Blog - Industry


Ukraine Invasion Cyberattack Preparation

Russia has engaged in an invasion in Ukraine and has issued a warning to all outside parties that all interference would be retaliated against. Cyber attacks against targets in Ukraine are nothing new, though there has been an increase lately. ... »

More Orgs Suffered Successful Phishing Attacks in 2021 Than in 2020

Enterprise organizations appear to be falling even further behind in their battle against phishing threats despite heightened awareness of the problem and efforts to curb it. A new study shows that in 2021 more organizations experienced at least one successful ... »

Predictions for 2022: Tomorrow’s Threats Will Target the Expanding Attack Surface

By Derek Manky at Fortinet According to FortiGuard Labs, 2022 is shaping up to be a banner year for cybercriminals, with ransomware on the rise and an unprecedented number of attackers lining up to find a victim. Attacks will continue to span the ... »

Shopping Safely Online over the Holidays

The holiday season is upon us, which means wallets are burning holes in pockets around the world faster than a Yule log. While you’re compiling wish lists and shopping lists, this is also the time of year many cybercriminals roll ... »

Security Technology: SD-WAN

Welcome to the last week of Cyber Security Awareness month! So far, we’ve really focused on being cyber aware in regards to current types of threats (phishing and ransomware for example) and the importance of training staff and being prepared ... »

Ransomware Awareness & Response

Welcome back to Cyber Security Awareness Month with Secure Sense! Last week we discussed human error in cyber security and the importance of training your employees to avoid being a victim of a phishing scheme or social engineering attack. This ... »

Security Awareness Training

Welcome back to cyber security awareness month with Secure Sense! Due to the current climate, many organizations have transformed their business to run mainly online, and may even have moved their employees to work completely remote. It’s extremely important to ... »

The Value of a Secure Sense Managed Service

It’s October and you know what that means – Welcome back to Cyber Security Awareness Month with Secure Sense! Last year, we talked a lot about the new “cyber norm” as 2020 was the year for changes and transitions into ... »

Back to School: Strengthening Your Security Posture

As we prepare for the upcoming school year, it is still uncertain whether or not students and teachers will end up in the online classroom once again. Given that there is a possibility of this happening as we head into ... »

PwnedPiper: Armis Identifies Nine Vulnerabilities in Hospital Infrastructure

Swisslog Healthcare, the providers of the leading solution for pneumatic tube systems (PTS) in North America, released a statement yesterday regarding nine vulnerabilities in their Translogic PTS system identified by Armis. Swisslog Healthcare’s Translogic PTS system is used in over ... »

Examining the Role of Zero Trust Access in OT Security

By: Rick Peters, CISO Operational Technology, North America, Fortinet This is a summary of an article written for by Rick Peters, CISO, Operational Technology North America at Fortinet. The entire article can be accessed here.  As operational technology (OT) networks become ... »

Get It From The Source: Avoiding Covid-19 Vaccine Scams and More Trending Phishing Tactics

People are getting vaccinated! As Covid-19 infection and hospitalization rates decline again, we’re hopeful this time is different and with enough people getting access to effective vaccines there is light at the end of the tunnel to end the pandemic ... »

Tackling OT Security as Networks Converge

By Rick Peters, CISO Operational Technology, North America, Fortinet This is a summary of an article written for by Rick Peters, CISO for Operational Technology, North America at Fortinet. The entire article can be accessed here. Through the convergence of IT and Operational ... »

Utility and Energy Security Exchange Forum

Secure Sense is very excited to announce a new program called the Utility and Energy Security Exchange Forum (UESX). The UESX will provide tools and resources to help address cyber security challenges that organizations in the Utilities/Energy industry face daily. ... »

Data Privacy in 2021

As we recently recognized Data Privacy Day, it is an annual reminder to raise security awareness and promote data protection best practices, especially during times like COVID-19 when remote work creates more cybersecurity concerns and attackers have become more active ... »

IoMT Security in Healthcare

Happy New Year and welcome back to the first work week of the year! As we move into 2021, we can look back into 2020 and see that it was a tough year for many industries as the pandemic brought ... »

Top Cybersecurity Trends to Watch for 2021

What new cybersecurity trends, threats, and events can we expect to emerge in 2021 and beyond? Before we go there, let’s consider what we have learned now that 2020 is winding down. BeyondTrust’s annual cybersecurity predictions are projections of possibilities we ... »

CrowdStrike’s 2020 Global Security Attitude Survey: How Organizations Fear Cyberattacks Will Impact Their Digital Transformation and Future Growth

Senior IT and security decision-makers around the world are concerned that the global pandemic and rapid adoption of a work-from-anywhere business model could negatively impact future growth, according to our study released today. Results of CrowdStrike’s third annual Global Security Attitude ... »

Tips To Stay Safe During Black Friday & Cyber Monday

This year, Black Friday might look a bit different than recent years. As we work through the second wave of the pandemic, many people will be looking to take advantage of Black Friday deals online, turning Black Friday into an ... »

#LoveYourJob – Crew Interview with Lucy

We’re back with another crew interview with one of our Customer Success Managers, Lucy!  First things first, coffee or tea? I am a coffee person especially when Kevin makes it. In the afternoon, I usually opt for a boiling hot ... »

Cyber Security Training: Why Everyone Needs It

Welcome to the final blog of cyber security awareness month! We’d like to finish off this week of Human Disadvantage and Security to discuss the importance of cyber security training and why it’s important for all organizations to implement training ... »

Password Hygiene and Security

Many of our daily activities have moved to the internet such as reading our mail, banking, watching movies, and shopping. But what do all of these activities have in common?  If you guessed passwords, than you are absolutely correct! All these accounts we set up require passwords and too ... »

Are You Cyber Strong?

Welcome to the last week of Cyber Security Awareness Month! As we wrap up this month, we will be discussing the Human Disadvantage and Security. Today we’re breaking down what it means to be cyber strong and staying secure. If ... »

The Importance of Professional Services in Cyber Security

Continuing on the broader theme of Security Awareness and Security Services, we turn our attention to the important role that Professional Services play in the security industry. A wise person once said that knowing what one does not know is ... »

The Real Value of a Managed Service

We’ve entered week three of Cyber Security Awareness Month and we’re excited to turn our focus to the importance of a managed security service and how working with a service provider can keep your organization safe and out of the ... »

Week 2: Pop Quiz Answers and Winner!

Happy Monday and welcome to the third week of Cyber Security Awareness Month! Thank you to those who participated in our Pop Quiz on Friday. Continue reading for the pop quiz answers below! We have entered all participants (with correct answers!) in the draw and your name ... »

Security Technology: Private WAN & SD-WAN

Written By: Matthew Watkinson As discussed in our previous blog (you can check it out here), being technology aware is important in today’s landscape as threats and security are advancing at a rapid rate.  Sometimes we face challenges in finding the right technology for our organization, one being long-term, cost effective solutions.  As we near the end ... »

Security Technology: Next-Gen Endpoint Protection

Week two of Cyber Security Awareness Month is among us and this week our focus is on Security Technologies and knowing what it takes to keep our organizations safe. Today we will discuss Next-Generation Endpoint Protection and what “Next-Gen” means ... »

How to Protect Against Coronavirus Phishing Scams

Given the current state, holidays, and special cyber shopping sales, are no longer the only days to worry about email phishing scams. As mentioned in our previous blog (you can catch up here), the pandemic has resulted in a major ... »

The New Cyber Norm

Cyber Security Awareness Month Commences! It’s the most wonderful time of the year… Cyber Security Awareness Month! In true Secure Sense fashion, we want to arm you, the people, with our top security knowledge, tips and tricks to keep your ... »

Securing the Evolving Workplace: Zero Trust and COVID-19

By: Bassam Khan Many companies have had to drastically, and quickly, restructure the way they work in the face of the COVID-19 pandemic over the past few weeks. For those businesses that were able, their entire workforce switched to working from ... »

How To Make Distance Learning Secure

Distance learning has become the norm for families across the country in the past few months as education leaders try to keep staff and students safe. While we approach the fall season- and back to school, it is unclear how ... »

The Email Gateway May Be More Relevant Than Ever

Phishing attacks, both targeted and broad spectrum, have become commonplace in the workplace and private life. If you have an email account, you have probably received at least a few offers to help a desperate, ex-communicated Prince in a far-off ... »

Social Engineering Attack Enabled Hackers to Penetrate Twitter’s Administrative Systems and Hijack High-Profile Accounts

In one of the most extraordinary and high-profile cyberattacks ever made public, hackers on July 15 compromised Twitter’s administrative systems and hijacked the social media accounts of prominent politicians and business leaders. The attackers then used those accounts to masquerade ... »

What is Breach and Attack Simulation from Cymulate?

Written by: Mike Talon One of our site visitors asked a pretty popular question recently: “What, exactly, is Breach and Attack Simulation (BAS)?” Let’s dive in and have a look at this form of security control testing. So, what are ... »

Emergency Enablement for Remote Work: Secure Virtual Desktop Edition

By: Matthew Watkinson “These are unprecedented times.” A sentiment rendered no less true despite my disdain for hearing this phrase multiple times a day. We ARE in unprecedented times. We live in a world where the majority of the workforce is no longer in ... »

Emergency Enablement for Remote Work: Endpoint Protection Edition

By: Joel Young We are currently navigating unprecedented times of a global pandemic, but as the World Health Organization’s announcement on March 11th emphasizes, for the first time in history it is also one we may be able to control if impacted nations’ ... »

Emergency Enablement For Remote Work: Office 365 Edition

By: Matthew Watkinson Many organizations leverage Microsoft Office 365 currently hosting over 200 Million user accounts. Windows 2008 R2 Support terminating in January of this year, it was an easy business decision to migrate the service, since servers were being ... »

Customers Choose Fortinet Secure SD-WAN for a Cloud-Ready Branch

Why a Healthcare Agency in the Middle East Chose Fortinet’s Secure SD-WAN Solution to Connect Nearly 150 Clinics to their Private Cloud Organizations increasingly rely on new business applications to deliver valuable resources and services, and nowhere is this more ... »

Threat Of Iranian Cyberattacks: What Are The Risks?

The US Department of Homeland Security is warning organizations of potential Iranian cyberattacks. While this is no strong indication that Canada would be targeted for cyberattacks by Iran, the overall risk is heightened, especially for Canadian companies operating in or ... »

Time to Warn Users About Black Friday & Cyber Monday Scams

Warn your employees to avoid the inevitable scams associated with these two “holidays,” or you risk compromising your company’s network. With Black Friday and Cyber Monday right around the corner, cybercriminals are switching tactics. Rather than preying on the fear ... »

8 Holiday Security Tips For Retailers

Once again, the holiday season is upon us, and for retailers, that means an especially busy time. Online sales, for example, are expected to jump 14% to 18% this year compared to 2018, according to the 2019 Deloitte holiday retail survey. ... »

Smart Prevention: How Every Enterprise Can Create Human Firewalls

Organizations of all sizes should include both human firewalls and virtual tools in their cybersecurity budgets. The average cost of a data breach is now $3.92 million, according to IBM and Ponemon. Hackers are taking advantage of the many smart and ... »

Avoiding the Zombie Cloud Apocalypse: How to Reduce Exposure in the Cloud

Moving to the cloud can feel like an impending zombie apocalypse as you wonder who could gain access to your assets and launch attacks against your company once you migrate. Going into the unknown can be unnerving for many companies ... »

Secure Sense Partners with LogRhythm to Offer Industry’s First Unlimited Data Plan for SIEM

Burlington, ON – October 1, 2019 – Secure Sense is now offering an unlimited data plan for SIEM through its partnership with LogRhythm. While other vendors in the industry have previously claimed to support unlimited data plans, those promises have ... »

How To Protect Yourself From SMiShing Attacks

We’ve all gotten them – a random text message from your bank, your phone provider, or even someone claiming to know you or a family member. Scammers are everywhere and not only do they send phishing attacks to your email ... »

Securing Your Dynamic Cloud Strategy

Historically, the transition from older technology to new technology is pretty straightforward. While a handful of folks using an Underwood manual typewriter may have been reluctant to give them up, the majority of users were eager to switch to an ... »

Back-to-School Scams Target Students with Library-Themed Emails

Students should keep their eyes peeled for phishing emails purporting to be from their colleges, as well as online student resources laced with malware, researchers warn. College students settling back into school might want to think twice before clicking on ... »

What We Can Learn from the Capital One Hack

KrebsOnSecurity brings us an overview on what we can learn from the Capital One hack and information about the ongoing investigation. On Monday, a former Amazon employee was arrested and charged with stealing more than 100 million consumer applications for credit from Capital ... »

13 Tips For Good Cyber Hygiene At Black Hat And DEF CON 2019

Our partner, Mimecast, brings us some tips to make sure your devices are secure while at Black Hat and DEF CON in August. These events have become a target for attackers and you should take extra precautions before and after the ... »

7 Ways Hackers Steal Your Passwords

We never stop hearing about passwords in the news and there are plenty of tips and tricks to help avoid having your password stolen – but do you know some of the most common ways hackers get a hold of ... »

What Is A Cybersecurity Framework And Why Is It Important For Your Organization?

