Blog - News

Blog

How do SME’s Fight off CyberAttacks?

(Carbon Black) Does the fact that well-known brands are successfully attacked and breached mean that SMEs are even more at risk? If SMEs can defend themselves, how should they go about doing so? We will look to address these questions ... »

Can employees learn not to make cybersecurity mistakes?

We’ve long maintained that technical means are not enough to protect a business from cyberthreats. It’s possible for a single person to negate the effect of an entire information security team. In many cases, it may be unintentional, the result of ... »

Brute Force: Anatomy of an Attack, Varonis

The media coverage of NotPetya has hidden what might have been a more significant attack: a brute force attack on the UK Parliament. While for many it was simply fertile ground for Twitter Brexit jokes, an attack like this that targets a ... »

#SecurityTipTuesday: Stay Ahead of the Attack and Patch!

There are countless ways that attackers can compromise your network. Malware infected email attachments and compromised websites that deliver harmful scripts, typically tend to take advantage of unpatched vulnerabilities in OS systems, web browsers, and other applications to do irreparable ... »

#SecurityTipTuesday: Provide Training on Cyber Threats

Let’s think back for a second on all the safety lessons we were taught as kids; for example, when you cross a street, you look both ways. It’s so obvious right… Wrong. Cybersecurity awareness training is no different than the ... »

Breaking news: here’s what we know about what could be the latest ‘Petya’ ransomware outbreak

A significant ransomware attack called Petya is spreading across Europe, Russia, Ukraine and elsewhere. What we know right now Victims so far include British advertising agency WPP (WPPGY), Danish shipping firm Maersk, Russian oil/gas company Rosneft and U.S.-based pharmaceutical firm Merck. ... »

Avoiding Alert Fatigue: Simplify Incident Response

An FBI report released last year estimated 327,374 robberies nationwide, which accounted for an estimated loss of $390 million. Cyber theft is not far different from the physical theft but in fact, it has become the most lucrative way of ... »

#SecurityTipTuesday : Managing Your Passwords Effectively!

Here at Secure Sense, we want the best for you. (But I’m sure you already knew that). That being said, we’ve implemented an epic Security Tip Tuesday series where industry Wizards will be providing you, the people, with the BEST ... »

Stop Business Email Compromise and Imposture Email Threats

According to the FBI, this type of scam has siphoned more than $2.3 billion from more than 17,000 victims—and those are just reported incidents. Alongside Proofpoint, learn how to identify and stop impostor email threats (also known as business email ... »

GhostHook Attack Bypasses Window 10 Patchguard

Security experts have recently discovered a method of bypassing Windows 10 PatchGuard protections and deploying malicious code into the Windows kernel, allowing attackers to plant rootkits on systems previously thought to be impregnable. More than 400 million devices worldwide currently ... »

Google removes another set of malicious apps from play marketplace

Last week we blogged about the importance of having a cybersecurity plan address the risks of Web Applications here. Today it’s been reported that Google has removed not one, but two malicious apps ZTORG Trojans from their play marketplace (and this is ... »

Addressing the increasing risk of web applications

According to Verizon’s recent security report, attacks on web applications are now the leading source of data enterprise breaches, up 500% since 2014. The spike in attacks has caused cyber security professionals to be most concerned about customer facing web ... »

Mouse hovering malware delivery scheme identified, refered to as potentially very dangerous

It’s been discovered that cybercriminals are using a new technique to infect computers that only requires a victim place their cursor over a malicious hyperlink for the malware to be injected. The newly discovered technique was noticed by several cybersecurity ... »

Camp Secure Sense 2017 – Recap

Wow, what a week! Camp Secure Sense has come and gone and reflecting back this was one fantastic group of customers and sponsors that attended. We’ve said it before, and we will say it again, without you there would be no ... »

Samsung Galaxy S8 iris scanner fooled by hackers

The Chaos Computer Club recently posted a video showing how they fooled the iris scanner on Samsung’s new flagship phone. The group said that standard PIN systems are more secure. According to TechRepublic, the Samsung Galaxy S8’s iris scanner, which ... »

Adylkuzz Malware That Could Spread More Than WannaCry

The last few days have been understandably exhausting for security teams around the globe due to the nasty ransomware WannaCry or WannaCrypt. The malware spread widely using an exploit for a Server Message Block v1 vulnerability (MS17-010) leaked by the ... »

Protecting Your Organizations from WannaCry Ransomware

Ransomware has become the fastest growing malware threat, targeting everyone from home users to healthcare systems to corporate networks. Tracking analysis shows that there has been an average of more than 4,000 ransomware attacks every day since January 1, 2016. ... »

How to defend against the WannaCrypt global ransomware attack via ZDNet

All the malware’s attack vectors and infection spreads are not yet known, but we do know how to protect vulnerable systems. Friday’s ransomware outbreak is ongoing and while researchers work to stem the tide of infection, businesses, governments, and individuals ... »

Network Access Control: Is it Dead? The History of NAC and How the Evolving Cybersecurity Industry Changed It via Bradford Networks

As enterprise organizations continue to add BYOD, IoT devices, virtual servers/cloud services, switches, routers and offices that are connected and sharing information throughout the globe, the task of identifying and securing these endpoints can seem overwhelming. To manage these trends, ... »

Ransomware incidents surge, education a hot bed for data breaches, according to Verizon

Ransomware incidents have surged 50 percent from a year ago, educational institutions are becoming a playground for cyber espionage, and 68 percent of healthcare security threats are internal, according to Verizon’s 2017 Data Breach Incident Report (DBIR). The DBIR is ... »

New types of ransomware innovate to find opportunity

There is no shortage of new types of ransomware, many with unique features, and experts say it’s an exercise in innovation and finding revenue opportunity. Search Security reports, that ransomware is big business and it appears as if malware developers ... »

The Google Phishing Attack, Explained

Google recently made an unprecedented move by widely announcing a Gmail phishing scheme through Twitter. The phishing message was especially nasty because of its polish. Uncharacteristically for phishing, there were few errors in the message, and it was created in ... »

Top 3 Myths of Security Awareness Training

Security Mentor has been at this a while – teaching, educating and training companies worldwide about how to work smart and securely – and in the process, transforming employee attitudes towards security. Across a wide range of industries and unique business ... »

Ten Practical Steps to Protect Your Online Privacy via Cylance

Two things happened recently which should raise an alarm for anyone concerned about their online privacy. The first was a major release by WikiLeaks on March 7, 2017 of a trove of hacks and hacking techniques allegedly employed by the CIA ... »

Netflix Breach: Orange, Black, and Another Hack

How much would your organization pay in ransom to stop the early release of its intellectual property? Can you place a monetary value on a breach of this type? In the case of the weekend Netflix breach notification, they paid ... »

Executive Insights: Achieving Digital Trust in a World of Data

Cybersecurity is at a critical tipping point. With massive volumes of data being generated and analyzed across the globe every day from a variety of sources and devices, an entirely new approach to network security is required. From both a ... »

Near Impossible Target: Fileless Malware

According to a blog post by ThreatPost, the future of client-side malware attacks is fileless. And it would appear the future has arrived with a growing number of attacks using fileless or in-memory malware to pose a threat to business that’s increasingly difficult ... »

Russian ‘pioneer’ of identity theft and card fraud jailed for 27 years

According to the Naked Sophos blog, Roman Seleznev, the Russian MP’s son who was found guilty last year of hacking into point-of-sale (PoS) systems and stealing millions of credit cards, has received the longest-ever sentence for hacking to be handed ... »

Workers like to bypass or find ways around corporate cybersecurity policies

Dtex Systems researchers found that 95 percent of enterprises surveyed had employees who are actively circumventing corporate security protocols. Dirty minds and common vices were the driving force behind the majority of protocol breaches as 59 percent of the organizations ... »

InterContinental Hotels Group: Malware Hit 1,200 Locations

Investigators Eradicated Point-of-Sale Malware by March, IHG Says Intercontinental Hotels Group is warning customers that malware infected point-of-sale devices at 1,200 of its locations beginning in September 2016. That appears to be a sharp rise in the count of breached hotels ... »

Android malware creators throw up a roadblock to thwart the good guys

Emulation testbeds have been considered by security practitioners to be a useful tool to conduct operational security exercises and a variety of research. For almost as long, malware writers have sought to thwart such tools. SophosLabs has come across some ... »

Infected By Ransomware. Now What?

