19 Dec 2019

Member of ‘The Dark Overlord’ hacking group extradited to the US

A British national was transported to the US earlier this week, facing charges of hacking US companies. Nathan Francis Wyatt was a known member of the notorious hacking group The Dark Overlord (TDO). Wyatt pleaded not guilty to the charges he currently faces in a Saint Louis court yesterday. US

Read More
19 Dec 2019

Senators introduce K-12 Cybersecurity Act

Two US senators asked the Department of Homeland Security for their support on a recent bill, the K-12 Cybersecurity Act of 2019, which aims to effectively manage the threat of ransomware and cyberattacks. The bill would establish guidelines that improve school cybersecurity systems. The senators stated that school systems are

Read More
18 Dec 2019

LifeLabs pays hackers to recover data of 15 million customers

A Canadian laboratory that provides diagnostics and testing services, LifeLabs, admitted yesterday to paying hackers to retrieve stolen data that resulted from a security breach last month. Although it remains unclear how much LifeLabs paid the hackers to recover the data, LifeLabs stated that the hackers breached their systems and

Read More
18 Dec 2019

11 Habits of Highly Effective CISOs

What does it take to be a highly effective CISO? Over the past 25 years, I’ve consulted for hundreds of executives on cybersecurity issues including direct support to dozens of CISOs working to effectively manage cyber risk in a wide variety of organizations.  With this post, I’ve attempted to capture some of the best practices from the most effective CISOs I know. In future articles, we’ll look at each of the 10 habits in greater detail, including direct input from the CISO community. 

Read More
13 Dec 2019

Targeted Attacks Deliver New “Anchor” Malware to High-Profile Companies

A campaign that started in October is being used to deliver financial malware against entities in the manufacturing and retail sectors. Researchers at the Cybereason Nocturnus group have been following the new campaign closely, determining that it commences with a phishing attack to deliver TrickBot and ultimately delivers a relatively

Read More
12 Dec 2019

How Commercial Bug Hunting Changed the Boutique Security Consultancy Landscape

It’s been almost 10 years since the first commercial for-profit bug bounty program was launched. Bug bounty programs have transformed the information security sector, and its negative impacts have been advertised as driving down companies’ consulting rates and raising ethics questions within the cybersecurity community. However, boutique security consultancies, particularly

Read More
12 Dec 2019

How Congress wants to help sync military cyber

New cyber positions within the US military could be created in 2020 as a result of the government’s annual defense policy bill, depending on the approval of President Donald Trump. The positions include a senior military advisory for cyber policy, which requires candidates to be at least a two-star general.

Read More
11 Dec 2019

Pensacola Under Attack as Suspected Ransomware Strikes

Just hours after a suspected terrorist attack at the Naval Air Station in Pensacola, Florida, that left three sailors dead, the city of Pensacola was hit with a suspected ransomware attack that took local services offline. Early Saturday morning, the city network was taken offline as ransomware affected government employees’

Read More
10 Dec 2019

Maersk CISO Says NotPeyta Devastated Several Unnamed US firms

Maersk Chief Information Security Officer Andrew Powell stated at Black Hat Europe 2019 that he believes that 600 countries across the globe were damaged by NotPetya around the time of the Maersk attack. He stated that any company doing business in Ukraine at the time of the attack was hit.

Read More
06 Dec 2019

Facebook sues Chinese malware operator for abusing its ad platform

Facebook filed a lawsuit yesterday against Chinese company ILikeAd Media International Company and the two men who control it, Chen Xiao Cong and Huang Tao. The company was founded in 2016 in Hong Kong and is being accused of using the Facebook ad platform to run a malware scheme. Once

Read More