Cyber attacks are constantly happening around the world and evolving every day to become more sophisticated, making it very difficult to proactively prevent all unforeseen attacks. So what can you do as a reactive approach to save your organization? Proper ... »

Threatlist: 68% of Overwhelmed IT Managers Can’t Keep Up with Cyberattacks

Most respondents in a recent survey say they’re losing the battle despite having up-to-date protections in place. IT managers feel overwhelmed by the volume of cyberattack attempts, with most of them admitting that successful hacks of their company networks are ... »

Magecart Hackers Infect 17,000 Sites Through Misconfigured Amazon S3 Buckets

Magecart strikes again! Cybersecurity researchers have identified yet another supply-chain attack carried out by payment card hackers against more than 17,000 web domains, which also include websites in the top 2,000 of Alexa rankings. Since Magecart is neither a single ... »

Study Reveals Phishing Identification and Data Protection Are the Top Problem Areas for End Users

Proofpoint, Inc., (NASDAQ: PFPT), a leading cybersecurity and compliance company, today released its fourth annual Beyond the Phish® report, which examines end user understanding of a broad range of cybersecurity topics and best practices. The report features analysis of data related to nearly ... »

Security Tips To Keep Your Summer Vacation Fun

Summer is finally here and many of us are taking advantage of the nice weather to take some time off! Before you head out on your much needed summer vacation, don’t let your guard down when it comes to your ... »

Privileged Threats & the Top-6 Privileged Access Security Priorities

Privileges facilitate essential operational functions across an enterprise, enabling users, applications, and system processes elevated rights to access specific resources and complete work-related tasks. Yet, the potential for misuse or abuse of privilege by insiders, malware, and external threat actors ... »

Rethinking Security in Cloud Networking

Every CXO worries about security because the perimeter is changing; in fact, there are no walls for protection. The lines between cloud, workloads, applications, enterprise networks and hosts are blurring and the challenges are getting exponentially greater. The true security ... »

Camp Secure Sense 2019 Recap

Thank you to everyone who made it out to Camp Secure Sense 2019! We appreciate each and every one of you that took time out of your professional and personal lives to come celebrate our 5th year anniversary. This event ... »

CrowdStrike CTO Explains “Breakout Time” — A Critical Metric in Stopping Breaches

This video features CrowdStrike® Co-founder and CTO Dmitri Alperovitch discussing why “breakout time” is a critical measurement for organizations trying to stop a breach. As Alperovitch explains, “Breakout time is the time between when an intruder gets on a machine, ... »

Addressing the Challenges of Moving Security to the Edge

By: John Maddison, Senior Vice President, Products and Solutions For many organizations, the network perimeter has been replaced with a variety of new network edges. Many of these include unique challenges that can severely complicate an organization’s ability to maintain ... »

Protect Your Data With Super Easy File Security Tricks!

By: Andy Green Data security is an all-encompassing term. It covers processes and technologies for protecting files, databases, applications, user accounts, servers, network logins, and the network itself. But if you drill down a little in your thinking, it’s easy ... »

The Canadian Bacon Series: Creating a Supported Security Architecture

by: Jason Maynard As security practitioners we pride ourselves on our ability to respond quickly to remediate threats and minimize the impact they have on our business. We all know at some point a breach will happen. But the constant ... »

How to Use Incident Response Reporting to Drive Cyber Security Decisions

In its Q1-2019 Forrester Wave™ report, Forrester Research recognized FireEye as the undisputed industry leader in the Cybersecurity Incident Response Services category. Our unique synthesis of digital forensics, human intelligence (HUMINT) and a global machine learning network generates innovations such ... »

APT shutout: Building for the Cyber Security Playoffs

By: Matthew Balcer – SentinelOne Canada Most CIOs, CSOs, Security Analysts, Security Admins wake up every morning assuming that the solutions they’ve put in place, the solutions they have invested in on behalf of their organization, have kept their environment safe. ... »

Let’s Get Offensive – The Pros and Cons of Diverse Security Testing Methods

Most IT teams only know if they are protected against a cyber attack when one actually occurs. Organizations spend considerable resources to ensure that they have the best defenses in place. Yet the only way to ascertain those tools’ effectiveness ... »

Overcoming Your Vulnerability Overload with Predictive Prioritization

Tenable introduces Predictive Prioritization, a groundbreaking, data science-based process that re-prioritizes each vulnerability based on the likelihood it will be leveraged in an attack. Are you feeling overloaded by the number of vulnerabilities facing your organization daily? You’re not alone. ... »

#LoveYourJob – Crew Interview with Kevin

Happy Monday! We’re here with Kevin, one of our Customer Success Managers, with another edition of  #LoveYourJob. First things first, coffee or tea? Coffee is life Tell me about your role at Secure Sense: My role as Customer Success Manager ... »

SC Magazine Names CrowdStrike Falcon X Best Threat Intelligence Technology at RSA

CrowdStrike’s incredible success at this year’s RSA event included winning the SC Magazine 2019 Trust Award for Best Threat Intelligence Technology for Falcon X™, our automated threat intelligence solution and part of the comprehensive CrowdStrike® Falcon® platform. In giving Falcon X technology this ... »

FireEye M-Trends 2019: Hidden Phishing Risks During Mergers and Acquisitions

Partner, FireEye has released their most recent M-Trends report which looks at some of the significant trends and shifts of 2019, including the Hidden Phishing Risks During Mergers and Acquisitions. FireEye had previously discussed the risks of integrating a compromised ... »

Do You Love your Customers? 3 Tips to Secure Data and Protect Your Customers and Employees

With regulations like GDPR and high profile data breaches making headlines, businesses have an obligation to not only comply with data privacy laws but go above and beyond to secure proprietary, sensitive, consumer data like never before.   What are ... »

The 5 Biggest Cybersecurity Predictions For 2019

Solution providers will have to contend with a multitude of security-related challenges in 2019 ranging from nation-state and supply chain attacks to increased activity around biometrics and cryptomining. Here’s are 5 cybersecurity predictions for 2019: Increased Social Engineering Will Force ... »

ThreatList: Holiday Spam, the Perfect Seasonal Gift for Criminals

It’s no surprise, consumers are much more likely to fall for spam during the holiday season. Maybe holiday cheer makes people less cynical. If so, that explains why social-engineering spam tactics prove to be more effective during the festive season. ... »

#LoveYourJob: Crew Interview with Pat

Happy Monday, morning folks! It’s December 10th, which means only 15 days until Christmas and this month’s #CrewInterview with sales extraordinaire, Pat Daly. First things first, coffee or tea? Without question Coffee from Tim’s…1 C, 3 S…sugar is my vise…need ... »

Attention Holiday Shoppers! 5 Tips To Beat Seasonal Cybercriminals

The festive spirit isn’t the only thing that’s infectious as the 2018 holiday season approaches. It’s typically the time of year when we see an uptick in cyber theft. With online spending expected to increase 14.8% compared to 2017, representing a huge ... »

How Fileless Malware Changes The Way We Treat Cyber Threats

Traditionally, AV and other endpoint security products have focused on files (executables) to detect and prevent malware. There are several advantages to this. Files can be hashed, queried in reputation services, examined by both static analysis and machine learning, and ... »

Explaining Canada’s Data Breach Regulations

Digital technology has served as a catalyst for modernization; however, it also created new opportunities for corporations to hide information from consumers. Tackling this issue, the Federal Government released new regulations requiring companies to report data breaches in a timely ... »

The Human Element: How to Protect Your Greatest Asset and Your Greatest Risk on Social Media

Kicking off National Cyber Security Awareness Month, we thought today’s Fox Friday would be a great opportunity to discuss protecting your greatest asset and greatest risk on social media with partner, ZeroFox. Experts agree: the greatest cybersecurity risk modern businesses ... »

#LoveYourJob – Crew Interview with Connor

Happy Monday, all! We’re back with another edition of #LoveYourJob, with SOC Analyst, Connor. First things first, coffee or tea? Coffee, always.  Tell me about your role at Secure Sense: Right now I am an analyst in our SOC (Security ... »

Thousands of WordPress sites backdoored with malicious code

Malicious code redirects users to tech support scams, some of which use new “evil cursor” Chrome bug. Thousands of WordPress sites have been hacked and compromised with malicious code this month, according to security researchers at Sucuri and Malwarebytes. All compromises seem to ... »

Why avoiding social media might make your business less safe

Social media has rapidly become a standard for digital communications and business connectivity, providing organizations with unprecedented ability to build brand, engage customers and expand their reach. Despite recent negative headlines, social networks usage for businesses and their employees alike ... »

Top Cyber Trends in Healthcare Today

The healthcare sector received more than half of all cyberattacks in 2017. The cybersecurity professionals at Fortinet, sat down with National Healthcare Practice Director at Fortinet, Sonia Arista to get her professional perspective on the key cybersecurity trends impacting the healthcare space today. What would ... »

#LoveYourJob – Internship Edition

We’re thrilled to bring back, a fan favourite – #LoveYourJob / Crew Interview of the people of Secure Sense. Today you will be meeting Mark, our summer intern. First things first, coffee or tea? Coffee. Tell me about your role ... »

What is Vulnerability Management

Vulnerability Management is the key for a safer future for your organization. It’s safe to say that the WannaCry Ransomware attack was one the worst attacks in recent history, approximately 200,000 devices were infected. Well, what if we told you ... »

New Ransomware Offers Free Decryption if you Infect Two Friends

A new ransomware dubbed ‘Popcorn Time’ offers you a free decrypt if you infect two friends. Let’s say it how it is, getting infected with ransomware sucks a lot. You either need to wait it out and hope a free ... »

Hacky Hack Hack

A 14-year-old Australian boy hacked into Apple servers and downloaded 90GB in documents The 14-year-old teen from Melbourne Australia was found to have broken into Apple servers and downloaded approximately 90GB of information. When law enforcement intercepted him, they confiscated ... »

Keypass Ransomware Shows More Dangerous Attacks are on the Way.

The ransomware has a manual switch that allows for more sophisticated attacks. Appearing only last week, the Keypass ransomware has already taken hundreds of devices hostage. Mainly infecting users Brazil and Vietnam, the software has spread worldwide and infected devices ... »

Why Should Organizations Use A Managed Service Provider?

Today, business owners have hundreds of things to worry about, coupled with the rise of cybercrime it becomes increasingly difficult to stay on top of everything. Bad actors work around the clock to find exploits in our networks and damage ... »

Has Tennis Turned into a Cybersecurity Battle Ground?

Wimbledon ended earlier in the summer, yet, their cybersecurity team works year round Often dubbed the grandest tennis tournament, Wimbledon hosts the greatest stars in the world for a few weeks of tennis. Founded in 1877 the tournament stays true ... »

Ivy League University Suffers Data Breach, Only Finds Out a Decade Later

Yale University suffered a data breach in 2008 leading to 129,000 affected people Located in New Haven Connecticut, Yale University is one of the most prestigious in the US. Producing alumni like; Hillary Clinton, Anderson Cooper and Indra Nooyi. Yet, ... »

Hackers Shoot for PGA Ransomware Success

The latest ransomware attack of the summer impacts golf’s governing body Early Tuesday morning officials at the Professional Golfers Association (PGA) found that their systems had been compromised. The group discovered the attack when they attempted to access documents, but ... »

Has the ‘Unhackable’ Wallet Been Hacked?

A week after launch Pen Testers say they have successfully hacked into the Bitfi wallet. July 2018 saw cryptocurrency hardware wallet manufacturer Bitfi offer a $100,000 (later raised to $250,000) bounty for anyone that was able to hack into their ... »

Google’s Summer Privacy Changes

#1: Google is implementing a new privacy system that lets you know if you are being attacked by the government Last week, Google announced they were adding a feature that notifies organizations if they believe one or more user accounts ... »

Major Apple iPhone Supplier Attacked with Virus

The virus is expected to cost the manufacturer $255million Taiwan Semiconductor Manufacturing Co (TSMC) announced that on Friday they faced a security incident. The incident started when a software tool failed to install, therefore, requiring it to be connected to ... »

What You Need to Know About the Reddit Breach

On August 1st, Reddit announced a breach where an attacker was able to access user data. In an official Reddit post, Reddit made a quick statement and said; A hacker broke into a few of Reddit’s systems and managed to ... »

Prisoners Steal $225k From Inside Prison

Using an exploit found in a payment tablet, prisoners were able to fraudulently increase their balance Idaho State prison officials said they recently found an elaborate scheme of 364 inmates exploiting a software vulnerability found in JPay . Through the ... »

Earn $10,000 to Hack into your Printer!

You heard it right, if you can hack into your HP printer you could be awarded a $10,000 reward. As the IoT is set to further explode into mainstream life, security professionals get ready for the impossible challenge of defending ... »

New Malware Maximizes Attackers Profits

New Russian born malware chooses if users should be attacked with Ransomware or Crypto Script. Historically, ransomware attacks have been strictly infecting computers with ransomware. While crypto attacks have been infecting CPU’s with crypto mining scripts. However, hackers have found ... »

How UEBA Can Save Your Organization From Internal Threats

A recent 2017 study shows that 69% of organizations were impacted by a form of internal data theft. UEBA can help. Everyone has heard about external threats, whether this be ransomware like WannaCry, crypto jacking or phishing. Yet, no one ... »

Resurgence of WannaCry?