Don’t negotiate with e-terrorists. Be a hero and rescue your hostage PC. With nasty malware like Locky making the rounds—encrypting its victims’ files, and then refusing to unlock them unless you pay up—ransomware is a serious headache. But not all ransomware ... »

Bug Bounties: Risk and Reward

Today BugCrowd CEO, Casey Ellis, and founder and attorney at Cipher Law, James Denaro stepped on stage at AppSecUSA 2016 to talk about the logistics and legalities of bug bounties. They talked through some of the most common concerns people ... »

Big Security Hole Found in Popular Password Manager Site

A Google security researcher found the vulnerability in LastPass, endangering personal data for millions of its customers. A security researcher found a major vulnerability in popular password manager LastPass that could allow hackers to steal passwords and login credentials from ... »

One of the most dangerous forms of ransomware has just evolved to be harder to spot via ZDNet

Malicious loaders delivered by self-extracting Dropbox files – enabling payloads to bypass detection. One of the most common forms of ransomware is evolving a new technique in order to become even more effective and harder to detect – the ability ... »

Insider Threats, What and Why You Should Be Concerned

Did you know, that insider threats have been behind the sharp increases over the past 18 months in the percentage of organizations that have experienced loss or theft of company data? According to the Ponemon Institute, three out of every ... »

Secure Sense Named One of 2017 Tech Elite Solution Providers by CRN®

Secure Sense Named One of 2017 Tech Elite Solution Providers by CRN® Tech Elite 250 list recognizes IT solution providers with deep technical expertise and premier certifications. Burlington, On March 27, 2017 – Secure Sense announced today that CRN®, a ... »

Bitcoin scams: Beware of crooks trying to steal your cryptocurrency with these schemes

Cyber criminals are successfully taking advantage of social media and naivety to steal Bitcoin and distribute malware. Cybercriminals are taking advantage of the rising price and popularity of Bitcoin to try to steal the currency and distribute malware. The cryptocurrency ... »

iSNS Server Memory Corruption Vulnerability in Microsoft Windows Server

In November 2016, as part of Fortinet’s FortiGuard research work, it was discovered and reported an iSNS server memory corruption vulnerability in Microsoft Windows Server. On patch Tuesday of March 2017, Microsoft released the Security Bulletin MS17-012 that contain the ... »

Defending Against El Machete’s Malware Attacks with Cylance

Can You Protect Against El Machete? El Machete is a targeted attack campaign that was first publicly disclosed and named by Kaspersky here. The Cylance SPEAR™ Team, whilst tracking and monitoring threats, found that El Machete has continued to operate ... »

New MajikPOS Malware targets users across North America

Trend Micro has discovered a new PoS malware, tracked as MajikPOS, that is targeting business in North America and Canada. Security experts at Trend Micro have discovered a new PoS malware, tracked as MajikPOS, that is targeting business in North America. ... »

Why Small-Business Owners Are Easy Prey for Hackers

Our partner Symantec says 43 percent of all cyberattacks in 2015 targeted small businesses. Randell Heath isn’t sure how hackers got into his company’s website — all he knows is a supplier called, saying the site had become an online ... »

Hundreds of High Profile Twitter Accounts Hacked

According to The Hacker News, in a large-scale Twitter hack, thousands of Twitter accounts from media outlets to celebrities, including the European Parliament, Forbes, UNICEF, Nike Spain and numerous other individuals and organizations, were compromised early Wednesday. The compromised Twitter ... »

How online gamers use malware to cheat

We typically think of malware as something used to steal data from corporations or knock down websites in politically motivated attacks. But if you’re a gamer, sometimes it’s simply a tool for winning. SophosLabs threat researcher Tamás Boczán has been ... »

What WikiLeaks’ massive CIA leak tells us about cybersecurity via Sophos Naked Security

Here we go again. In 2010, WikiLeaks published a disturbing heads-up video of US helicopters strafing “insurgents” who turned out to be Reuters journalists. Weeks later came Cablegate, a leak by Bradley (now Chelsea) Manning of 251,000 US diplomatic cables. ... »

RSA 2017 Predictions Analysis via Sophos

Sophos offered a predictions blog that was published on their Naked Security blog last week, and now it’s time to see how accurate these predictions were. Here, we will break down each prediction and see what really happened. Sophos wrote ... »

You CAN teach an old dog new tricks, according to the 2015 ransomware variant, TorrentLocker

It’s been quiet since 2015, but TorrentLocker has suddenly returned. And this time it wants to steal your passwords too. A ransomware variant which has been relatively inactive for almost two years is back, and this time it’s stealing user ... »

Secure Sense Named 2016 LogRhythm Partner of the Year Canada

Burlington, ON,  February 28, 2017 – Secure Sense, Canada’s fastest growing IT Security company, is pleased to announce it has been named LogRhythm’s 2016 Partner of the Year, Canada. The announcement was made at the LogRhythm Partner Summit, held in Boulder, ... »

Google Does it Again: Discloses Unpatched Microsoft Edge and IE Vulnerability

This month has yet been kind of interesting for cyber security researchers, with Google successfully cracked SHA1 and the discovery of Cloudbleed bug in Cloudflare that caused the leakage of sensitive information across sites hosted behind Cloudflare. Besides this, Google ... »

Pass(word)ing the buck!

The start of the New Year is always an interesting time in the security community. Out come the statistics and stories about the worst passwords and the most common ones chosen by online users during the previous year. A recent ... »

Canadian cyber firm confirms it was the victim described in RSA investigation

A Canadian cyber security software and services company has acknowledged that it was the victim of backdoor malware inserted into one of its products two years ago in an attack detailed last week by investigators for security firm RSA . ... »

Rise of the IoT Botnets

There are many doomsday cyber scenarios that keep security professionals awake at night. Vint Cerf, one of the fathers of the Internet and current vice president and chief Internet evangelist for Google, speaking at an event in Washington, D.C., in ... »

2017 Network Security Trends Infographic

As you plan for 2017, get the facts on endpoint security and stay current on the trends. This Infographic compiles relevant data from Gartner, IDC, The Ponemon Institute, Symantec and others, on the current state of network security threats from ... »

Organizations In 40 Countries Under ‘Invisible’ Cyberattacks

Unknown threat actors are stealing sensitive financial data using memory resident malware crafted from legitimate tools, Kaspersky Lab warns. Cyberattacks have become increasingly stealthy in recent years, with goals like persistence and lateral movement becoming much more important to threat ... »

Not all ransomware tools are created equal

In case you hadn’t heard, ransomware is big, big business. In 2016 alone, ransomware payouts are closing in on the billion-dollar mark, with a whopping 70% of companies reporting that they paid to have their maliciously-encrypted data liberated after being ... »

What’s the actual cost to a business of a data breach?

