, the noted attack in practical and workabl

Universities have been targets for years. There have been Universities that have been compromised multiple times within a year. The attackers acknowledge there is a plethora of knowledge available to be exfiltrated and later sold or used in an unauthorized manner. This value may be rather substantial as this is sold on the dark web. In late 2016, one of the latest targets was Michigan State University. The University was breached on November 13, 2016. The data exfiltrated inc

There are a number of documents used in the business setting. These include resumes in the Human Resources Department, budgets in in Finance, and budget costs for projects. These documents have a commonality in their functionality. Years ago, and recently resurfacing, an attack was envisioned and implemented. Office documents include the function of macros, which by design were intended to assist the user. These began to be included to complete malicious acts by third parties