The ransomware the took thousands hostage last year is back. But this time it’s different. Last year you may remember hearing about the WannaCry ransomware. The virus spread like wildfire and ended up infiltrating large organizations like the UK’s NHS ... »

FortiOS 6.0 Transforms Security to Enable Digital Transformation: 5 Highlights from Our Camp Secure Sense Presentation

We recently had an opportunity to deliver a presentation on FortiOS 6.0 at the Camp Secure Sense customer and partner conference in southern Ontario, Canada. With some of the most well-known organizations under the Maple Leaf Flag in attendance, the ... »

Fitness App Causes a Security Risk in High Ranking Military Officers and Spies

Polar Flow announced a halt to their Explore feature among security threats Polar is a Finnish based fitness accessory company that focuses on smartwatches, bike computers and similar fitness devices. These devices are connected to their mobile application POLAR flow, ... »

How the Rise of Cryptocurrencies Fueled Cyber-Criminals

Since the start of the year, there has been a fivefold increase in phishing attacks for cryptocurrencies. In 2016, Initial Coin Offerings (ICO’s)- essentially crowdfunding for cryptocurrencies- collected around $240 million. 2017 brought in over $5.5 billion in ICO’s. This ... »

Amazon Prime Day: Christmas for Adults

Amazon made just made the start of this week much better! Prime Day gives you the next 36 hours to completely revamp everything in your house. For those of you unfamiliar with Prime Day, it’s like black Friday where millions ... »

Friday the 13th Recap of 2018 Cyber Scares

2018 is just over halfway done but we’ve still seen a few large-scale hacks What better day to reflect on the biggest cybersecurity stories of the year than Friday the 13th. Did you know, Friday the 13th has been a ... »

Halfway Analysis of 2018 Predictions

It’s hard to believe that we’re past the halfway mark of 2018. It seems like just yesterday we were putting up the Christmas trees and celebrating the new year. At the end of 2017, our partner Varonis wrote a blog ... »

Camp Secure Sense Recap

The Camp Secure Sense recap you’ve all been waiting for. Camp may have ended in June, but the memory will live on! We hope that everyone had a fantastic time and we are extremely thankful that over a 100 of ... »

Did you Sell Your Data to see Your Favorite Band?

Global ticket distribution company Ticketmaster recently identified malicious software in their automated chatbot. The breach was found by Ticketmaster UK on Saturday June 23rd, 2018 and affected less than 5% of their global customer base. However, “Customers in North America ... »

Phishing Intelligence Engine (PIE): Open-Source Release

By Greg Foss We are pleased to announce the release of the LogRhythm Phishing Intelligence Engine (PIE), an integrated application with LogRhythm’s Threat Lifecycle Management (TLM) platform. What is Phishing Intelligence Engine (PIE)? LogRhythm’s PIE can help streamline and automate ... »

It’s Canada Day Long Weekend, do you know who’s watching your network?

Imagine this, you’re relaxing on your dock or your porch enjoying the weather, burgers are grilling, and laughter fills the air. It sounds quite picturesque, right? But then, your phone rings, your network has been compromised. It’s no surprise, nearly ... »

Do Employees Really Fall Victim to Phishing Attacks?

A recent study conducted by security firm Positive Technologies found that 27% of participants fell victim to a form of social engineering. In the study, white hat hackers at Positive Technologies acted as true hackers and sent three groups of ... »

Mozilla Integrates ‘’ Into its Firefox Browser

The partnership allows Mozilla Firefox users to easily check if their data has ever been leaked. In an increasingly digitized world our data becomes more and more precious. Nowadays, we keep everything online, banking details and personal details just to ... »

Secure Sense Ranks #150 on the Branham300 Top 250 Canadian ITC Companies List

Now in its 25th year, the Branham300 is the definitive listing of Canada’s top publicly traded and privately held ICT companies, as ranked by revenues. Burlington, Ontario, Canada — June 27th, 2018 — Today, Secure Sense Solutions (“Secure Sense”), the ... »

Attackers Take Advantage of Fortnite’s Late Android Release

Sorry Android users, there are no shortcuts to get Fortnite early. The past few months has seen the exponential rise of Epic Games battle royal style game, Fortnite. The game has 100 users/ lobby drop into an open map where ... »

Fatboy Ransomware uses Big Mac Index to Calculate Price Demands

A recently discovered ransomware-for-hire scheme named Fatboy calculates regional ransom demands based on the publicly available Big Mac Index. The Big Mac Index is an economic measure used to find the purchasing power parity – an approximation of what consumers ... »

Hackers Shooting for World Cup Success with New Phishing Attack

The World is captivated by the biggest event in sports, the FIFA World Cup. However, hackers are using World Cup frenzy to take advantage of unsuspecting individuals. Check Point Software Technologies recently reported a phishing campaign where individuals are prompted ... »

How to Respond to Today’s Dynamic Threat Landscape

“Counting attacks is fruitless. Taking action based on trends and vulnerabilities is the best step.” This quote comes from the recently published Gartner report, How to Respond to the 2018 Threat Landscape. With today’s changing threats, the reality is that security ... »

What Everyone Must Know About Camp Secure Sense

In a few days over 100 cybersecurity professionals from around Canada will be together for the 4th annual Camp Secure Sense. Camp Secure Sense is our 2-day, 1-night security conference. Supported by our best-of-breed security partners, Camp offers guests’ today’s ... »

A Brief Explanation of Cryptojacking

2017 saw a 1200% appreciation in the value of the cryptocurrency market. In 2016 Initial Coin Offerings (ICO’s)- IPO’s for the cryptocurrency market- collected around $240 million. 2017 brought in over $5.5 billion in ICO’s. With this in mind, how ... »

Journey to the AI-Enabled SOC: Advancing the Science of Threat Detection

Artificial Intelligence (AI)-enabled analytics offer great promise for furthering the science of advanced threat detection. While it is difficult to imagine AI superseding the cognitive and instinctive power of talented security analysts and threat hunters in the immediate future, AI ... »

Roaming Mantis Takes the World by Storm

Back in April a form of Domain Name System (DNS) virus was reported in Southeast Asia. The virus dubbed ‘Roaming Mantis’ would hijack a device and incorrectly translate a URL into an IP address. This process is standard in computing ... »

The Digital Transformation of Enterprise

The Internet of Things is emerging as one of the most significant technology developments of our time. Connecting people and things will be the new norm for consumers, but behind the scenes, IoT is already transforming how enterprises develop, market, ... »

Is Your Car Vulnerable to Cyberattack?

To put it simply; yes, your car is vulnerable to cyberattack. As automobiles become increasingly digitized the attack surface also increases. Recently, a group of Chinese white hat hackers at Keen Security Lab found 14 vulnerabilities in BMW cars. These ... »

How to build a social media protection program: a 10-step guide

Building a social media protection program is a must-have in the modern age. Business are increasingly exposed to risks — cyber, brand and physical — on social media and digital channels, all of which exists unregulated and outside of the ... »

DNA Testing Site MyHeritage Hacked

On Monday, popular DNA testing kit provider MyHeritage reported that 92million user accounts were compromised in a cyber-attack, this accounts for 96% of their customer base. The only data effected included email addresses and hashed passwords. While the breach was ... »

The 9 Most Vital Network Security Best Practices

An old truism suggests that an ounce of prevention is worth a pound of cure. While this saying is relevant in most aspects of daily life, it becomes especially appropriate when applied to business network security. Data Dangers Thanks to ... »

Hacking Before Mainstream Adoption of the Internet

Over the past 50 years, we have seen an exponential increase in the use of digital products. This growth prompted a rise in touchpoints where hackers can potentially gain access to private information- affecting individuals and corporations alike. Yet, where ... »

What is Cyber Resilience and Why Should I Care?

I’ll be the first to admit it – there’s a lot of acronyms, buzzwords, and catchphrases in the cybersecurity industry today and it can be difficult to understand how a product reflects the core values that give these words life. ... »

Bugcrowd Programs at a Glance

We at Bugcrowd, believe crowdsourced security space is evolving rapidly. At Bugcrowd, we have more first-time Program Owners than ever trying out crowdsourced security economics through our Vulnerability Disclosure Programs and hundreds who have transitioned to on-demand and ongoing Bug ... »

Embracing Security Intent and IBNS

What is IBNS, and what are its advantages?  Intent-based network security (hereafter “IBNS”) helps with several areas that are of top concern for enterprise security leaders: Software-defined networking New application deployment Moving applications across platforms (e.g. on-prem, cloud, virtual, containers) ... »

University of Greenwich Fined £120,000

The University of Greenwich, located in the UK, has been fined £120,000 over a data leak in 2016 where 19,500 student and staff data was placed online. The data included a host of personal details including, addresses, date of birth, ... »

How a Security Fabric Helps You Make the Most of Your Secure Sense Services

As your managed services provider, we employ the best practices and best-of-breed technology—both at its security operations center (SOC) and on your premises—to help ensure the safety of your data and reduce risk. As a managed services client, you expect ... »

How to Close IoT Security Gaps

Protecting IoT devices is currently one of the biggest challenges in network security. These devices are also one of the most common reasons organizations fail network security audits. IoT security challenges are growing at a staggering pace, with Gartner predicting ... »

Saks Fifth Avenue and Lord & Taylor Suffer Massive Payment Card Breach

A few weeks ago, Saks Fifth Avenue, Saks OFF 5TH and Lord & Taylor stores located in North America suffered a massive data breach where hackers stole millions of shopper’s payment card information. This includes credit cards, debit cards, cardholder ... »

Why IT leaders attend Camp Secure Sense

In 35 days, the doors open to Camp Secure Sense 2018. With over 100 IT professionals from various industries attending it’s an event that no cyber professional should miss. Because Camp Secure Sense is a ‘no product pitch zone’ and ... »

What has Google done ahead of GDPR?

Effective on May 25th 2018, the EU is implementing an extensive data protection regulation (GDPR) that provides EU residents greater freedom over their personal data and how it is collected and used.   Over the weekend Google announced the altercations ... »

Italian soccer club SS Lazio loses €2 million from a phishing scam

Italian soccer club SS Lazio was a victim of a phishing scam held by hackers claiming to be Dutch team Feyenoord requesting funds for the transfer of a player. The scammers had insider knowledge of the deal between Lazio and ... »

Cybercriminals attack Under Armor owned App

One of the biggest data breaches in history hit Under Armor owned MyFitnessPal. MyFitnessPal is a smartphone app that tracks users caloric and macro intake. It used to be a lone app, however, in 2015 it was purchased by Under ... »

Is Your Biggest Security Threat Already Inside Your Organization?

The person in the cubicle next to you could be your company’s biggest security threat. The large-scale attacks we’re accustomed to seeing in the news — Yahoo, Equifax, WannaCry ransomware — are massive data breaches caused by cyber criminals, state-sponsored ... »

A Flaw in the LinkedIn Autofill Allows Third-Party Sites Steal Your Data

Not just Facebook, a new vulnerability discovered in Linkedin’s popular AutoFill functionality found leaking its users’ sensitive information to third party websites without the user even knowing about it. LinkedIn provides an AutoFill plugin for a long time that other websites ... »

6 Things to Watch Out for in Phishing Attacks

While phishing attacks may be one of the oldest forms of attacks, they have shown no signs of slowing down. The growth of phishing attacks in both frequency and sophistication poses a significant threat to organizations of all size. It’s ... »

The Dangerous Journey of a Fake WhatsApp App on OneDrive

Partner Symantec, recently discovered a new kind of malicious Android file hosted on a OneDrive account. Here’s what they have learned and how you can take countermeasures. Over the last few years, there has been a tremendous uptick in the ... »

Why Cyber Security is the New Health and Safety

Many people view the Health and Safety at Work Act 1974 as unnecessary and burdensome, but its introduction has had a dramatic impact on reducing accidents in the workplace, particularly within industrial settings. This blog was originally posted by our ... »

Tim Hortons threatens litigation after virus caused cash register outages

An association representing 70 percent of Tim Hortons franchisees is threatening its parent company with legal action after a computer virus caused intermittent cash register outages. A letter obtained by the Canadian Press from a lawyer representing the Great White ... »

Why SMBs Are Easy Targets for the Bad Guys

As malicious hackers turn up the heat, small and medium businesses can’t remain complacent – the threats to their security are real and growing worse all the time. This blog was originally posted by Symantec.  During a recent business dinner, ... »

What is Camp Secure Sense?