Cisco has released the 10th of its annual cybersecurity reports, leading some publications to scream that security breaches can cost businesses 20% of their annual turnover. If you burrow into the headlines, however, it becomes apparent that only a third of ... »

What’s Happening at #RSAC17

Will you be attending RSA in San Francisco this February? If so, we have the lowdown on all the exciting things our partners have planned for IT’s biggest event. From dinner parties to beer and ping pong, your go-to guide is ... »

Spora ransomware goes freemium with four different payment options

A new ransomware strain called Spora has taken the “freemium” model to a new level. Many ransomware attacks include a try-before-you-buy feature on their pay pages, where you can decrypt one or two files for free as an inducement to ... »

What’s New at Secure Sense?

2017 has already poised to be an incredible and successful year for Secure Sense. Our team has been working endlessly towards our ultimate goal of becoming Canada’s most trusted cyber security firm. That being said, we’d like to take the time ... »

When Robots Go Rogue – Cylance Identifies What’s Real in AI

Westworld… J.A.R.V.I.S.… Knight Rider… seems like we’ve been surrounded by artificial intelligence (AI) for a long time, doesn’t it? Thanks to Cylance we’re able to make sense of and understand exactly what Artifical Intelligence and Machine Learning really are. As other ... »

Almost 200K Websites Affected by the OpenSSL HeartBleed Vulnerability…and counting!

The ‘Open SSL HeartBleed’ vulnerability was one of the biggest flaws in the Internet’s history that affected the core security of as many as two-thirds of the world’s servers i.e. half a million servers at the time of its discovery ... »

Not all ransomware tools are created equal

In case you hadn’t heard, ransomware is big, big business. In 2016 alone, ransomware payouts are closing in on the billion-dollar mark, with a whopping 70% of companies reporting that they paid to have their maliciously-encrypted data liberated after being ... »

These Were the Most Common Passwords Used in 2016

With all the extensive online resources, emphasis on long and complex passwords and numerous enterprise breaches we are utterly shocked that ‘password’ is still being used as a password today! Although weak and commonly used passwords have long been one ... »

13 Cyber Security Practices you MUST Follow!

Inspired by today’s Friday the 13th, we’ve compiled 13 of the best cyber security tips and best practices you should be doing following! 1) Train your employees Did you know that your organization’s biggest security risk is your employees? Since the ... »

How to Stay Protected Against Ransomware

Businesses large and small are under threat from increasingly aggressive and brutal ransomware attacks. Loss of access to critical files, followed by a demand for payment can cause massive disruption to an organization’s productivity. But what does a typical attack ... »

Browser autofill used to steal personal details in new phishing attack

Chrome, Safari, Opera and extensions such as LastPass can be tricked into leaking private information using hidden text boxes, developer finds. Your browser or password manager’s autofill might be inadvertently giving away your information to unscrupulous phishers using hidden text ... »

Mongodb Attacks Jump From Hundreds to Twenty-Eight Thousand in Days

Security researchers report a massive uptick in the number of MongoDB databases hijacked and held for ransom. On Monday, researcher Niall Merrigan reported 28,000 misconfigured MongoDB were attacked by more than a dozen hacker groups. That’s sharp increase from last week ... »

Achieving Intelligent Infrastructure Defence with LogRhythm’s Co-Pilot Service and Security Analytics

Retailers have learned hard lessons in recent years, as organizations such as Target have suffered major data breaches. In Target’s case, the compromised credit card information of 70 million customers have resulted in significant expense, lost revenues, and a damaged ... »

The 5 Worst Hacks and Breaches of 2016 and What They Mean for 2017

2016 was not the best year for security, at least where high-profile breaches, hacks, and data leaks were concerned. The year saw yet another laundry list of big-name companies, organizations, and websites hit with distributed denial-of-service (DDoS) attacks, huge caches ... »

Begin With the End(point) in Mind

Advances in artificial intelligence (AI), machine learning (ML), and mathematical algorithms have allowed cyber security professionals to bolster their threat prevention in recent years. SecOps groups have shifted focus from response to prevention, using AI/ML-powered protection products such as CylancePROTECT® to ... »

Data breaches through wearables put target squarely on IoT in 2017

Forrester predicts that more than 500,000 Internet of Things (IoT) devices will suffer a compromise in 2017, dwarfing Heartbleed. Drop the mic—enough said. With the sheer velocity of how the distributed denial-of-service (DDoS) attacks spread through common household items such ... »

Ashley Madison forced to pay for deceptive security practices

Ashley Madison’s parent company has been forced to pay US$1.6 million for actively deceiving its customers as to how safe and secure the site really was. Ashley Madison’s parent company, Ruby Corp., will be forced to pay a large settlement ... »

Lesson Learned: Security Awareness Training

Think back for a second on all the safety lessons we learned as kids; for example, when you cross a street, you look both ways. But some safety lessons had to evolve over time. For example, no one wore seat ... »

Secure Sense Achieves Blackberry Authorized Reseller Status

On December 13th, 2016 Secure Sense has achieved the Blackberry Authorized Reseller Status. This tier recognizes Partners that have invested in the acquisition of a solid sales knowledge of the BlackBerry Enterprise Mobility Suites. We’ve identified the customer demand for ... »

Don’t let your former IT staff sabotage your company

A recent news story has brought to mind a threat which probably sends a shiver down the spine of many system administrators. A 32-year-old man was sentenced to two years in prison this month for hacking the computer systems of ... »

New ‘nasty’ Ransomware Encourages Victims to Attack Other Computers

Popcorn Time malware offers users free removal if they get two other people to install link and pay. A new ransomware variant has been discovered using an innovative system to increase infections: the software turns victims into attackers by offering ... »

What is Next-Generation Antivirus (NGAV)? via Carbon Black

In information security, the mere mention of the word “antivirus” elicits a largely unfavorable response. I’ve heard some descriptions from infosec pros that include: “not enough,” “ineffective,” and “archaic.” There’s merit to these claims. Antivirus has long been the most ... »

Expedia’s IT Guy Made $300,000 By Hacking Own Execs

A former Expedia IT professional has admitted to illegally trading on secrets he discovered by hacking his own company’s senior executives. Jonathan Ly stole passwords and infiltrated devices belonging to Expedia’s CFO and head of investor relations, which enabled him to ... »

DailyMotion Hack Leaks Emails, Passwords of 87m Users

DailyMotion, a popular video sharing website, said Tuesday it recently suffered an “external security problem” resulting in the compromise of an unspecified number of its users’ data. LeakedSource.com, a repository of breached data, added DailyMotion to its list of “Hacked ... »

Retail Cybersecurity: Black Friday and Cyber Monday Have Arrived.

