Featured content

On the heels of last month’s massive WannaCry outbreak, a major ransomware incident is currently underway by a new variant (now) dubbed “NotPetya.” For most of the morning, researchers believed the ransomware to be a variant of Petya, but Kaspersky Labs and others are reporting that, though it has similarities, it’s actually #NotPetya. Regardless of its name, here’s what you should know.

Remember the first large-scale Mirai attack late last year? That was the one directed at IP cameras and took advantage of router configurations settings that many consumers never bother changing. The main culprit, though, was Universal Plug and Play or UPnP, which is enabled as a default setting on zillions of routers worldwide.

Homo sapiens click on links in clunky, non-personalized phish mails. They just do. We’ve seen research suggesting a small percentage are simply wired to click during their online interactions. Until recently, the “why” behind most people’s clicking behaviors remained something of a mystery. We now have more of an answer to this question based on findings from German academics. Warning: IT security people will not find their conclusions very comforting.

You’re a high-level IT security person, who’s done the grunt work of keeping your company compliant with PCI DSS, ISO 27001, and a few other security abbreviations, and one day you’re in a meeting with the CEO, CSO, and CIO. When the subject of General Data Protection Regulation (GDPR) comes up, all the Cs agree that there are some difficulties, but everything will be worked out.

We’ve all read the news recently about employees and contractors selling internal customer data records or stealing corporate intellectual property. But insiders breaking bad have been with us as long as we’ve had computers and disgruntled humans who understand IT systems.

This article is part of the series "Disabling PowerShell and Other Malware Nuisances". Check out the rest: Part I Part II Part III

Prosecutors allege that 25-year-old federal contractor Reality Leah Winner printed a top-secret NSA document detailing the ongoing investigation into Russian election hacking last November and mailed it to The Intercept. This raises a series of questions when it comes to protecting sensitive information from insider threats.

In the data management and IT space there have been significant consideration and hand wringing about how the European Union’s General Data Protection Regulation (GDPR) will eventually impact US based businesses or how a future US Federal data breach disclosure law might affect IT operations. What often is the missed in the discussion is that there are significant per state data disclosure notification regulations currently in effect in the USA..

This article is part of the series "Disabling PowerShell and Other Malware Nuisances". Check out the rest: Part I Part II Part III

This article is part of the series "Disabling PowerShell and Other Malware Nuisances". Check out the rest: Part I Part II Part III

Ransomware is a loss of control Most IT people equate exfiltration of data from their network as the point at which control is lost and a data breach has occurred. They think of it like “where are the bits” and if your user database is being passed around the internet via bittorrent and sold off for a .0001 BTC an account you clearly have lost control.

What we know so far The WannaCry ransomware worm outbreak from last Friday week used just one of the leaked NSA exploit tools, ETERNALBLUE, which exploits vulnerabilities in the SMBv1 file sharing protocol.