At Secure Sense, we do things under our own banner. And it’s no exception when it comes to Camp. But what is Camp you ask? Well, Camp Secure Sense is our take on the traditional ‘steak lunch,’ without being, a ... »

Olympic Destroyer, the malicious file-wiping malware hits Pyeongchang

Security experts say they have identified a destructive malware dubbed “Olympic Destroyer” that was likely used in a cyber attack on the Pyeongchang Winter Olympics during the opening ceremony last week. Winter Olympics officials confirmed on Sunday that a cyber ... »

Why Ethics Matter in Bug Bounties

The bitter truth is, everyone in the world (including you!) is susceptible to cybercriminals. And to no surprise, a security breach has the capacity to debilitate any organization’s reputation. But is it the actual breach or is it how the ... »

Potent SkyGoFree Malware Packs ‘Never-Before-Seen’ Features

A scary Android SkyGoFree malware packs ‘never-before-seen’ features. Researchers have identified a powerful new Android virus strain called Skygofree malware, capable of eavesdropping on WhatsApp messages, siphoning private data off phones and allowing adversaries to open reverse shell modules on ... »

Forever 21 Breach Lasted Over Seven Months

If you shopped in a brick-and-mortar Forever 21 store this year, your credit card information may have been compromised due to the company’s failure to turn on encryption in some of its point-of-sale (POS) terminals which resulted in a 7-month ... »

2018 Cybersecurity Predictions

Looking back, 2017 had all the twists and turns of a good disaster movie. Hackers steal and leak the NSA’s powerful exploit kit that’s then unleashed on the world through a Dr. Evilish ransomware-worm hybrid.  Later, a top U.S. credit reporting agency ... »

2017 Holiday Party

Better late than never right? All of us from Secure Sense just want to extend a sincere thank you to all those that attended our first (and very memorable) Holiday Party. The evening was complete with lots of food, drinks, ... »

Email Fraud Continues To Expand its Footprint in Q3 2017

Email fraud, or business email compromise, is a growing threat that impacts organizations of all shapes and sizes. These highly targeted email attacks that spoof trusted executives or partners, often don’t include a payload – such as a malicious URL ... »

Uber Paid 20-Year Old Hacker $100,000 to Hide Data Breach

Last year, Uber received an email from an anonymous person demanding money in exchange for the stolen user database. It turns out that a 20-year-old Florida man, with the help of another, breached Uber’s system last year and was paid ... »

How To Stay Safe When Online Shopping This Holiday Season

As December quickly approaches, we not only welcome the various holiday sales hosted both in-store and online but also the scams that come with it. But how can you really safely, and confidently shop online while getting a good deal? ... »

Online shopping security tips to keep your data safe this Black Friday

The Christmas ads have started, the streaming services are trying to subtly push us into listening to festive music, and the American Thanksgiving is has arrived. Thanks to our partner, Symantec, we have a Black Friday shopping guide to help ... »

Phishing Testing: Building Your Human Firewall

Phishing is becoming a major threat vector for organizations all around the world. Phishing is the exercise of sending illegitimate emails designed to elicit a response from the end user, whether that’s clicking on a link that infects them with ... »

Understanding GDPR & What it Means for Cyber Security

On May 25, 2018, the European Union will begin enforcing the new General Data Protection Regulations (GDPR) that will create one data protection standard throughout the EU. These regulations were designed to create a unified standard for personal data privacy ... »

6 lessons from horror films for avoiding phishing attacks

Most people know enough about horror films to recognize that the victims make the same mistakes time and again. There are the teenagers who follow a creepy noise and walk right into the killer, the couples who ignore warnings about ... »

What do Pumpkin Spice and Cyber Security Have in Common?

Give up yet? The answer, October. Why October? Continue reading to find out how pumpkin spice and cyber security are related. October is the month when the leaves begin to change, and fall, pumpkin spice is considered a food group ... »

Sonic Data Breach Could Have Affected Millions

Sonic first heard about the data breach when its credit-card processor detected unusual activity on customers’ payment cards. Fast-food giant Sonic has disclosed a data breach potentially affecting millions of customers. The chain has nearly 3,600 stores across 45 US ... »

Canadian Business unveils 29th annual list of Canada’s Fastest-Growing Companies

Secure Sense Ranks as Fastest-Growing Information Technology Firm on 2017 PROFIT 500 For Second Consecutive Year. Burlington, September 18, 2017-  Canadian Business and PROFIT ranked Secure Sense as the fastest-growing information technology firm for the second year and No. 20 ... »

CCleaner malware infected 2.27M users

The popular and free software, CCleaner has been reported to have infected 2.27 million users with malware. Here’s what you need to know. Users of a free software tool designed to optimize system performance on Windows PCs and Android mobile ... »

Canadians among 143 million people affected in Equifax hack

Equifax Inc. said its systems were struck by a cyber attack that may have affected about 143 million U.S. customers of the credit reporting agency, shedding light on one of the largest and most intrusive breaches in history. Intruders accessed ... »

Secure Sense First to Achieve BlackBerry Gold Partner Status in Canada

Secure Sense First to Achieve BlackBerry Gold Partner Status in Canada Burlington, Ontario, Canada — September 5, 2017 — Secure Sense today announced it is the first company in Canada to achieve BlackBerry’s Gold Partner Provider status. Part of BlackBerry’s ... »

The Importance of Bug Bounty Programs

Lately, in the news, we’ve seen a dramatic increase in organizations worldwide using a Bug Bounty model, and there have been some huge results. But what is this program and how does it work? The cybersecurity industry is in a ... »

Preparation is the best defence against a ransomware attack

Imagine how well you’d fare in a cage match with an extremely intimidating opponent. Such a nightmare scenario might seem a bit far-fetched to you. Indeed, it’s highly unlikely you’ll ever find yourself trapped and outmatched in the ring in ... »

Malicious ‘Back to School’-Themed Apps Target Young Users Who Don’t Know Better

Bad actors are constantly looking for ways to target unsuspecting users with malware or other digital threats. To increase the likelihood of a successful infection, these nefarious individuals incorporate holidays, current events and significant dates into their attack campaigns. And ... »

Foundational Controls for Common Attacks

In January 2017, Tripwire completed a survey of 403 IT Security professionals about the most common attacks and how prepared organizations are to defend against them. You can read about the details here. There are two important conclusions from the ... »

A Song of Phishing and Passwords via Cylance

Phishing for Developers Hackers are targeting Chrome extension developers with phishing attacks to hijack control over their extensions in the Chrome Webstore. The phishing attacks are very well crafted to display a replica of the real Google login page and use new ... »

#SecurityTipTuesday: Two-Factor Authentication

Did you know, about 63% of confirmed data breaches involved weak, default or stolen passwords? How can this be solved? Two-Factor Authentication. — Source: Verizon 2016 Data Breach Investigations Report  Security Tip # 4: Enable Two-Factor Authentication In the wake of ... »

#SecurityTipTuesday: Be cautious about unsolicited emails

You see an email in your inbox that reads,”Your DHL package has arrived!” Oh fantastic, my package arrived! Wait, did I order anything that’s being shipped by DHL? Let me just click and open the attachment to make sure this is ... »

3 Reasons Why Employees Don’t Care About Cyber Security

According to Verizon’s 2017 Data Breach Investigations Report, which analyzes security incidents that happened last year, again reported that humans were the weak link that led to many of the cyber security breaches. So yes, cyber criminals will generally start ... »

Have you heard of Fruitfly, a near-undetectable Mac backdoor Malware?

Even six months after it was discovered, the first Mac malware of the year is still causing a giant headache. According to ZDNet, the recently discovered Fruitfly malware is a stealthy but highly-invasive infection for Macs that went undetected for ... »

How do SME’s Fight off Cyber Attacks?

(Carbon Black) Does the fact that well-known brands are successfully attacked and breached mean that SMEs are even more at risk of cyber attacks? If SMEs can defend themselves against cyber attacks, how should they go about doing so? We ... »

Can employees learn not to make cyber security mistakes?

We’ve long maintained that technical means are not enough to protect a business from cyber threats. It’s possible for a single person to negate the effect of an entire information cyber security team. In many cases, it may be unintentional, the ... »

Brute Force: Anatomy of a Cyber Attack, Varonis

The media coverage of NotPetya has hidden what might have been a more significant cyber attack: a brute force attack on the UK Parliament. While for many it was simply fertile ground for Twitter Brexit jokes, a cyber attack like this that ... »

#SecurityTipTuesday: Stay Ahead of the Attack and Patch!

There are countless ways that attackers can compromise your network. Malware infected email attachments and compromised websites that deliver harmful scripts, typically tend to take advantage of unpatched vulnerabilities in OS systems, web browsers, and other applications to do irreparable ... »

#SecurityTipTuesday: Provide Training on Cyber Threats

Let’s think back for a second on all the safety lessons we were taught as kids; for example, when you cross a street, you look both ways. It’s so obvious right… Wrong. Cybersecurity or Cyber Threat awareness training is no ... »

Here’s what we know about what could be the latest Petya ransomware outbreak

A significant ransomware attack called Petya is spreading across Europe, Russia, Ukraine and elsewhere. What we know right now Victims so far include British advertising agency WPP (WPPGY), Danish shipping firm Maersk, Russian oil/gas company Rosneft and U.S.-based pharmaceutical firm Merck. ... »

Avoiding Alert Fatigue: Simplify Incident Response

An FBI report released last year estimated 327,374 robberies nationwide, which accounted for an estimated loss of $390 million. Cyber theft is not far different from the physical theft but in fact, it has become the most lucrative way of ... »

#SecurityTipTuesday : Managing Your Passwords Effectively!

Here at Secure Sense, we want the best for you. (But I’m sure you already knew that). That being said, we’ve implemented an epic Security Tip Tuesday series where industry Wizards will be providing you, the people, with the BEST ... »

Stop Business Email Compromise and Imposture Email Threats

According to the FBI, this type of scam has siphoned more than $2.3 billion from more than 17,000 victims—and those are just reported incidents. Alongside Proofpoint, learn how to identify and stop impostor email threats (also known as business email ... »

GhostHook Attack Bypasses Window 10 Patchguard

Security experts have recently discovered a method of bypassing Windows 10 PatchGuard protections and deploying malicious code into the Windows kernel, allowing attackers to plant rootkits on systems previously thought to be impregnable. More than 400 million devices worldwide currently ... »

Google removes another set of malicious apps from play marketplace

Last week we blogged about the importance of having a cybersecurity plan address the risks of Web Applications here. Today it’s been reported that Google has removed not one, but two malicious apps ZTORG Trojans from their play marketplace (and this is ... »

Addressing the increasing risk of web applications

According to Verizon’s recent security report, attacks on web applications are now the leading source of data enterprise breaches, up 500% since 2014. The spike in attacks has caused cyber security professionals to be most concerned about customer facing web ... »

Mouse hovering malware delivery scheme identified, refered to as potentially very dangerous

It’s been discovered that cybercriminals are using a new technique to infect computers that only requires a victim place their cursor over a malicious hyperlink for the malware to be injected. The newly discovered technique was noticed by several cybersecurity ... »

Samsung Galaxy S8 iris scanner fooled by hackers

The Chaos Computer Club recently posted a video showing how they fooled the iris scanner on Samsung’s new flagship phone. The group said that standard PIN systems are more secure. According to TechRepublic, the Samsung Galaxy S8’s iris scanner, which ... »

Adylkuzz Malware That Could Spread More Than WannaCry

The last few days have been understandably exhausting for security teams around the globe due to the nasty ransomware WannaCry or WannaCrypt. The malware spread widely using an exploit for a Server Message Block v1 vulnerability (MS17-010) leaked by the ... »

Protecting Your Organizations from WannaCry Ransomware

Ransomware has become the fastest growing malware threat, targeting everyone from home users to healthcare systems to corporate networks. Tracking analysis shows that there has been an average of more than 4,000 ransomware attacks every day since January 1, 2016. ... »

How to defend against the WannaCrypt global ransomware attack via ZDNet

All the malware’s attack vectors and infection spreads are not yet known, but we do know how to protect vulnerable systems. Friday’s ransomware outbreak is ongoing and while researchers work to stem the tide of infection, businesses, governments, and individuals ... »

Network Access Control: Is it Dead? The History of NAC and How the Evolving Cybersecurity Industry Changed It via Bradford Networks

As enterprise organizations continue to add BYOD, IoT devices, virtual servers/cloud services, switches, routers and offices that are connected and sharing information throughout the globe, the task of identifying and securing these endpoints can seem overwhelming. To manage these trends, ... »

Ransomware incidents surge, education a hot bed for data breaches, according to Verizon

Ransomware incidents have surged 50 percent from a year ago, educational institutions are becoming a playground for cyber espionage, and 68 percent of healthcare security threats are internal, according to Verizon’s 2017 Data Breach Incident Report (DBIR). The DBIR is ... »

New types of ransomware innovate to find opportunity

There is no shortage of new types of ransomware, many with unique features, and experts say it’s an exercise in innovation and finding revenue opportunity. Search Security reports, that ransomware is big business and it appears as if malware developers ... »

The Google Phishing Attack, Explained

Google recently made an unprecedented move by widely announcing a Gmail phishing scheme through Twitter. The phishing message was especially nasty because of its polish. Uncharacteristically for phishing, there were few errors in the message, and it was created in ... »

Top 3 Myths of Security Awareness Training

Security Mentor has been at this a while – teaching, educating and training companies worldwide about how to work smart and securely – and in the process, transforming employee attitudes towards security. Across a wide range of industries and unique business ... »

Ten Practical Steps to Protect Your Online Privacy via Cylance

Two things happened recently which should raise an alarm for anyone concerned about their online privacy. The first was a major release by WikiLeaks on March 7, 2017 of a trove of hacks and hacking techniques allegedly employed by the CIA ... »

Netflix Breach: Orange, Black, and Another Hack

How much would your organization pay in ransom to stop the early release of its intellectual property? Can you place a monetary value on a breach of this type? In the case of the weekend Netflix breach notification, they paid ... »

Executive Insights: Achieving Digital Trust in a World of Data

Cybersecurity is at a critical tipping point. With massive volumes of data being generated and analyzed across the globe every day from a variety of sources and devices, an entirely new approach to network security is required. From both a ... »

Near Impossible Target: Fileless Malware

According to a blog post by ThreatPost, the future of client-side malware attacks is fileless. And it would appear the future has arrived with a growing number of attacks using fileless or in-memory malware to pose a threat to business that’s increasingly difficult ... »

Russian ‘pioneer’ of identity theft and card fraud jailed for 27 years

According to the Naked Sophos blog, Roman Seleznev, the Russian MP’s son who was found guilty last year of hacking into point-of-sale (PoS) systems and stealing millions of credit cards, has received the longest-ever sentence for hacking to be handed ... »

Workers like to bypass or find ways around corporate cybersecurity policies

Dtex Systems researchers found that 95 percent of enterprises surveyed had employees who are actively circumventing corporate security protocols. Dirty minds and common vices were the driving force behind the majority of protocol breaches as 59 percent of the organizations ... »

InterContinental Hotels Group: Malware Hit 1,200 Locations

Investigators Eradicated Point-of-Sale Malware by March, IHG Says Intercontinental Hotels Group is warning customers that malware infected point-of-sale devices at 1,200 of its locations beginning in September 2016. That appears to be a sharp rise in the count of breached hotels ... »

Android malware creators throw up a roadblock to thwart the good guys

Emulation testbeds have been considered by security practitioners to be a useful tool to conduct operational security exercises and a variety of research. For almost as long, malware writers have sought to thwart such tools. SophosLabs has come across some ... »

Infected By Ransomware. Now What?