It’s the most wonderful time…of the year! No, no, we aren’t talking Christmas. Welcome back, Black Friday and Cyber Monday! In the U.S., the post-Thanksgiving shopping blitz of Black Friday often serves as a make-or-break event for many retailers. Indeed, ... »

Ten Cyber Security Predictions for 2017 via BeyondTrust

In the cosmic wink of an eye, 2016 is almost done. So, it’s that time of year to invoke the dark arts of prediction and try to determine how the next year will unfold. For cyber security, predicting the future ... »

LogRhythm 7.2 Now Available For Download

LogRhythm’s platform has been purpose-built to power the next-generation Security Operations Center (SOC), and with the release of 7.2, is now further optimized to help you deliver the industry’s most efficient, effective end-to-end threat lifecycle management solution. Scalability: Reduce total ... »

CryptoLuck Ransomware Emerges

A new ransomware family spotted for the first time recently is already being distributed via an exploit kit (EK). Dubbed CryptoLuck, the new ransomware variant was discovered by “Kafeine”, a Proofpoint researcher and maintainer of the Malware don’t need Coffee blog. Noteworthy ... »

The 7 Most Significant Government Data Breaches

Mega compromises at federal and state agencies over the past three years has compromised everything from personal data on millions to national security secrets. The Georgia Secretary Of State Office Breach In October 2015, Georgia Secretary of State Brian Kemp’s ... »

Blacknurse Low- Volume DOS Attack Targets Firewalls

A type of denial of service attack relevant in the 1990s has resurfaced with surprising potency against modern-day firewalls. Dubbed a BlackNurse attack, the technique leverages a low-volume Internet Control Message Protocol (ICMP) -based attack on vulnerable firewalls made by ... »

Customer information stolen in alleged cyberattack at Casino Rama

The Casino Rama Resort says its customers, vendors and current and former staff should keep an eye on their financial information. An Ontario casino is warning customers, vendors and staff to monitor all bank accounts, credit cards and other financial ... »

Top 10 Strategic Technology Trends for 2017

Artificial Intelligence and machine learning will increasingly be embedded into everyday things such as appliances, speakers and hospital equipment. This phenomenon is closely aligned with the emergence of conversational systems, the expansion of the IoT into a digital mesh and the ... »

Secure Sense Recognized on 2016 CRN Next-Gen 250 List

Secure Sense Recognized on 2016 CRN Next-Gen 250 List Annual List Features Trailblazing Solution Providers Transforming Business with Emerging Technologies Burlington, Ontario, November 7, 2016 – Secure Sense, Canada’s Fastest-Growing IT Company, announced today that CRN®, a brand of The ... »

CyberCrime is on the Rise? Big Surprise..

Attacks Hike? New Cybercrime Report Shows 40 Percent Increase for Merchants, Financial Institutions. Cybercrime is on the rise. While this isn’t shocking news, the recent Q3 2016 ThreatMetrix study found that even during the traditionally slow third quarter, both financial ... »

Brandon Bourret, Photobucket Hacker Sent To Prison for Computer Fraud

Creator of Software to Facilitate Privacy Invasion and Online Extortion Sentenced to Federal Prison for Conspiracy to Commit Computer Fraud. Photobucket was the victim of a bizarre cybercrime case, outlined by the US Department of Justice yesterday. Brandon Bourret of ... »

Can We Take It With Us to the #Cloud?

As more organizations move to the cloud, security professionals are coming to a number of hard realizations, and quickly. First, saying “no” to the cloud is NOT happening. What IS happening is moving to the cloud, so get over it. ... »

Google and Microsoft in war of words over bug disclosure

The search engine company publicized a critical Windows bug 10 days after informing the software firm about it. Google and Microsoft are in a war of words after the search engine company publicized a critical Windows bug just 10 days ... »

Protect Your Network from an IoT Device Attack – Like the Recent DDoS Assault on Dyn

On October 21st, waves of crippling Distributed Denial-of-Service (DDoS) attacks left some of the most prominent names on the web struggling to ensure consistent access. Dyn, Inc., a company that provides domain name services for about 6% of Fortune 500 ... »

Don’t Let A Lack of Resources Compromise Your Cyber Security

As a bank in today’s digital environment, cybersecurity concerns play a heavy hand in how we approach evolving customer needs, internal processes, and regulatory requirements. But in our current landscape, where companies of all sizes and in myriad industries can ... »

Yesterday’s Technology & Cyber Risk Today: Time for a Security Assessment? via Bradford Networks

For most IT teams, addressing or thinking about cyber security is a daily concern. From updating AV software to creating security profiles, most IT professionals spend a portion of their day on tasks with a goal of securing their network. ... »

Big Surprise – Russian indicted over LinkedIn and Dropbox mega-breaches

A Russian citizen has been arrested in the Czech Republic and indicted in connection with massive breaches: the 2012 attack on LinkedIn and the subsequent attack on Dropbox. The man, 29-year-old Yevgeniy Nikulin, from Moscow, also allegedly targeted Formspring, a ... »

There’s a New Trojan in Town, Spreading Through Targeted Email Campaign

The authors of a malware sample that has been around for more than two years have yet another trick for distributing it. The Kovter malware sample that has infected systems around the world for the past couple of years is ... »

IoT Bots Cause Massive Internet Outage October 21st, 2016

The real perpetrator of the widespread Internet outage on Friday, October 21, 2016 is still not known but the weapon of choice was definitely IoT devices compromised with Mirai malware. The Distributed Denial of Service (DDoS) attack that started on ... »

Hackers Used Your Vulnerable Tech To Throttle The Internet

Devices were infected to carry out a “sophisticated, highly distributed attack” to wreak online havoc. Hackers unleashed a complex attack on the internet through common devices like webcams and digital recorders and cut access to some of the world’s best-known ... »

A massive cyber attack caused major websites to go down across the internet

Internet users around the world, but mostly in the US, reported that some top websites were not loading on Friday morning. The affected sites included Amazon, Twitter, Etsy, Github, and Spotify. The issue appeared to have something to do with ... »

SMBs victims of phishing attacks 5x more than ransomware via SC

Despite a glut of research into new ransomware variants, low-tech threats like phishing attacks and viruses pose a more prevalent threat to small businesses than ransomware, according to a recent survey of SMB owners.   Thirty-seven percent of small businesses ... »

Nuclear Power Plant Disrupted by Cyber Attack

The head of an international nuclear energy consortium said this week that a cyber attack caused a “disruption” at a nuclear power plant at some point during the last several years. A nuclear power plant became the target of a disruptive ... »

Hack warnings prompt cyber ‘security fatigue’

Relentless cyber security warnings have given people “security fatigue” that stops them keeping themselves safe, suggests a study. Many ignored warnings they received, found the US National Institute of Standards and Technology (NIST). Others were worn out by software updates and ... »

Securing Enterprise Networks from Rapidly Increasing Malicious Attacks

Enterprise organizations are appealing targets for hackers. These networks can provide everything from valuable personal data profiles, to financial and research data – all valuable commodities on the dark web. The interest in targeted enterprise attacks has increased dramatically, with ... »

Happy Cyber Security Awareness Month!

