Home Blog
Personal information from about 500,000,000 people who made reservations at a Starwood hotel was stolen by hackers.
These hotels include Sheraton, Aloft, W Hotels, and Westin Hotels. Marriott acquired the Starwood Group back in 2016, but the compromise started way back in 2014 before the acquisition took place.
Hackers had...
It is usually not a good idea for lawmakers to get involved in cyber security beyond a certain point. The reason for this is that lawmakers do not have an understanding of the technology that they are legislating.
Case in point: Australia is quickly enacted legislation that will require companies like Apple and Facebook...
Thinking about doing a mid-career transition to a cyber security position?
It is a great field to get into. There are currently millions of unfilled cyber security jobs in the US and countless more around the world. There simply are not enough qualified applicants to fill these jobs.
Because qualified applicants are limited, the salaries for cyber security jobs are on...
Companies are finding it very difficult to hire qualified Cyber Security professionals.
Cyber Seek has completed a study that shows that there is a gap of at least 2.9 million cyber security jobs. The most jobs openings are in Northern Virginia. Northern Virginia is a hot bed for cyber jobs because of growing areas like Ashburn, VA. Ashburn is a...
Why Passwords Suck
Usernames and Passwords are not secure by nature. This is a control that relies on "Something you know". Knowledge is easily transferable and therefore passwords are not secure.
No amount of security training will eliminate or overcome human nature. It is human nature to make passwords that are easily remembered. Passwords that are easily remembered are also easily...
The Dark Web is Anonymous
The dark web is a scary place. It is a network of websites teaming with illegal activity. It is an anonymous place where visitors protect their identity by using techniques to keep identifying information (Like their IP address) hidden.
There are a number of methods that people use to keep themselves anonymous when accessing the dark...
How does the PMP exam compare to the CISSP exam?
When someone asked me that question I thought it was rather odd. How can you compare the PMP to the CISSP? These are two completely different tests on two completely different subjects. The PMP exam covers project management while the CISSP exam covers cyber security.
But then I thought about it.
The...
The Security+ exam isn't that easy!
I was recently at a family reunion and I was talking to my cousin who does IT work for the military. He was getting prepared to leave the military within a few years to transition into civilian work.
I asked him if he had any IT certifications.
"No, but I am thinking about trying to get...
Tax Season is a Hacker's Dream
The "dark web" is where hackers turn to sell the valuable personal data that they have stolen from their unsuspecting victims. They sell your personal information like social security numbers, bank account details, hacked passwords, credit card account information, and even your W2 tax forms.
How do they get your W2 Form?
In the past W2...
A Little History
In the past it was assumed that hardware encryption is far more secure than software encryption. Many people, including security experts, still believe this to be true. And in the past it was true.
But recent history has proven that hardware encryption is highly vulnerable. The widely published recent discovered hardware encryption vulnerabilities include Spectre and Meltdown. Both...
When Hackers Kill
Hackers have already - perhaps many times- have contributed to death by hacking into secure systems and releasing information. This information has lead to loss of life in a number of different ways including suicide and murder.
But hacking has now evolved to the point that cyber criminals can use computers to negatively affect and damage the physical...
Zerodium is a reputable place where you can sell zero day exploits.
Hackers and security researchers know that Zerodium is a way to cash in on vulnerabilities that they discover in operation systems, software and hardware and devices.
There are a number of ways that you can make money from discovering vulnerabilities.
You can disclose the vulnerability to the software or...
I decided to take the CASP exam for only one reason...
There is really only one reason that I originally took the CASP exam instead of the CISSP. I did not make the decision logically. I did not know the real differences between the tests.
I took the CASP test first because I thought it would be easier.
Plain and Simple -...
Persian Stalker is targeting Iranian social media accounts.
The "group" has been around since 2017 and they have been observed targeting social media accounts. Specifically, this group focuses on gaining access and control of Instagram and Telegram accounts.