Don’t negotiate with e-terrorists. Be a hero and rescue your hostage PC. With nasty malware like Locky making the rounds—encrypting its victims’ files, and then refusing to unlock them unless you pay up—ransomware is a serious headache. But not all ransomware ... »

Bug Bounties: Risk and Reward

Today BugCrowd CEO, Casey Ellis, and founder and attorney at Cipher Law, James Denaro stepped on stage at AppSecUSA 2016 to talk about the logistics and legalities of bug bounties. They talked through some of the most common concerns people ... »

Big Security Hole Found in Popular Password Manager Site

A Google security researcher found the vulnerability in LastPass, endangering personal data for millions of its customers. A security researcher found a major vulnerability in popular password manager LastPass that could allow hackers to steal passwords and login credentials from ... »

One of the most dangerous forms of ransomware has just evolved to be harder to spot via ZDNet

Malicious loaders delivered by self-extracting Dropbox files – enabling payloads to bypass detection. One of the most common forms of ransomware is evolving a new technique in order to become even more effective and harder to detect – the ability ... »

Insider Threats, What and Why You Should Be Concerned

Did you know, that insider threats have been behind the sharp increases over the past 18 months in the percentage of organizations that have experienced loss or theft of company data? According to the Ponemon Institute, three out of every ... »

Secure Sense Named One of 2017 Tech Elite Solution Providers by CRN®

Secure Sense Named One of 2017 Tech Elite Solution Providers by CRN® Tech Elite 250 list recognizes IT solution providers with deep technical expertise and premier certifications. Burlington, On March 27, 2017 – Secure Sense announced today that CRN®, a ... »

Bitcoin scams: Beware of crooks trying to steal your cryptocurrency with these schemes

Cyber criminals are successfully taking advantage of social media and naivety to steal Bitcoin and distribute malware. Cybercriminals are taking advantage of the rising price and popularity of Bitcoin to try to steal the currency and distribute malware. The cryptocurrency ... »

iSNS Server Memory Corruption Vulnerability in Microsoft Windows Server

In November 2016, as part of Fortinet’s FortiGuard research work, it was discovered and reported an iSNS server memory corruption vulnerability in Microsoft Windows Server. On patch Tuesday of March 2017, Microsoft released the Security Bulletin MS17-012 that contain the ... »

Defending Against El Machete’s Malware Attacks with Cylance

Can You Protect Against El Machete? El Machete is a targeted attack campaign that was first publicly disclosed and named by Kaspersky here. The Cylance SPEAR™ Team, whilst tracking and monitoring threats, found that El Machete has continued to operate ... »

New MajikPOS Malware targets users across North America

Trend Micro has discovered a new PoS malware, tracked as MajikPOS, that is targeting business in North America and Canada. Security experts at Trend Micro have discovered a new PoS malware, tracked as MajikPOS, that is targeting business in North America. ... »

Why Small-Business Owners Are Easy Prey for Hackers

Our partner Symantec says 43 percent of all cyberattacks in 2015 targeted small businesses. Randell Heath isn’t sure how hackers got into his company’s website — all he knows is a supplier called, saying the site had become an online ... »

Hundreds of High Profile Twitter Accounts Hacked

According to The Hacker News, in a large-scale Twitter hack, thousands of Twitter accounts from media outlets to celebrities, including the European Parliament, Forbes, UNICEF, Nike Spain and numerous other individuals and organizations, were compromised early Wednesday. The compromised Twitter ... »

How online gamers use malware to cheat

We typically think of malware as something used to steal data from corporations or knock down websites in politically motivated attacks. But if you’re a gamer, sometimes it’s simply a tool for winning. SophosLabs threat researcher Tamás Boczán has been ... »

What WikiLeaks’ massive CIA leak tells us about cybersecurity via Sophos Naked Security

Here we go again. In 2010, WikiLeaks published a disturbing heads-up video of US helicopters strafing “insurgents” who turned out to be Reuters journalists. Weeks later came Cablegate, a leak by Bradley (now Chelsea) Manning of 251,000 US diplomatic cables. ... »

RSA 2017 Predictions Analysis via Sophos

Sophos offered a predictions blog that was published on their Naked Security blog last week, and now it’s time to see how accurate these predictions were. Here, we will break down each prediction and see what really happened. Sophos wrote ... »

You CAN teach an old dog new tricks, according to the 2015 ransomware variant, TorrentLocker

It’s been quiet since 2015, but TorrentLocker has suddenly returned. And this time it wants to steal your passwords too. A ransomware variant which has been relatively inactive for almost two years is back, and this time it’s stealing user ... »

Secure Sense Named 2016 LogRhythm Partner of the Year Canada

Burlington, ON,  February 28, 2017 – Secure Sense, Canada’s fastest growing IT Security company, is pleased to announce it has been named LogRhythm’s 2016 Partner of the Year, Canada. The announcement was made at the LogRhythm Partner Summit, held in Boulder, ... »

Google Does it Again: Discloses Unpatched Microsoft Edge and IE Vulnerability

This month has yet been kind of interesting for cyber security researchers, with Google successfully cracked SHA1 and the discovery of Cloudbleed bug in Cloudflare that caused the leakage of sensitive information across sites hosted behind Cloudflare. Besides this, Google ... »

Pass(word)ing the buck!

The start of the New Year is always an interesting time in the security community. Out come the statistics and stories about the worst passwords and the most common ones chosen by online users during the previous year. A recent ... »

Canadian cyber firm confirms it was the victim described in RSA investigation

A Canadian cyber security software and services company has acknowledged that it was the victim of backdoor malware inserted into one of its products two years ago in an attack detailed last week by investigators for security firm RSA . ... »

Rise of the IoT Botnets

There are many doomsday cyber scenarios that keep security professionals awake at night. Vint Cerf, one of the fathers of the Internet and current vice president and chief Internet evangelist for Google, speaking at an event in Washington, D.C., in ... »

2017 Network Security Trends Infographic

As you plan for 2017, get the facts on endpoint security and stay current on the trends. This Infographic compiles relevant data from Gartner, IDC, The Ponemon Institute, Symantec and others, on the current state of network security threats from ... »

Organizations In 40 Countries Under ‘Invisible’ Cyberattacks

Unknown threat actors are stealing sensitive financial data using memory resident malware crafted from legitimate tools, Kaspersky Lab warns. Cyberattacks have become increasingly stealthy in recent years, with goals like persistence and lateral movement becoming much more important to threat ... »

Not all ransomware tools are created equal

In case you hadn’t heard, ransomware is big, big business. In 2016 alone, ransomware payouts are closing in on the billion-dollar mark, with a whopping 70% of companies reporting that they paid to have their maliciously-encrypted data liberated after being ... »

What’s the actual cost to a business of a data breach?

Cisco has released the 10th of its annual cybersecurity reports, leading some publications to scream that security breaches can cost businesses 20% of their annual turnover. If you burrow into the headlines, however, it becomes apparent that only a third of ... »

What’s Happening at #RSAC17

Will you be attending RSA in San Francisco this February? If so, we have the lowdown on all the exciting things our partners have planned for IT’s biggest event. From dinner parties to beer and ping pong, your go-to guide is ... »

Spora ransomware goes freemium with four different payment options

A new ransomware strain called Spora has taken the “freemium” model to a new level. Many ransomware attacks include a try-before-you-buy feature on their pay pages, where you can decrypt one or two files for free as an inducement to ... »

When Robots Go Rogue – Cylance Identifies What’s Real in AI

Westworld… J.A.R.V.I.S.… Knight Rider… seems like we’ve been surrounded by artificial intelligence (AI) for a long time, doesn’t it? Thanks to Cylance we’re able to make sense of and understand exactly what Artifical Intelligence and Machine Learning really are. As other ... »

Almost 200K Websites Affected by the OpenSSL HeartBleed Vulnerability…and counting!

The ‘Open SSL HeartBleed’ vulnerability was one of the biggest flaws in the Internet’s history that affected the core security of as many as two-thirds of the world’s servers i.e. half a million servers at the time of its discovery ... »

10 Cyber Security Tips From The Experts

It’s getting a little bit more than scary for the average computer user. Companies and federal agencies are regularly hacked. To help ward off the bad guys, Security pros came together to offer basic advice to help the average user. ... »

Make PCI DSS Compliance Easier with Bradford Networks

Organizations that accept credit card payments must meet the Payment Card Industry Data Security Standard (PCI DSS) compliance standards for securing payment information wherever it is collected, transmitted or stored. In today’s BYOD world, ensuring that mobile devices, IoT connections ... »

Not all ransomware tools are created equal

In case you hadn’t heard, ransomware is big, big business. In 2016 alone, ransomware payouts are closing in on the billion-dollar mark, with a whopping 70% of companies reporting that they paid to have their maliciously-encrypted data liberated after being ... »

These Were the Most Common Passwords Used in 2016

With all the extensive online resources, emphasis on long and complex passwords and numerous enterprise breaches we are utterly shocked that ‘password’ is still being used as a password today! Although weak and commonly used passwords have long been one ... »

13 Cyber Security Practices you MUST Follow!

Inspired by today’s Friday the 13th, we’ve compiled 13 of the best cyber security tips and best practices you should be doing following! 1) Train your employees Did you know that your organization’s biggest security risk is your employees? Since the ... »

How to Stay Protected Against Ransomware

Businesses large and small are under threat from increasingly aggressive and brutal ransomware attacks. Loss of access to critical files, followed by a demand for payment can cause massive disruption to an organization’s productivity. But what does a typical attack ... »

Browser autofill used to steal personal details in new phishing attack

Chrome, Safari, Opera and extensions such as LastPass can be tricked into leaking private information using hidden text boxes, developer finds. Your browser or password manager’s autofill might be inadvertently giving away your information to unscrupulous phishers using hidden text ... »

Mongodb Attacks Jump From Hundreds to Twenty-Eight Thousand in Days

Security researchers report a massive uptick in the number of MongoDB databases hijacked and held for ransom. On Monday, researcher Niall Merrigan reported 28,000 misconfigured MongoDB were attacked by more than a dozen hacker groups. That’s sharp increase from last week ... »

Achieving Intelligent Infrastructure Defence with LogRhythm’s Co-Pilot Service and Security Analytics

Retailers have learned hard lessons in recent years, as organizations such as Target have suffered major data breaches. In Target’s case, the compromised credit card information of 70 million customers have resulted in significant expense, lost revenues, and a damaged ... »

The 5 Worst Hacks and Breaches of 2016 and What They Mean for 2017

2016 was not the best year for security, at least where high-profile breaches, hacks, and data leaks were concerned. The year saw yet another laundry list of big-name companies, organizations, and websites hit with distributed denial-of-service (DDoS) attacks, huge caches ... »

What really is Ransomware?