Ahh, October. The time of the year when the air gets crisp, the leaves begin to change and Cyber Security Awareness begins! We may be bias, but we think October is the best month of the year. We live in ... »

Cybercrime-as-a-Service Offered To Militants, Terrorists, Says Europol

The Darknet could provide ample resources and services for terrorists to carry out attacks, claims report. Cybercriminals offering contract services for hire offer militant groups the means to attack Europe but such groups have yet to employ such techniques in major ... »

How to Sell Cloud Security Solutions to SMBs

It’s easy to think of cybersecurity threats as something that mainly targets the nation’s largest and most profitable enterprises. In the news, we see stories of the data breaches of massive healthcare and insurance networks, of retailers with thousands of ... »

Hackers Hold Investment Bank To Ransom

Hackers who call themselves TheDarkOverlord recently tried to extort a series of health care organizations into paying hefty ransoms. Their most recent target is WestPark Capital. The hackers have stolen apparent internal documents from a Californian investment bank and published them online, likely in an effort ... »

Taming the Great Disruptor: How Managing Change Can Bolster Your Security

Did you know China is having a hard time hiring hackers to meet the demand of vulnerable U.S. security systems? Okay, well… that might be a fictional story published by satirical newspaper The Onion. But it does highlight an important ... »

Fortinet Threat Landscape Report

Periodically, Fortinet publishes a set of findings based on threat intelligence gathered from hundreds of Cyber Threat Assessments performed across the globe. This report provides analysis and insight into the threats experienced within certain industry segments and regions. Published just ... »

PowerBroker Password Safe API is Available to Developers – for Free

Calling all vendors, end users, and application developers! BeyondTrust is now offering a free method to make all of your solutions more secure if you require a user or application to provide credentials for connectivity or authentication. BeyondTrust’s PowerBroker Password ... »

Temporal Chain Normalization: The Unsung Hero of Event Correlation

When it comes to correlation capabilities, LogRhythm has you covered. With AI Engine you can perform a variety of activities, from observing a single activity to applying advanced behavior rules across multiple dimensions (entities, devices, log sources, metadata, etc.). In ... »

Yahoo says 500 million accounts stolen

Yahoo confirmed on Thursday data “associated with at least 500 million user accounts” have been stolen in what may be one of the largest cybersecurity breaches ever. The company said it believes a “state-sponsored actor” was behind the data breach, meaning ... »

Is your network causing bottle-necks that hinder growth?

We recently read a thought-provoking article authored by one of our technology partners Fortinet, titled Network Security in the New Service Provider Reality. The article discusses how networks have to evolve and embrace the growing, dynamic distribution of data, as ... »

Cyber terrorism seen as the BIGGEST single future threat

47% of UK IT decision makers (ITDMs) are more worried about cyber terrorism attacks now than they were 12 months ago, according to IP EXPO Europe. This was identified as the biggest cyber security risk in the future (27%), followed ... »

Can Bug Bounty Programs Halt the Rise of APTs?

Security researchers recently discovered a new, advanced form of malware that is so sophisticated, it is believed only a nation state could have developed it. Known as “Project Sauron”, the malware went undetected for five years until Kaspersky Labs discovered ... »

How Ransomware Works via Carbon Black

Ransomware is similar to other malware in that it installs itself on a computer and runs in the background without the user’s knowledge. But unlike malware that hides and steals valuable information, ransomware doesn’t hide. As soon as ransomware has locked a user’s ... »

Cybercrooks use drive-by malware to rob Reddit users’ cryptowallets

An as yet unnamed drive-by-download malware is targeting the cryptowallets of Reddit users. Details of the attack are still unclear, but it appears attackers are using malicious links designed to appeal to those monitoring the changes in the Bitcoin prices. They ... »

Secure Sense Ranks No. 13 on the 2016 PROFIT 500

  – PROFIT and Canadian Business unveils 28th annual list of Canada’s Fastest-Growing Companies – Burlington, Ontario (September 15, 2016) Canadian Business and PROFIT today ranked Secure Sense No. 13 on the 28th annual PROFIT 500, the definitive ranking of Canada’s Fastest-Growing ... »

Google Project Zero Prize Pays $200,000 for Critical Vulnerability Chains

Apple isn’t the only one offering up a $200,000 reward for severe vulnerabilities on mobile devices. Google followed suit yesterday with the announcement of the Project Zero Prize, and like the Apple Security Bounty, the top payout is $200,000. Announced ... »

Consumers More Concerned with Financial Data Getting Hacked than Private Information about Their Families Being Exposed

Survey also reveals consumers more likely to hear about data breaches from the news or social media — not from companies holding their data. Centrify, the leader in securing enterprise identities against cyberthreats, today released findings from its 2016 Consumer Trust ... »

“Not If, but When” – Reflections on the OPM Breach

In my previous lives as a special agent in the FBI and also as the CSO of major U.S. corporations, I had to undergo periodic background investigations, usually every five years. I hold government clearances, and it was simply one ... »

Hitsniffer haults trading because of a malicious-insider data leak

We’ve said it before, and we will say it again. Your organizations largest threat is your employees! Not only does user error jeopardize an organization, but also disgruntled former employees, who still have access to sensitive information! We see this play ... »

Proofpoint report shows a significant rise in social media fraud

Proofpoint has released its inaugural Social Media Brand Fraud Report which investigates the current state of social media brand fraud to understand criminals’ methods and examine how this business risk is evolving. The company compiled a list of the top ... »

DDoS attacks growing more complex, larger

Distributed denial of service attacks — long serving as the weapon of choice for low-skill hackers — are getting more complex, with nearly two-thirds involving multiple kinds of attack traffic, according to new figures. If you need a refresher on what a DDos ... »

Cyber Security Cheat Sheet

Hello, September, we’ve been anxiously awaiting your arrival. For most of you, September means back to school for your children, and back to work for you! We understand how easy it is to loose track of security terminology while spending ... »

Dropbox Hack Leads to Dumping of 68m User Passwords on the Internet

Data stolen in 2012 breach, containing encrypted passwords and details of around two-thirds of cloud firm’s customers, has been leaked. Popular cloud storage firm Dropbox has been hacked, with over 68m users’ email addresses and passwords dumped on to the ... »

Crew Interview: Susan Singleton

Today marks the third week of Secure Sense Crew Interview, a little q&a, so you can get to know the phenomenal technical and sales teams we have here! For our third interview, to show off our crew, we present to ... »

Why You Don’t Shouldn’t Use WiFi at an Airbnb Rental

The threat exploded at the most recent Black Hat conference when security expert Peter Galloway  proclaimed what he had done on a recent vacation: he went back to his Airbnb rental and attacked the WiFi network.  “Within five minutes flat, I ... »

Overlay Malware Revealed on Google AdSense

Sipping on your first-morning coffee, and checking the news on your Android, seems pretty harmless right? Wrong. The latest strand of malware can hit any site that uses Google AdSense … and unfortunately that’s a lot of them. The malware ... »

Presenting a Cylance Unbelievable Tour: Toronto 2016!

