Featured content

Leave a review for our podcast & we'll send you a pack of infosec cards. Get the Free Pen Testing Active Directory Environments EBook “This really opened my eyes to AD security in a way defensive work never did.”

Any hacker knows the keys to the network are in Active Directory (AD). Once a hacker has access to one of your user accounts, it’s a race against you and your data security protections to see if you can stop them before they can start a data breach.

The EU General Data Protection Regulation (GDPR) isn’t light reading (though we’ve done our best with the Plain English Guide to the GDPR. However, it doesn’t mean that this law’s essential ideas can’t be compressed and rendered into a highly informative infographic.

What do hackers want? If you answered money — always a safe bet — then you’d be right. According to the Verizon Data Breach Investigations Report (DBIR), financial gain still is the motivation for over 75% of incidents it had investigated.

Have I mentioned lately that the General Data Protection Regulation (GDPR) is a complicated law? Sure, there are some underlying principles, such as Privacy by Design (PbD) and other ideas, that once you understand, the whole thing makes more sense. But there are plenty of surprises when you delve into the legalese. For example, pseudonymization.

The cyber kill chain is a series of steps that trace stages of a cyberattack from the early reconnaissance stages to the exfiltration of data. The kill chain helps us understand and combat ransomware, security breaches, and advanced persistent attacks (APTs).

If you needed another reminder that you shouldn’t use the same password on multiple online sites, yesterday’s news about the hacking of Mark Zuckerberg’s Twitter and Pinterest accounts is your teachable moment. Mr. Z. was apparently as guilty as the rest of us in password laxness.

Ransomware crimes have been soaring this year. It has stalled the operations of not only hospitals and businesses, but also the US government – federal, state and local governments, law enforcement agencies and even schools.

Organizations with legal obligations to prevent data from improper alteration or destruction—I’m talking to you healthcare orgs that fall under HIPAA– really need to pay close attention to a new ransomware variant.

Unlike traditional ransomware notes that rely on fear-based tactics, a new ransomware strain called CyptMix preys on your generosity.

Unfortunately, another breach has made the headlines and it’s déjà vu all over again. The narrative surrounding the Goldcorp breach is similar to other doxing attacks:

We’re excited that Deloitte, the international auditing and consulting firm, has been raising the alarms on insider threats. They have some content in the CIO section of the Wall Street Journal that’s worth your time.