We’re writing this post specifically for the people who have absolutely no idea what ransomware is, or those who have heard the buzz word but don’t really know what it means. It’s easy to read the word, and assume a ... »

Begin With the End(point) in Mind

Advances in artificial intelligence (AI), machine learning (ML), and mathematical algorithms have allowed cyber security professionals to bolster their threat prevention in recent years. SecOps groups have shifted focus from response to prevention, using AI/ML-powered protection products such as CylancePROTECT® to ... »

Data breaches through wearables put target squarely on IoT in 2017

Forrester predicts that more than 500,000 Internet of Things (IoT) devices will suffer a compromise in 2017, dwarfing Heartbleed. Drop the mic—enough said. With the sheer velocity of how the distributed denial-of-service (DDoS) attacks spread through common household items such ... »

Ashley Madison forced to pay for deceptive security practices

Ashley Madison’s parent company has been forced to pay US$1.6 million for actively deceiving its customers as to how safe and secure the site really was. Ashley Madison’s parent company, Ruby Corp., will be forced to pay a large settlement ... »

Lesson Learned: Security Awareness Training

Think back for a second on all the safety lessons we learned as kids; for example, when you cross a street, you look both ways. But some safety lessons had to evolve over time. For example, no one wore seat ... »

Secure Sense Achieves Blackberry Authorized Reseller Status

On December 13th, 2016 Secure Sense has achieved the Blackberry Authorized Reseller Status. This tier recognizes Partners that have invested in the acquisition of a solid sales knowledge of the BlackBerry Enterprise Mobility Suites. We’ve identified the customer demand for ... »

Don’t let your former IT staff sabotage your company

A recent news story has brought to mind a threat which probably sends a shiver down the spine of many system administrators. A 32-year-old man was sentenced to two years in prison this month for hacking the computer systems of ... »

New ‘nasty’ Ransomware Encourages Victims to Attack Other Computers

Popcorn Time malware offers users free removal if they get two other people to install link and pay. A new ransomware variant has been discovered using an innovative system to increase infections: the software turns victims into attackers by offering ... »

What is Next-Generation Antivirus (NGAV)? via Carbon Black

In information security, the mere mention of the word “antivirus” elicits a largely unfavorable response. I’ve heard some descriptions from infosec pros that include: “not enough,” “ineffective,” and “archaic.” There’s merit to these claims. Antivirus has long been the most ... »

Expedia’s IT Guy Made $300,000 By Hacking Own Execs

A former Expedia IT professional has admitted to illegally trading on secrets he discovered by hacking his own company’s senior executives. Jonathan Ly stole passwords and infiltrated devices belonging to Expedia’s CFO and head of investor relations, which enabled him to ... »

DailyMotion Hack Leaks Emails, Passwords of 87m Users

DailyMotion, a popular video sharing website, said Tuesday it recently suffered an “external security problem” resulting in the compromise of an unspecified number of its users’ data., a repository of breached data, added DailyMotion to its list of “Hacked ... »

Mobile Devices Leave Organizations Exceptionally Exposed To Cybercrime

Ovum report identifies mobile as an open door for cybercriminals to attack business systems. A new report, ‘On the Radar’, from leading research company Ovum shines a light on the extent of the mobile security problem affecting businesses of every size around ... »

3 Clues to Spotting a Spam Scam

The notice looked real at first — but turned out to be an obvious scam. Unraveling its origins offered an object lesson in how not to get suckered. I received the following “domain abuse notice” for one of my inactive ... »

Retail Cybersecurity: Black Friday and Cyber Monday Have Arrived.

It’s the most wonderful time…of the year! No, no, we aren’t talking Christmas. Welcome back, Black Friday and Cyber Monday! In the U.S., the post-Thanksgiving shopping blitz of Black Friday often serves as a make-or-break event for many retailers. Indeed, ... »

Ten Cyber Security Predictions for 2017 via BeyondTrust

In the cosmic wink of an eye, 2016 is almost done. So, it’s that time of year to invoke the dark arts of prediction and try to determine how the next year will unfold. For cyber security, predicting the future ... »

CryptoLuck Ransomware Emerges

A new ransomware family spotted for the first time recently is already being distributed via an exploit kit (EK). Dubbed CryptoLuck, the new ransomware variant was discovered by “Kafeine”, a Proofpoint researcher and maintainer of the Malware don’t need Coffee blog. Noteworthy ... »

The 7 Most Significant Government Data Breaches

Mega compromises at federal and state agencies over the past three years has compromised everything from personal data on millions to national security secrets. The Georgia Secretary Of State Office Breach In October 2015, Georgia Secretary of State Brian Kemp’s ... »

Blacknurse Low- Volume DOS Attack Targets Firewalls

A type of denial of service attack relevant in the 1990s has resurfaced with surprising potency against modern-day firewalls. Dubbed a BlackNurse attack, the technique leverages a low-volume Internet Control Message Protocol (ICMP) -based attack on vulnerable firewalls made by ... »

Customer information stolen in alleged cyberattack at Casino Rama

The Casino Rama Resort says its customers, vendors and current and former staff should keep an eye on their financial information. An Ontario casino is warning customers, vendors and staff to monitor all bank accounts, credit cards and other financial ... »

Top 10 Strategic Technology Trends for 2017

Artificial Intelligence and machine learning will increasingly be embedded into everyday things such as appliances, speakers and hospital equipment. This phenomenon is closely aligned with the emergence of conversational systems, the expansion of the IoT into a digital mesh and the ... »

CyberCrime is on the Rise? Big Surprise..

Attacks Hike? New Cybercrime Report Shows 40 Percent Increase for Merchants, Financial Institutions. Cybercrime is on the rise. While this isn’t shocking news, the recent Q3 2016 ThreatMetrix study found that even during the traditionally slow third quarter, both financial ... »

Brandon Bourret, Photobucket Hacker Sent To Prison for Computer Fraud

Creator of Software to Facilitate Privacy Invasion and Online Extortion Sentenced to Federal Prison for Conspiracy to Commit Computer Fraud. Photobucket was the victim of a bizarre cybercrime case, outlined by the US Department of Justice yesterday. Brandon Bourret of ... »

Can We Take It With Us to the #Cloud?

As more organizations move to the cloud, security professionals are coming to a number of hard realizations, and quickly. First, saying “no” to the cloud is NOT happening. What IS happening is moving to the cloud, so get over it. ... »

Google and Microsoft in war of words over bug disclosure

The search engine company publicized a critical Windows bug 10 days after informing the software firm about it. Google and Microsoft are in a war of words after the search engine company publicized a critical Windows bug just 10 days ... »

Protect Your Network from an IoT Device Attack – Like the Recent DDoS Assault on Dyn

On October 21st, waves of crippling Distributed Denial-of-Service (DDoS) attacks left some of the most prominent names on the web struggling to ensure consistent access. Dyn, Inc., a company that provides domain name services for about 6% of Fortune 500 ... »

Don’t Let A Lack of Resources Compromise Your Cyber Security

As a bank in today’s digital environment, cybersecurity concerns play a heavy hand in how we approach evolving customer needs, internal processes, and regulatory requirements. But in our current landscape, where companies of all sizes and in myriad industries can ... »

Yesterday’s Technology & Cyber Risk Today: Time for a Security Assessment? via Bradford Networks

For most IT teams, addressing or thinking about cyber security is a daily concern. From updating AV software to creating security profiles, most IT professionals spend a portion of their day on tasks with a goal of securing their network. ... »

Big Surprise – Russian indicted over LinkedIn and Dropbox mega-breaches

A Russian citizen has been arrested in the Czech Republic and indicted in connection with massive breaches: the 2012 attack on LinkedIn and the subsequent attack on Dropbox. The man, 29-year-old Yevgeniy Nikulin, from Moscow, also allegedly targeted Formspring, a ... »

There’s a New Trojan in Town, Spreading Through Targeted Email Campaign

The authors of a malware sample that has been around for more than two years have yet another trick for distributing it. The Kovter malware sample that has infected systems around the world for the past couple of years is ... »

IoT Bots Cause Massive Internet Outage October 21st, 2016

The real perpetrator of the widespread Internet outage on Friday, October 21, 2016 is still not known but the weapon of choice was definitely IoT devices compromised with Mirai malware. The Distributed Denial of Service (DDoS) attack that started on ... »

Hackers Used Your Vulnerable Tech To Throttle The Internet

Devices were infected to carry out a “sophisticated, highly distributed attack” to wreak online havoc. Hackers unleashed a complex attack on the internet through common devices like webcams and digital recorders and cut access to some of the world’s best-known ... »

A massive cyber attack caused major websites to go down across the internet

Internet users around the world, but mostly in the US, reported that some top websites were not loading on Friday morning. The affected sites included Amazon, Twitter, Etsy, Github, and Spotify. The issue appeared to have something to do with ... »

SMBs victims of phishing attacks 5x more than ransomware via SC

Despite a glut of research into new ransomware variants, low-tech threats like phishing attacks and viruses pose a more prevalent threat to small businesses than ransomware, according to a recent survey of SMB owners.   Thirty-seven percent of small businesses ... »

Nuclear Power Plant Disrupted by Cyber Attack

The head of an international nuclear energy consortium said this week that a cyber attack caused a “disruption” at a nuclear power plant at some point during the last several years. A nuclear power plant became the target of a disruptive ... »

Hack warnings prompt cyber ‘security fatigue’

Relentless cyber security warnings have given people “security fatigue” that stops them keeping themselves safe, suggests a study. Many ignored warnings they received, found the US National Institute of Standards and Technology (NIST). Others were worn out by software updates and ... »

Securing Enterprise Networks from Rapidly Increasing Malicious Attacks

Enterprise organizations are appealing targets for hackers. These networks can provide everything from valuable personal data profiles, to financial and research data – all valuable commodities on the dark web. The interest in targeted enterprise attacks has increased dramatically, with ... »

Happy Cyber Security Awareness Month!

Ahh, October. The time of the year when the air gets crisp, the leaves begin to change and Cyber Security Awareness begins! We may be bias, but we think October is the best month of the year. We live in ... »

Cybercrime-as-a-Service Offered To Militants, Terrorists, Says Europol

The Darknet could provide ample resources and services for terrorists to carry out attacks, claims report. Cybercriminals offering contract services for hire offer militant groups the means to attack Europe but such groups have yet to employ such techniques in major ... »

How to Sell Cloud Security Solutions to SMBs

It’s easy to think of cybersecurity threats as something that mainly targets the nation’s largest and most profitable enterprises. In the news, we see stories of the data breaches of massive healthcare and insurance networks, of retailers with thousands of ... »

Hackers Hold Investment Bank To Ransom

Hackers who call themselves TheDarkOverlord recently tried to extort a series of health care organizations into paying hefty ransoms. Their most recent target is WestPark Capital. The hackers have stolen apparent internal documents from a Californian investment bank and published them online, likely in an effort ... »

Taming the Great Disruptor: How Managing Change Can Bolster Your Security

Did you know China is having a hard time hiring hackers to meet the demand of vulnerable U.S. security systems? Okay, well… that might be a fictional story published by satirical newspaper The Onion. But it does highlight an important ... »

Fortinet Threat Landscape Report

Periodically, Fortinet publishes a set of findings based on threat intelligence gathered from hundreds of Cyber Threat Assessments performed across the globe. This report provides analysis and insight into the threats experienced within certain industry segments and regions. Published just ... »

PowerBroker Password Safe API is Available to Developers – for Free

Calling all vendors, end users, and application developers! BeyondTrust is now offering a free method to make all of your solutions more secure if you require a user or application to provide credentials for connectivity or authentication. BeyondTrust’s PowerBroker Password ... »

Temporal Chain Normalization: The Unsung Hero of Event Correlation

When it comes to correlation capabilities, LogRhythm has you covered. With AI Engine you can perform a variety of activities, from observing a single activity to applying advanced behavior rules across multiple dimensions (entities, devices, log sources, metadata, etc.). In ... »

Yahoo says 500 million accounts stolen

Yahoo confirmed on Thursday data “associated with at least 500 million user accounts” have been stolen in what may be one of the largest cybersecurity breaches ever. The company said it believes a “state-sponsored actor” was behind the data breach, meaning ... »

Is your network causing bottle-necks that hinder growth?

We recently read a thought-provoking article authored by one of our technology partners Fortinet, titled Network Security in the New Service Provider Reality. The article discusses how networks have to evolve and embrace the growing, dynamic distribution of data, as ... »

#ThrowbackThursday! 3 Breaches That Totally Changed How Security is Viewed

It feels like every week a U.S. company gets hacked. Anyone who works in an IT or legal department is familiar with the bad news that follows: data loss, class action lawsuit, and so on. But not all data breaches ... »

Cyber terrorism seen as the BIGGEST single future threat

47% of UK IT decision makers (ITDMs) are more worried about cyber terrorism attacks now than they were 12 months ago, according to IP EXPO Europe. This was identified as the biggest cyber security risk in the future (27%), followed ... »

Can Bug Bounty Programs Halt the Rise of APTs?