Telegram is a popular service with about 40 million users. This is a communication app that has been used to organize protesters in...
Reading is not my learning style.
In today's world of podcasts and audio books I believe that less and less people are accustomed to learning by reading and writing. For me this is certainly the case.
I love learning through audio books and video training. I used these learning methods exclusively to pass some very difficult IT Certification tests including passing...
When a company issues a patch to fix security issues the bad guys start salivating. They know that in many cases they now have the opportunity to take advantages of vulnerabilities that the previously did not know about.
Hackers can easily reverse engineer patches.
When a patch is released a hacker will first review the published issues that the newly released...
According to "The Retail and eCommerce Threat Landscape Report" from October 2018 there is a 297% increase in the number of phishing websites that target online retail businesses and customers of these businesses. There is an average of 23 phishing sites for each retail company that was included in the study. In 2017 the data showed that there were...
A new research report Published by cybersecurity specialists, BestVPN.com, shows the state of online privacy in the United States. BestVPN surveyed 1,000 U.S. consumers to comprehend the state of online privacy in 2018. The report reveals a significant knowledge gap and suggests that, despite their fears, US citizens are not protecting themselves against the ever-growing amount of cyber-threats.
In light...
Experts think that the infamous North Korean hacker group Lazarus accounts for targeted strikes against five cryptocurrency exchanges.
North Korea's burgeoning cyber military seems to have especially honed its assault abilities to attack cryptocurrency-related organizations. In the face of mounting and crippling international sanctions, Pyongyang's many hacker groups have adopted cryptocurrency-focused malicious attempts as an effective way of generating income...
FreeRTOS, the open-source operating system that powers most of the small microprocessors and microcontrollers in many IOT hardware products has newly identified vulnerabilities.
The vulnerabilities are in the TCP/IP stack and affect the FreeRTOS.
The versions affected
The versions affected are FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), AWS FreeRTOS up to V1.3.1, OpenRTOS and SafeRTOS (With WHIS Connect middleware TCP/IP components).
Why this...
Another successful ransomware attack....
The City of West Haven, Connecticut made the tough decision to pay hackers $2,000 in ransom money after a ransomware attack halted all their operations. The city contacted the Department of Homeland Security who discovered the attack originated outside of the U.S. West Haven mayor Nancy Rossi said the attack disabled around 23 servers last week...
According to research by Kaspersky Lab, 86% of Cybersecurity professionals think that hackers are not stoppable and will eventually succeed at compromising the systems that the cyber pros are hired to protect.
In my opinion this awareness of the seriousness of the threat is admirable. Such an attitude should keep us all on high alert.
On the other hand, the view...
Malware is short for "Malicious Software" and has been around for a very long time. Way back in the 1980s trojans and other types of malware were distributed on floppy disk to unsuspecting users.
Malware can be used to destroy data, destroy hardware, steal information, create zombies (computers that hackers can control remotely), and other things that you really do...
A cryptocurrency mining code called Coinhive is creeping onto unsuspecting websites around the net.
Coinhive uses javascript to harness computer users CPU capacity when they visit a website.
So, when you visit a website with Coinhive code your computer is working to mine cryptocurrency for someone.
Coinhive itself is not Malware.
Coinhive is not malware by itself. Coihive code is a technique to...
Everyone is talking about the Bloomberg Businessweek's volatile report alleging that Chinese spies had implanted surveillance chips in the motherboards of computer servers.
The report is not standing up to the smell test. As president Trump would say - This is fake news.
Apple, Amazon, and the other involved parties delivered strong denials. If these companies saw any potential truth in...
There are high profile Cyber Security breaches almost Daily
Cybersecurity breaches seem to be a Continuous part of modern life, With a new high-profile leak or hack occurring almost daily. Regardless of this, however, individuals still aren't taking adequate measures to safeguard their data.
In a poll of over 1,000 individuals living in the United Kingdom, nearly a quarter -- 23...