 They say, “Seeing is believing.” And, that’s never been truer for those information security professionals who have attended a Cylance’s coast-to-coast “Unbelievable Demo Tour”. The good news if you have never been? We’ve added a stop in Toronto, for the ... »

All Your Cars Belong to US: Keyless VW Cars Can Be Hacked

Do you drive a Volkswagen? If so, we have some bad news. Tens of millions of vehicles sold by Volkswagen AG over the past 20 years, and various current models, are susceptible to theft because keyless entry systems can be ... »

Carbon Black: 3 POS Security Recommendations Following the Oracle MICROS Breach

Christopher Strand of Carbon Black reports flawlessly on the POS security recommendations those can take away from last week’s Oracle MICROS breach. If you were on a vacation, or just living under a rock, read the original story posted by ... »

20 top US hotels hit by new malware attacks

A new group of US hotels has fallen victim to PoS malware that is believed to have exposed private customer financial data. 20 US hotels operated by HEI Hotel & Resorts on behalf of Starwood, Marriott, Hyatt, and Intercontinental may ... »

Secure Sense Earned #23 on the 2016 CRN Fast Growth 150 List

Secure Sense Named to 2016 CRN Fast Growth 150 List List Recognizes Thriving Solution Providers in the IT Channel Burlington, Ontario, August 8, 2016 – Secure Sense announced that it has been named to The Channel Company’s 2016 CRN® Fast ... »

330,000 Exposed in Oracle MICROS Breach

One of the top three global point-of-sale providers, MICROS which was purchased by Oracle in 2014, has been breached. This is quite the cause for concern, as MICROS is currently deployed in over 180 countries, to over 330,000 sites. Oracle ... »

Kimpton Hotels Investigate Card Breach Claims

Kimpton Hotels is a boutique hotel brand, including 62 properties across the United States. The boutique chain is currently investigating reports of a credit card breach across multiple locations. On July 22, KrebsOnSecurity reached out to San Francisco-based Kimpton after hearing ... »

Insider Threat Trojan, Delilah, Makes Her Debut

According to Gartner, “Delilah” is the world’s first insider threat Trojan that targets individuals via social engineering and/or extortion, sometimes using ransomware techniques. It allows attackers to capture sensitive and sometimes compromising footage of victim’s in order to extort them ... »

This Week In Breaches: Ubuntu Forums

On July 14, a member of the Ubuntu Forums Council reached out to the Canonical team to inform them that someone had claimed to have a copy of their Forum’s database. The next day Ubuntu released a security notice confirming ... »

Gotta Catch ‘Em All … Including a Virus?

It’s official – Pokémon Go has taken the world by storm. This week it surpassed Candy Crush as the number one played mobile game, and even bigger, it surpassed Twitter’s daily user engagement. To make things even more remarkable … ... »

With KeRanger, Mac Users Are No Longer Immune to Ransomware Threats via Varonis

Cybercriminals who previously targeted Windows operating systems with ransomware have expanded their customer base to include the Mac OS. Known as KeRanger, it’s the first ransomware variant detected that infects Mac users. Unlike the usual methods of entry, such as ... »

iCloud Takeover Really is as Simple as One, Two, Three

Approximately 40 million iCloud accounts are rumoured to be hacked, but according to CSO Online, that number is likely overblown. Step one: Leaked credentials. Step two: “Find My iPhone” – lost mode. Step three: Lock user out and leave a ... »

Another Android Vulnerability, Is Anyone Really Surprised?

In the latest saga of Android vulnerabilities, a new malware called “HummingBad” is making its rounds and has already infected over 10 million devices worldwide. According to Check Point, the majority of infected devices are overseas in Asian countries, and ... »

Multiple Critical Vulnerabilities Exposed: Time to Update!

On June 28, 2016, Google’s Project Zero Researcher Tavis Ormandy released a blog that published details of multiple critical vulnerabilities with various Symantec products. According to Ormandy, these vulnerabilities, “Don’t require any user interaction, they affect the default configuration, and ... »

2.2 Million Sensitive Records Leaked

A mid-2014 database that contained 2.2 million records of individuals with suspected ties to terrorism, organized crime, money laundering, bribery, and corruption links has been leaked. The source of the leak is from World-Check, a database of politically exposed persons ... »

Is Vulnerability Management Still a “B” Horror Movie? via BeyondTrust

Here we are in 2016, and the state of information security (specifically the lack thereof) feels more like a bad Toxic Avenger sequel than a box office blockbuster. We’ve had major breaches, huge failures,  significant doubt, speculation about new technologies ... »

Dangers of Selling Old Hard Drives and Devices

If you were at our annual Camp Secure Sense this year, then you will remember the compelling presentation by Fortinet’s Senior Security Strategist, Aamir Lakhani. Lakhani spoke about the reality of digital breadcrumbs being left behind, without the realization. He ... »

Cyberattacks on Healthcare Institutions Shows No Signs of Slowing Down

This year has seen record high attacks against hospitals, most notably the ransomware attack that held Hollywood Presbyterian Medical Center hostage for over two weeks. Data stored within healthcare networks is a rising target for attackers on a global scale and ... »

Is your virtualized environment at risk for a data breach?

You know a concept is solid when it grows from a good idea to a standard business practice. It can feel like the change takes place overnight, especially if the solution can quickly prove its ROI – a company adopts ... »

Yikes! The Average Breach Costs How Much?!

According to a study conducted for IBM by Ponemon Institute, the average cost of a data breach has drastically increased. Ponemon conducted 1,500 interviews in over 383 victim organizations, for 16 different industries, within 12 countries. It was discovered that ... »

Vulnerability Exposed: Time to Update

A serious vulnerability has been identified, and it’s time to update, today. On June 16th, Adobe released a critical update for the Flash Player that fixes several vulnerabilities, including CVE-2016-4171. According to Adobe, if successfully exploited, “this vulnerability could cause ... »

Secure Sense Technology Partner BlueCoat, Acquired by Symantec

As a value added reseller, at Secure Sense we only partner with the best of breed network, security, and cloud providers – one of these companies being Blue Coat. On Sunday, June 12th, 2016, American endpoint protection company, Symantec announced ... »

The Cost Of Data Breaches Rises Past $4 Million

The Cost Of Data Breaches Rises Past $4 Million: Post VIA DarkReading: Ponemon annual report shows data breach benchmark index on the rise again, while Deloitte advises those tangible costs may be just the start to financial impact racked up ... »

Twitter Wasn’t Hacked, People Just Love Reusing Passwords

Last week there were many reports that Twitter had been hacked and that a user database of 32 million, was listed on the dark web. Twitter claims that this is not the case. Twitter’s Information Security Officer, Michael Coates, posted ... »

10 Things to Watch: Detecting a Phishing Email

As you may have noticed, the topic of phishing has been at the forefront of the concerns within the IT security 2016 landscape. As attacks become more challenging to identify, organizations become more susceptible to breach. Ransomware infections are often instigated ... »

This Week in Breaches: The Mega Breaches Keep On Coming

Mega breaches have been one of the prominent stories of 2016, begging the question – will it ever stop? Vk.com, Russia’s version of Facebook, is another social media platform in less than two weeks to have an old data breach ... »

Mark Zuckerberg’s Twitter and Pinterest accounts hacked, LinkedIn password dump most likely to blame

Facebook co-founder and CEO Mark Zuckerberg understandably has social media accounts on other networks. And like most avid online users, he ignored to maintain standard security password practices. Over the weekend, Zuckerberg’s Twitter and Pinterest accounts were hacked. The group ... »

What a Week for Social Media Platform Hacks

In the latest string of old hacks coming back to life, microblogging, social network Tumblr, who was hacked in 2013 – has a much larger scope than anticipated. Back in 2013, Tumblr refused to release the number of those affected ... »

Wait – Myspace is Still Around AND it Was Hacked?

Yes – apparently the early 2000’s dominant social media platform still does exist, and still potentially has 50 million unique visitors per month. What’s even more of a shock, is that this hack could be the largest password leak in ... »

Proactive Versus Reactive, We See You Reddit!