Security researchers recently discovered a new, advanced form of malware that is so sophisticated, it is believed only a nation state could have developed it. Known as “Project Sauron”, the malware went undetected for five years until Kaspersky Labs discovered ... »

How Ransomware Works via Carbon Black

Ransomware is similar to other malware in that it installs itself on a computer and runs in the background without the user’s knowledge. But unlike malware that hides and steals valuable information, ransomware doesn’t hide. As soon as ransomware has locked a user’s ... »

Cybercrooks use drive-by malware to rob Reddit users’ cryptowallets

An as yet unnamed drive-by-download malware is targeting the cryptowallets of Reddit users. Details of the attack are still unclear, but it appears attackers are using malicious links designed to appeal to those monitoring the changes in the Bitcoin prices. They ... »

Google Project Zero Prize Pays $200,000 for Critical Vulnerability Chains

Apple isn’t the only one offering up a $200,000 reward for severe vulnerabilities on mobile devices. Google followed suit yesterday with the announcement of the Project Zero Prize, and like the Apple Security Bounty, the top payout is $200,000. Announced ... »

Consumers More Concerned with Financial Data Getting Hacked than Private Information about Their Families Being Exposed

Survey also reveals consumers more likely to hear about data breaches from the news or social media — not from companies holding their data. Centrify, the leader in securing enterprise identities against cyberthreats, today released findings from its 2016 Consumer Trust ... »

“Not If, but When” – Reflections on the OPM Breach

In my previous lives as a special agent in the FBI and also as the CSO of major U.S. corporations, I had to undergo periodic background investigations, usually every five years. I hold government clearances, and it was simply one ... »

Proofpoint report shows a significant rise in social media fraud

Proofpoint has released its inaugural Social Media Brand Fraud Report which investigates the current state of social media brand fraud to understand criminals’ methods and examine how this business risk is evolving. The company compiled a list of the top ... »

DDoS attacks growing more complex, larger

Distributed denial of service attacks — long serving as the weapon of choice for low-skill hackers — are getting more complex, with nearly two-thirds involving multiple kinds of attack traffic, according to new figures. If you need a refresher on what a DDos ... »

6 ways Sophos Home can keep your kids safe this school year!

In many parts of the world right now we are right in the middle of back-to-school season. Kids are getting excited to see their friends again and head back to the classroom, and are preparing for the best possible experience ... »

Cyber Security Cheat Sheet

Hello, September, we’ve been anxiously awaiting your arrival. For most of you, September means back to school for your children, and back to work for you! We understand how easy it is to loose track of security terminology while spending ... »

Phishing Attacks – Overcoming Bad User Behavior

This is gold! Big thanks to BeyondTrust for articulating phishing attacks, and how often and easy they occur! No, no we are not talking about a wild attack between a fish and a man on a boat, we’re talking malicious ... »

Dropbox Hack Leads to Dumping of 68m User Passwords on the Internet

Data stolen in 2012 breach, containing encrypted passwords and details of around two-thirds of cloud firm’s customers, has been leaked. Popular cloud storage firm Dropbox has been hacked, with over 68m users’ email addresses and passwords dumped on to the ... »

Crew Interview: Susan Singleton

Today marks the third week of Secure Sense Crew Interview, a little q&a, so you can get to know the phenomenal technical and sales teams we have here! For our third interview, to show off our crew, we present to ... »

Why You Don’t Shouldn’t Use WiFi at an Airbnb Rental

The threat exploded at the most recent Black Hat conference when security expert Peter Galloway  proclaimed what he had done on a recent vacation: he went back to his Airbnb rental and attacked the WiFi network.  “Within five minutes flat, I ... »

Information Security Tips for Large Organizations

It seems these days like the majority of companies are starting to get over the “it will never happen to me” mentality, and have realized it’s not a matter of IF, but WHEN. In July we blogged about Information Security ... »

Overlay Malware Revealed on Google AdSense

Sipping on your first-morning coffee, and checking the news on your Android, seems pretty harmless right? Wrong. The latest strand of malware can hit any site that uses Google AdSense … and unfortunately that’s a lot of them. The malware ... »

Presenting a Cylance Unbelievable Tour: Toronto 2016!

 They say, “Seeing is believing.” And, that’s never been truer for those information security professionals who have attended a Cylance’s coast-to-coast “Unbelievable Demo Tour”. The good news if you have never been? We’ve added a stop in Toronto, for the ... »

All Your Cars Belong to US: Keyless VW Cars Can Be Hacked

Do you drive a Volkswagen? If so, we have some bad news. Tens of millions of vehicles sold by Volkswagen AG over the past 20 years, and various current models, are susceptible to theft because keyless entry systems can be ... »

Carbon Black: 3 POS Security Recommendations Following the Oracle MICROS Breach

Christopher Strand of Carbon Black reports flawlessly on the POS security recommendations those can take away from last week’s Oracle MICROS breach. If you were on a vacation, or just living under a rock, read the original story posted by ... »

20 top US hotels hit by new malware attacks

A new group of US hotels has fallen victim to PoS malware that is believed to have exposed private customer financial data. 20 US hotels operated by HEI Hotel & Resorts on behalf of Starwood, Marriott, Hyatt, and Intercontinental may ... »

Secure Sense Earned #23 on the 2016 CRN Fast Growth 150 List

Secure Sense Named to 2016 CRN Fast Growth 150 List List Recognizes Thriving Solution Providers in the IT Channel Burlington, Ontario, August 8, 2016 – Secure Sense announced that it has been named to The Channel Company’s 2016 CRN® Fast ... »

330,000 Exposed in Oracle MICROS Breach

One of the top three global point-of-sale providers, MICROS which was purchased by Oracle in 2014, has been breached. This is quite the cause for concern, as MICROS is currently deployed in over 180 countries, to over 330,000 sites. Oracle ... »

SysAdmin Day!

Today July 29, 2016, is the 17th Annual System Administrator Appreciation Day! So we wanted to show our appreciation for all the SysAdmins out there who day in and day out work to keep our systems safe. Secure Sense Partner ... »

Kimpton Hotels Investigate Card Breach Claims

Kimpton Hotels is a boutique hotel brand, including 62 properties across the United States. The boutique chain is currently investigating reports of a credit card breach across multiple locations. On July 22, KrebsOnSecurity reached out to San Francisco-based Kimpton after hearing ... »

10 Information Security Tips for Small Businesses

When it comes to information and data security, most small business owners often do not know where to start. But in today’s world, customers have naturally come to expect that their sensitive data will be kept secure. It can be ... »

Insider Threat Trojan, Delilah, Makes Her Debut

According to Gartner, “Delilah” is the world’s first insider threat Trojan that targets individuals via social engineering and/or extortion, sometimes using ransomware techniques. It allows attackers to capture sensitive and sometimes compromising footage of victim’s in order to extort them ... »

This Week In Breaches: Ubuntu Forums

On July 14, a member of the Ubuntu Forums Council reached out to the Canonical team to inform them that someone had claimed to have a copy of their Forum’s database. The next day Ubuntu released a security notice confirming ... »

Five Steps to Defend Against Ransomware via LogRhythm

Over the past three years, ransomware has jumped into the spotlight of the cyberthreat landscape. Until recently, most ransomware attacks were simply opportunistic and mostly affected individual users’ or small businesses’ computers. The ransom demands have commonly been the equivalent ... »

Gotta Catch ‘Em All … Including a Virus?

It’s official – Pokémon Go has taken the world by storm. This week it surpassed Candy Crush as the number one played mobile game, and even bigger, it surpassed Twitter’s daily user engagement. To make things even more remarkable … ... »

With KeRanger, Mac Users Are No Longer Immune to Ransomware Threats via Varonis

Cybercriminals who previously targeted Windows operating systems with ransomware have expanded their customer base to include the Mac OS. Known as KeRanger, it’s the first ransomware variant detected that infects Mac users. Unlike the usual methods of entry, such as ... »

iCloud Takeover Really is as Simple as One, Two, Three

Approximately 40 million iCloud accounts are rumoured to be hacked, but according to CSO Online, that number is likely overblown. Step one: Leaked credentials. Step two: “Find My iPhone” – lost mode. Step three: Lock user out and leave a ... »

Another Android Vulnerability, Is Anyone Really Surprised?

In the latest saga of Android vulnerabilities, a new malware called “HummingBad” is making its rounds and has already infected over 10 million devices worldwide. According to Check Point, the majority of infected devices are overseas in Asian countries, and ... »

Multiple Critical Vulnerabilities Exposed: Time to Update!

On June 28, 2016, Google’s Project Zero Researcher Tavis Ormandy released a blog that published details of multiple critical vulnerabilities with various Symantec products. According to Ormandy, these vulnerabilities, “Don’t require any user interaction, they affect the default configuration, and ... »

2.2 Million Sensitive Records Leaked

A mid-2014 database that contained 2.2 million records of individuals with suspected ties to terrorism, organized crime, money laundering, bribery, and corruption links has been leaked. The source of the leak is from World-Check, a database of politically exposed persons ... »

Dangers of Selling Old Hard Drives and Devices

If you were at our annual Camp Secure Sense this year, then you will remember the compelling presentation by Fortinet’s Senior Security Strategist, Aamir Lakhani. Lakhani spoke about the reality of digital breadcrumbs being left behind, without the realization. He ... »

Cyberattacks on Healthcare Institutions Shows No Signs of Slowing Down

This year has seen record high attacks against hospitals, most notably the ransomware attack that held Hollywood Presbyterian Medical Center hostage for over two weeks. Data stored within healthcare networks is a rising target for attackers on a global scale and ... »

Is your virtualized environment at risk for a data breach?

You know a concept is solid when it grows from a good idea to a standard business practice. It can feel like the change takes place overnight, especially if the solution can quickly prove its ROI – a company adopts ... »

Yikes! The Average Breach Costs How Much?!

According to a study conducted for IBM by Ponemon Institute, the average cost of a data breach has drastically increased. Ponemon conducted 1,500 interviews in over 383 victim organizations, for 16 different industries, within 12 countries. It was discovered that ... »

Vulnerability Exposed: Time to Update

A serious vulnerability has been identified, and it’s time to update, today. On June 16th, Adobe released a critical update for the Flash Player that fixes several vulnerabilities, including CVE-2016-4171. According to Adobe, if successfully exploited, “this vulnerability could cause ... »

Secure Sense Technology Partner BlueCoat, Acquired by Symantec

As a value added reseller, at Secure Sense we only partner with the best of breed network, security, and cloud providers – one of these companies being Blue Coat. On Sunday, June 12th, 2016, American endpoint protection company, Symantec announced ... »

The Cost Of Data Breaches Rises Past $4 Million

The Cost Of Data Breaches Rises Past $4 Million: Post VIA DarkReading: Ponemon annual report shows data breach benchmark index on the rise again, while Deloitte advises those tangible costs may be just the start to financial impact racked up ... »

Twitter Wasn’t Hacked, People Just Love Reusing Passwords

Last week there were many reports that Twitter had been hacked and that a user database of 32 million, was listed on the dark web. Twitter claims that this is not the case. Twitter’s Information Security Officer, Michael Coates, posted ... »

10 Things to Watch: Detecting a Phishing Email

As you may have noticed, the topic of phishing has been at the forefront of the concerns within the IT security 2016 landscape. As attacks become more challenging to identify, organizations become more susceptible to breach. Ransomware infections are often instigated ... »

This Week in Breaches: The Mega Breaches Keep On Coming

Mega breaches have been one of the prominent stories of 2016, begging the question – will it ever stop?, Russia’s version of Facebook, is another social media platform in less than two weeks to have an old data breach ... »

Mark Zuckerberg’s Twitter and Pinterest accounts hacked, LinkedIn password dump most likely to blame

Facebook co-founder and CEO Mark Zuckerberg understandably has social media accounts on other networks. And like most avid online users, he ignored to maintain standard security password practices. Over the weekend, Zuckerberg’s Twitter and Pinterest accounts were hacked. The group ... »

Wait – Myspace is Still Around AND it Was Hacked?

Yes – apparently the early 2000’s dominant social media platform still does exist, and still potentially has 50 million unique visitors per month. What’s even more of a shock, is that this hack could be the largest password leak in ... »

Proactive Versus Reactive, We See You Reddit!

First off – no Reddit has not been compromised, so if you have an account to this broad range social media site, you can let out that deep breath you’re holding. But they, along with every other organization that takes ... »

DARK READING REBLOG: Epic Security #FAILS Of The Past 10 Years

We thought this was a great breakdown of some of the most epic security fails over the past 10 years. Happy 10-year Anniversary Dark Reading, thank you for always providing insightful, and top news articles in the information security world. ... »

Phishing Attacks Jump 250% From Oct Through March

It has been reported a record-breaking 250% increase in phishing activity between October of 2015 and March, 2016, says Business Wire (sourced from Anti-Phishing Working Group). As previously blogged, phishing is defined as ‘the activity of defrauding an online account holder of ... »

4-Year-Old Data Hack Has a Much Larger Scope Than First Reported

Back in June of 2012, LinkedIn confirmed that they had been breached, and approximately 6.5 million user’s credentials had been compromised. Now, almost 4 years later that number has grown exponentially. Busy bee hacker “peace_of_mind”, or ‘Peace’ as they seemingly ... »

Easing Your Enterprise into the Cloud

With so much negative publicity focused around “the cloud”, it’s no wonder that companies are cautious to make the switch. But we all know that there is a certain level of push-back when it comes to changes, especially ones that ... »

Hackers Play Freeze Tag with Your Android Device

Well, it’s not a game, and it certainly isn’t fun, especially if you’re holding the phone – but hackers are constantly finding new ways to mess with Android users. This time, it is in the form of a quasi-ransomware coined ... »

Did Anyone Learn from the Ashley Madison’s Breach?

It should really come as no shock to anyone these days that an online dating website has been hacked. The latest subject of attack is self-proclaimed ‘elite’ dating website, which has suffered a massive database leak, exposing the personal ... »

James Bond Going Digital?

If you’ve seen the 2015 blockbuster film, Spectre, then you know where we’re heading with this. MI6 and James Bond, on a clandestine mission, to ensure the safety of the world’s population remains in the hands of living, breathing spies ... »

Amazon Sold Me Embedded Malware, and All I Got Was This Lousy T-shirt

Well … they didn’t sell it to me per say, and no one got a shirt, but Amazon has been unknowlingly selling security recording equipment with embedded malware. This discovery was made by Mike Olsen, labeled as an “artful hacker” ... »

Mega Breach in The Philippines

55 million voters, 55 million citizens now susceptible to fraud and identity theft after a massive data breach that leaked the entire database of the Philippines’s Commission on Elections (COMELEC). With 55 million voters in the Philippine’s, this could go ... »

How Hackers Are Getting Siri to Show Them Your Photos

When the FBI took Apple to court it was with the intention of ordering the tech giants to build a backdoor that allowed them entry into a terrorists locked iPhone, as we have previously blogged. The FBI has since dropped ... »

This Week in Breaches: Trump Hotels, Again?

According to Security Guru Brian Krebs, Donald Trump’s series of luxury properties – the Trump Hotel Collection is the subject of another credit card system breach (Anonymous anyone??).   Earlier this year we reported about a series of hotel breaches, including ... »

Ransomware has been the dominant nuisance to cyber security in 2016 thus far, and doesn’t seem to show any signs of slowing down. In recent news, the main target of a ransomware attack has been hospitals and health care organizations that ... »

1.5 Million Customers’ Information Exposed in Data Breach

Every year Verizon Enterprise Solutions, a B2B unit of the telecommunications company, releases their Data Breach Investigations Report (DBIR). This report is complete with case studies of the year’s most interesting and impactful data breaches. The reports include the hard lessons ... »

For Hire: Uber Bounty Hunters

Typically, when most North Americans hear the term Bounty Hunter, images of a jacked up, sunglass wearing, blonde goliath come to mind. In terms of cyber security, it’s highly unlikely you’d ever see someone who fits that bill. It recently ... »

iMessage Vulnerability Discovered

Researchers from Johns Hopkins University have discovered a flaw that allows skilled attackers to intercept and decrypt video and images sent on iMessage. Apple partially fixed the flaw in the latest iOS 9, but the exploit leaves versions prior vulnerable. ... »

JLaw Breach

In late August of 2014, approximately 100 female celebrities had their privacy breached, when personal and intimate photos were published online, sourced from their private iCloud or Gmail accounts. At the time of the leak, or commonly known as “The ... »

Bank of England Governor, or Nigerian Prince?

In July of 2013, Mark Carney was appointed the Governor for the Bank of England, and within mere months, he was the subject of a “Nigerian Prince” email scam. California native Cameron Smith was the target of this scam when ... »

Anti-DDoS Firm Target of DDoS Attack

Irony- the expression of one’s meaning by using language that normally signifies the opposite, or in this case, a company who falls victim to the very thing they exist to defend against. On March 10, 2016 global DDoS protection company, ... »

The Ottawa Hospital Infected with Ransomware

One of the largest threats to cyber security in 2016 – ransomware, has a worrisome emerging trend; targeting hospitals. Ransomware has made quite an impact on the year so far and is likely to continue its trajectory of havoc. We ... »

Proof Reading: The Difference Between $80 Million and $850 Million

Foundation. One relatively average word that brought down a scam worth nearly $1 billion. On February 5, 2016, the Federal Reserve Bank of New York received a succession of requests seemingly from the Bangladesh Central Bank in Dhaka. If the ... »

My Mac Can’t Really Be Vulnerable, Can It?

On March 4, 2016, the Palo Alto Networks research team discovered a new MAC OS X ransomware called KeRanger that had infected the Transmission BitTorrent client installer. KeRanger is the first official complete and functioning ransomware to affect OS X. ... »

When Real Life Pirates Get Tech Savvy

Imagine being a pirate on the high seas, sailing around the world, hoping to land a gold mine – that one ship that was loaded with exactly what you’ve been searching for. Now imagine how much easier it would be ... »

OpenSSL Secured Websites Vulnerable to DROWN

A group of international academic researchers have discovered a vulnerability in OpenSSL security that has the potential to affect as many as 11.5 million servers. The hole in this security protocol allows Secure Sockets Layer (SSLv2) an outdated security protocol, ... »

Evolving Ransomware; Websites Beware

A new malicious program has surfaced, indicating a new trend in ransomware development that has already seen a resurgence in 2016. CTB-Locker, has been attacking files on web servers, infecting at least 100 websites over the past several weeks. Also ... »

Snapchat Falls Victim to Phishing Attack

On Friday February 26, 2016, the popular photo sharing app, Snapchat, fell victim to a sophisticated phishing attack. Employees were “targeted by an isolated email phishing scam”, where the scammer impersonated Snapchat’s Chief Executive Officer, Evan Spiegel, according to a ... »

Vulnerability in GNU glibc Affecting Nutanix Products: February 2016

Advisory ID:        Nutanix-sa-003-glibc     CVE-2015-7547 Last Updated:     25 February 2016 Published:           25 February 2016 Version:               1.0 On February 16, 2016 and industry-wide critical vulnerability in the GNU ... »

Vulnerability Revealed in Nissan LEAF

On February 24, 2016, Troy Hunt, a Microsoft MVP for Developer Security reported a vulnerability in the remote management APIs for Nissan LEAF. If you have the VIN number of any of the cars, you are able access certain features ... »

This Week in Breaches: Linux Mint

On Saturday February 20, 2016 Linux Mint project leader Clement Lefebvre confirmed that the website of the community-driven operating system had been hacked.  An attacker by the handle of “peace_of_mind”, is claiming responsibility for the hack of the site, deceiving ... »

When a Real World Virus Affects the Digital World

On February 1, 2016, the World Health Organization (WHO) declared a Public Health Emergency of International Concern (PHEIC) regarding the outbreak of Zika virus and all associated birth defects. Zika has been the determined cause of microcephaly, an abnormal smallness ... »

Apple Set to Play Hardball with the U.S Government

On February 16, 2016, a California court ordered Apple to assist the FBI in hacking and gaining complete access into an iPhone. The phone previously belonged to one of the San Bernardino shooters who tragically took the lives of 14 ... »

Hospital Held Ransom by Cyber Criminals

On February 5, 2016, Hollywood Presbyterian Medical Centre in Los Angeles was hacked and fell victim to a ransomware attack. The computer systems have been offline for over a week and a half, and according to the hackers will not ... »

I’ve Got 99 Problem’s and Quite a Few of Them Are STILL Android

On September 10, 2015 our guest blogger Fortinet, reported about malware issues within Androids, specifically with ‘Stagefright’. Today the focus has shifted toward third-party app stores, which do not have the same level of frontline security, nor the same level ... »

This Week in Breaches: The US IRS

On February 9, 2016 the United States Internal Revenue Services released a statement that they had ‘identified and halted an automated attack’ on their website with the Electronic Filing PIN application. This application can be used to electronically file taxes. ... »

An Interloper Listening in On Your Calls

While most backdoor attacks have limited functionality, Skype has a sophisticated nuisance that’s come-a-knocking, referred to as T900, a variant of the T5000 malware family. Secure Sense partner FireEye reported about this family back in 2014, when the T5000 sent ... »

Privacy Shield Takes Safe Harbour’s Place

Formed in 2000 by the United States and the European Union, The International Safe Harbour Privacy Principles Agreement regulated the way that US companies could export and handle the personal data of EU citizens. This agreement was to establish a ... »

eBay Exposed to Vulnerability

On December 15, 2105, Israeli security firm Check Point, informed the e-commerce giant, eBay about an online sales platform vulnerability. This flaw would allow cyber criminals to distribute phishing attacks and deploy malicious code on eBay’s users. On February 2, ... »

This Week in Breaches: Landry’s POS Breach

The Houston-based hospitality chain Landry’s, has recently released news of a point of sale, or POS malware attack at the organization’s restaurants and additional properties dating back to 2014, and 2015. An original report regarding the security incidents by Landry’s ... »

Major Monetary Cyber Thefts in Europe

Within 6 days of each other, two large European companies suffered a combined loss of €120 million, roughly $184 million Canadian. I bet you’re wondering how? On January 19, 2016, Austrian aerospace component manufacturers FACC AG, reported an outflow of ... »

This Week in Breaches: University of Virginia

Nowadays cyber-attacks are more aggressive and more sophisticated, making it even harder for companies and institutions to catch up and keep up with the evolving technology. But sometimes, a common email scam is all takes to infiltrate your security environment. ... »

FortiOS SSH Update

  On January 13, 2016 we reported about a FortiOS SSH exploit, and it looks like it has a larger scope than originally reported. After the original report, Fortinet further investigated their product line and discovered the same vulnerability on some ... »

Do you know what your biggest security risk is?

What do Sony, Ashley Maddison, and Target all have in common? All three enterprise companies were subject of a major data breach in 2015.  In lieu of the breaches stated above, others that occurred in 2015 and the attacks that ... »

This Week in Breaches: Hyatt Hotels

In late November of last year, Hyatt acknowledged that malware affecting credit card payment data had been found within their systems. An investigation was launched with third party security companies Mandiant and Kroll, and a public announcement of the breach ... »

Wearable Technology, Just as Susceptible to Account Compromise

Certain Fitbit accounts have been recently reported as compromised. IT security blogging guru, Brian Krebs reached out to Fitbit CSO, Marc Brown, who has confirmed that it is not a massive breach of account databases, but rather stolen individual account ... »

‘Backdoor’ FortiOS Exploit!

FortiOS is an operating system that powers Fortinet’s firewall platform, FortiGate. On January 9, 2016, an exploit for an SSH backdoor in the FortiGate operating system was posted to the Full Disclosure mailing list. In a statement released by Fortinet ... »

The end is near, for older versions of Internet Explorer

Say au revoir to Internet Explorer 7-10 and bonjour to Internet Explorer 11 … at least from a tech support standpoint. Today is the official day Internet Explorer officially drops support for its earlier versions. A notice on the Microsoft ... »

This Week in Breaches: Time Warner Cable

The American cable telecommunications company, which happens to be the second-largest cable company in the country, has admitted that 320,000 customer passwords MAY have been obtained[i]. TWC has stated that the email and password details were likely stolen either through ... »

Pearson Vue Credential Manager System Compromised With Third Party Malware

The massive scale of today’s data breaches this year alone are astronomical, Pearson Vue joins that list this week. Responsible for conducting and controlling millions of exams for people all around the world each year in nearly every walk of industry. ... »

Meet eDellRoot, The Rogue Certificate

Say hello to eDellRoot, the next major vulnerability to hit the enterprise information technology and security landscape. Dell, being one of the world’s largest computer manufacturers, has reported a vulnerability concerning a Self-Signed root certificate that is breaking HTTPS. It ... »

How Do I Protect My Digital Assets?

A Guest Blog Post by Watchful Software. May 27, New York Times: Jawbone Accuses Fitbit of Stealing Information by Hiring Workers Away June 1, Credit Union Times: Email Data Breach Costs $1.3 Million September 23, Becker’s Health IT &CIO Review: Insider ... »

SecTor 2015 Recap

Every year SecTor brings together experts from around the world to share their latest research and techniques involving underground threats and corporate defences. The conference provides an unmatched opportunity for IT Professionals and Managers to connect with their peers and ... »

Sophos Guest Blog: Got encryption? Consider these 6 things to choose the right encryption solution

With the proliferation of data and the need to access it from anywhere at any time, encryption is rapidly emerging as the best place to start your data security strategy. Despite some common ideas about encryption that it is too ... »

Guest Blog Post: Centrify ‘Fundamental Security Controls Most Overlooked’

When we take a look at the security industry as a whole there is a focus on all the various APTs and Zero Day-sorts of unknown attacks. However with the rush to fight the good fight; the basics of authentication, ... »

iPhone iOS Threat: Ins0mnia Never Sleeps

FireEye researchers discovered a vulnerability (ins0mnia) in iPhone iOS allowing potentially malicious applications to run continuously in the background, even after it appears that the user has closed them. This vulnerability, critically affects non-jailbroken iOS devices: malicious software designed to ... »

An Enemy of the Internet

A cache of documents that has recently surfaced has provided a captivating look into the world of commercially available cyberwar software. The documents reveal many details of the products and clients of Italian company Hacking Team, an organization labeled ‘an ... »

FireMon Makes NGFW Policy Migration, Optimization, and Management Light Work

Secure Sense Partner FireMon recently announced its new Security Manager. With Security Manager 8.0 a host of capabilities can be utilized to maximize the efficiency of your environment’s device policy security posture, and to gain both a holistic and a ... »

This Week in Breaches: Uber

Uber is a ride-hailing service connecting users with drivers, ride shares or private cars. The company foundation is built upon being reliable, cashless and convenient for all customers. Launched directly from your mobile device in minutes, Uber has revolutionized the ... »