First off – no Reddit has not been compromised, so if you have an account to this broad range social media site, you can let out that deep breath you’re holding. But they, along with every other organization that takes ... »

DARK READING REBLOG: Epic Security #FAILS Of The Past 10 Years

We thought this was a great breakdown of some of the most epic security fails over the past 10 years. Happy 10-year Anniversary Dark Reading, thank you for always providing insightful, and top news articles in the information security world. ... »

Phishing Attacks Jump 250% From Oct Through March

It has been reported a record-breaking 250% increase in phishing activity between October of 2015 and March, 2016, says Business Wire (sourced from Anti-Phishing Working Group). As previously blogged, phishing is defined as ‘the activity of defrauding an online account holder of ... »

4-Year-Old Data Hack Has a Much Larger Scope Than First Reported

Back in June of 2012, LinkedIn confirmed that they had been breached, and approximately 6.5 million user’s credentials had been compromised. Now, almost 4 years later that number has grown exponentially. Busy bee hacker “peace_of_mind”, or ‘Peace’ as they seemingly ... »

Camp Secure Sense 2016 – Recap

What a whirlwind week, Camp Secure Sense has come and gone and we could not have had a better group of individuals to have been there! First off, we would like to thank every single one of you, our amazing ... »

Easing Your Enterprise into the Cloud

With so much negative publicity focused around “the cloud”, it’s no wonder that companies are cautious to make the switch. But we all know that there is a certain level of push-back when it comes to changes, especially ones that ... »

Hackers Play Freeze Tag with Your Android Device

Well, it’s not a game, and it certainly isn’t fun, especially if you’re holding the phone – but hackers are constantly finding new ways to mess with Android users. This time, it is in the form of a quasi-ransomware coined ... »

Did Anyone Learn from the Ashley Madison’s Breach?

It should really come as no shock to anyone these days that an online dating website has been hacked. The latest subject of attack is self-proclaimed ‘elite’ dating website BeautifulPeople.com, which has suffered a massive database leak, exposing the personal ... »

James Bond Going Digital?

If you’ve seen the 2015 blockbuster film, Spectre, then you know where we’re heading with this. MI6 and James Bond, on a clandestine mission, to ensure the safety of the world’s population remains in the hands of living, breathing spies ... »

Amazon Sold Me Embedded Malware, and All I Got Was This Lousy T-shirt

Well … they didn’t sell it to me per say, and no one got a shirt, but Amazon has been unknowlingly selling security recording equipment with embedded malware. This discovery was made by Mike Olsen, labeled as an “artful hacker” ... »

Mega Breach in The Philippines

55 million voters, 55 million citizens now susceptible to fraud and identity theft after a massive data breach that leaked the entire database of the Philippines’s Commission on Elections (COMELEC). With 55 million voters in the Philippine’s, this could go ... »

How Hackers Are Getting Siri to Show Them Your Photos

When the FBI took Apple to court it was with the intention of ordering the tech giants to build a backdoor that allowed them entry into a terrorists locked iPhone, as we have previously blogged. The FBI has since dropped ... »

This Week in Breaches: Trump Hotels, Again?

According to Security Guru Brian Krebs, Donald Trump’s series of luxury properties – the Trump Hotel Collection is the subject of another credit card system breach (Anonymous anyone??).   Earlier this year we reported about a series of hotel breaches, including ... »

Ransomware has been the dominant nuisance to cyber security in 2016 thus far, and doesn’t seem to show any signs of slowing down. In recent news, the main target of a ransomware attack has been hospitals and health care organizations that ... »

1.5 Million Customers’ Information Exposed in Data Breach

Every year Verizon Enterprise Solutions, a B2B unit of the telecommunications company, releases their Data Breach Investigations Report (DBIR). This report is complete with case studies of the year’s most interesting and impactful data breaches. The reports include the hard lessons ... »

For Hire: Uber Bounty Hunters

Typically, when most North Americans hear the term Bounty Hunter, images of a jacked up, sunglass wearing, blonde goliath come to mind. In terms of cyber security, it’s highly unlikely you’d ever see someone who fits that bill. It recently ... »

iMessage Vulnerability Discovered

Researchers from Johns Hopkins University have discovered a flaw that allows skilled attackers to intercept and decrypt video and images sent on iMessage. Apple partially fixed the flaw in the latest iOS 9, but the exploit leaves versions prior vulnerable. ... »

JLaw Breach

In late August of 2014, approximately 100 female celebrities had their privacy breached, when personal and intimate photos were published online, sourced from their private iCloud or Gmail accounts. At the time of the leak, or commonly known as “The ... »

Bank of England Governor, or Nigerian Prince?

In July of 2013, Mark Carney was appointed the Governor for the Bank of England, and within mere months, he was the subject of a “Nigerian Prince” email scam. California native Cameron Smith was the target of this scam when ... »

Anti-DDoS Firm Target of DDoS Attack

Irony- the expression of one’s meaning by using language that normally signifies the opposite, or in this case, a company who falls victim to the very thing they exist to defend against. On March 10, 2016 global DDoS protection company, ... »

The Ottawa Hospital Infected with Ransomware

One of the largest threats to cyber security in 2016 – ransomware, has a worrisome emerging trend; targeting hospitals. Ransomware has made quite an impact on the year so far and is likely to continue its trajectory of havoc. We ... »

Proof Reading: The Difference Between $80 Million and $850 Million

Foundation. One relatively average word that brought down a scam worth nearly $1 billion. On February 5, 2016, the Federal Reserve Bank of New York received a succession of requests seemingly from the Bangladesh Central Bank in Dhaka. If the ... »

My Mac Can’t Really Be Vulnerable, Can It?

On March 4, 2016, the Palo Alto Networks research team discovered a new MAC OS X ransomware called KeRanger that had infected the Transmission BitTorrent client installer. KeRanger is the first official complete and functioning ransomware to affect OS X. ... »

When Real Life Pirates Get Tech Savvy

Imagine being a pirate on the high seas, sailing around the world, hoping to land a gold mine – that one ship that was loaded with exactly what you’ve been searching for. Now imagine how much easier it would be ... »

OpenSSL Secured Websites Vulnerable to DROWN

A group of international academic researchers have discovered a vulnerability in OpenSSL security that has the potential to affect as many as 11.5 million servers. The hole in this security protocol allows Secure Sockets Layer (SSLv2) an outdated security protocol, ... »

Evolving Ransomware; Websites Beware

A new malicious program has surfaced, indicating a new trend in ransomware development that has already seen a resurgence in 2016. CTB-Locker, has been attacking files on web servers, infecting at least 100 websites over the past several weeks. Also ... »

Snapchat Falls Victim to Phishing Attack

On Friday February 26, 2016, the popular photo sharing app, Snapchat, fell victim to a sophisticated phishing attack. Employees were “targeted by an isolated email phishing scam”, where the scammer impersonated Snapchat’s Chief Executive Officer, Evan Spiegel, according to a ... »

Vulnerability in GNU glibc Affecting Nutanix Products: February 2016

Advisory ID:        Nutanix-sa-003-glibc     CVE-2015-7547 Last Updated:     25 February 2016 Published:           25 February 2016 Version:               1.0 On February 16, 2016 and industry-wide critical vulnerability in the GNU ... »

Vulnerability Revealed in Nissan LEAF

On February 24, 2016, Troy Hunt, a Microsoft MVP for Developer Security reported a vulnerability in the remote management APIs for Nissan LEAF. If you have the VIN number of any of the cars, you are able access certain features ... »

This Week in Breaches: Linux Mint

On Saturday February 20, 2016 Linux Mint project leader Clement Lefebvre confirmed that the website of the community-driven operating system had been hacked.  An attacker by the handle of “peace_of_mind”, is claiming responsibility for the hack of the site, deceiving ... »

When a Real World Virus Affects the Digital World

On February 1, 2016, the World Health Organization (WHO) declared a Public Health Emergency of International Concern (PHEIC) regarding the outbreak of Zika virus and all associated birth defects. Zika has been the determined cause of microcephaly, an abnormal smallness ... »

Apple Set to Play Hardball with the U.S Government

On February 16, 2016, a California court ordered Apple to assist the FBI in hacking and gaining complete access into an iPhone. The phone previously belonged to one of the San Bernardino shooters who tragically took the lives of 14 ... »

Hospital Held Ransom by Cyber Criminals

On February 5, 2016, Hollywood Presbyterian Medical Centre in Los Angeles was hacked and fell victim to a ransomware attack. The computer systems have been offline for over a week and a half, and according to the hackers will not ... »

I’ve Got 99 Problem’s and Quite a Few of Them Are STILL Android

On September 10, 2015 our guest blogger Fortinet, reported about malware issues within Androids, specifically with ‘Stagefright’. Today the focus has shifted toward third-party app stores, which do not have the same level of frontline security, nor the same level ... »

This Week in Breaches: The US IRS

On February 9, 2016 the United States Internal Revenue Services released a statement that they had ‘identified and halted an automated attack’ on their website with the Electronic Filing PIN application. This application can be used to electronically file taxes. ... »

An Interloper Listening in On Your Calls

While most backdoor attacks have limited functionality, Skype has a sophisticated nuisance that’s come-a-knocking, referred to as T900, a variant of the T5000 malware family. Secure Sense partner FireEye reported about this family back in 2014, when the T5000 sent ... »

Privacy Shield Takes Safe Harbour’s Place

Formed in 2000 by the United States and the European Union, The International Safe Harbour Privacy Principles Agreement regulated the way that US companies could export and handle the personal data of EU citizens. This agreement was to establish a ... »

eBay Exposed to Vulnerability

On December 15, 2105, Israeli security firm Check Point, informed the e-commerce giant, eBay about an online sales platform vulnerability. This flaw would allow cyber criminals to distribute phishing attacks and deploy malicious code on eBay’s users. On February 2, ... »

This Week in Breaches: Landry’s POS Breach

The Houston-based hospitality chain Landry’s, has recently released news of a point of sale, or POS malware attack at the organization’s restaurants and additional properties dating back to 2014, and 2015. An original report regarding the security incidents by Landry’s ... »

Major Monetary Cyber Thefts in Europe

Within 6 days of each other, two large European companies suffered a combined loss of €120 million, roughly $184 million Canadian. I bet you’re wondering how? On January 19, 2016, Austrian aerospace component manufacturers FACC AG, reported an outflow of ... »

This Week in Breaches: University of Virginia

Nowadays cyber-attacks are more aggressive and more sophisticated, making it even harder for companies and institutions to catch up and keep up with the evolving technology. But sometimes, a common email scam is all takes to infiltrate your security environment. ... »

FortiOS SSH Update

  On January 13, 2016 we reported about a FortiOS SSH exploit, and it looks like it has a larger scope than originally reported. After the original report, Fortinet further investigated their product line and discovered the same vulnerability on some ... »

This Week in Breaches: Hyatt Hotels

In late November of last year, Hyatt acknowledged that malware affecting credit card payment data had been found within their systems. An investigation was launched with third party security companies Mandiant and Kroll, and a public announcement of the breach ... »

Wearable Technology, Just as Susceptible to Account Compromise

Certain Fitbit accounts have been recently reported as compromised. IT security blogging guru, Brian Krebs reached out to Fitbit CSO, Marc Brown, who has confirmed that it is not a massive breach of account databases, but rather stolen individual account ... »

‘Backdoor’ FortiOS Exploit!

FortiOS is an operating system that powers Fortinet’s firewall platform, FortiGate. On January 9, 2016, an exploit for an SSH backdoor in the FortiGate operating system was posted to the Full Disclosure mailing list. In a statement released by Fortinet ... »

The end is near, for older versions of Internet Explorer

Say au revoir to Internet Explorer 7-10 and bonjour to Internet Explorer 11 … at least from a tech support standpoint. Today is the official day Internet Explorer officially drops support for its earlier versions. A notice on the Microsoft ... »

This Week in Breaches: Time Warner Cable

The American cable telecommunications company, which happens to be the second-largest cable company in the country, has admitted that 320,000 customer passwords MAY have been obtained[i]. TWC has stated that the email and password details were likely stolen either through ... »

Pearson Vue Credential Manager System Compromised With Third Party Malware

The massive scale of today’s data breaches this year alone are astronomical, Pearson Vue joins that list this week. Responsible for conducting and controlling millions of exams for people all around the world each year in nearly every walk of industry. ... »

Meet eDellRoot, The Rogue Certificate

Say hello to eDellRoot, the next major vulnerability to hit the enterprise information technology and security landscape. Dell, being one of the world’s largest computer manufacturers, has reported a vulnerability concerning a Self-Signed root certificate that is breaking HTTPS. It ... »

SecTor 2015 Recap

Every year SecTor brings together experts from around the world to share their latest research and techniques involving underground threats and corporate defences. The conference provides an unmatched opportunity for IT Professionals and Managers to connect with their peers and ... »

Sophos Guest Blog: Got encryption? Consider these 6 things to choose the right encryption solution

With the proliferation of data and the need to access it from anywhere at any time, encryption is rapidly emerging as the best place to start your data security strategy. Despite some common ideas about encryption that it is too ... »

Guest Blog Post: Centrify ‘Fundamental Security Controls Most Overlooked’

When we take a look at the security industry as a whole there is a focus on all the various APTs and Zero Day-sorts of unknown attacks. However with the rush to fight the good fight; the basics of authentication, ... »

iPhone iOS Threat: Ins0mnia Never Sleeps

FireEye researchers discovered a vulnerability (ins0mnia) in iPhone iOS allowing potentially malicious applications to run continuously in the background, even after it appears that the user has closed them. This vulnerability, critically affects non-jailbroken iOS devices: malicious software designed to ... »

Online Infidelity Site, Ashley Madison, Target of Breach Of 37+ Million Users’ Data

The Canadian owned adult dating site for spousal affairs was the victim of a huge data breach on Monday—potentially exposing millions of users’ real names, nude photos, sexual fantasies, as well as billing address and financial information—a breach which raises ... »

An Enemy of the Internet

A cache of documents that has recently surfaced has provided a captivating look into the world of commercially available cyberwar software. The documents reveal many details of the products and clients of Italian company Hacking Team, an organization labeled ‘an ... »

Breach of Houston Astros Has Big Implications for Corporate Cyber Espionage

An ongoing FBI investigation has uncovered the cyber-espionage and breach of  the Houston Astro’s organization allegedly by the St. Louis Cardinals. Even though cyber-espionage is not a new phenomenon, it has historically been the wheelhouse of intelligence-gathering or intellectual property ... »

Tripwire Gold Status Partner

Secure Sense is happy to announce our recent move to a Gold Status Partner with Tripwire. Currently, we are the only Gold level Canadian Tripwire reseller in all of Canada. Tripwire has played an integral role in our Security profile ... »