Blog - News


Ukraine Invasion Cyberattack Preparation

Russia has engaged in an invasion in Ukraine and has issued a warning to all outside parties that all interference would be retaliated against. Cyber attacks against targets in Ukraine are nothing new, though there has been an increase lately. ... »

More Orgs Suffered Successful Phishing Attacks in 2021 Than in 2020

Enterprise organizations appear to be falling even further behind in their battle against phishing threats despite heightened awareness of the problem and efforts to curb it. A new study shows that in 2021 more organizations experienced at least one successful ... »

SecurePATCHING Managed Service by Secure Sense

Unpatched systems are the most common technological factor in breaches and loss of productivity. Unfortunately, solutions to patch related risks are often themselves costly in terms of identifying and purchasing quality products, staffing and expertise. Almost two-thirds of breach victims ... »

PwnedPiper: Armis Identifies Nine Vulnerabilities in Hospital Infrastructure

Swisslog Healthcare, the providers of the leading solution for pneumatic tube systems (PTS) in North America, released a statement yesterday regarding nine vulnerabilities in their Translogic PTS system identified by Armis. Swisslog Healthcare’s Translogic PTS system is used in over ... »

Introducing the new Secure SD-WAN Managed Service from Secure Sense

Secure Sense, a subsidiary of TELUS, has partnered with Fortinet to power our new Secure SD-WAN managed solution. The service offers comprehensive built in security, designed to easily integrate into your existing infrastructure, giving you the ability to eliminate security ... »

Utility and Energy Security Exchange Forum

Secure Sense is very excited to announce a new program called the Utility and Energy Security Exchange Forum (UESX). The UESX will provide tools and resources to help address cyber security challenges that organizations in the Utilities/Energy industry face daily. ... »

Social Engineering Attack Enabled Hackers to Penetrate Twitter’s Administrative Systems and Hijack High-Profile Accounts

In one of the most extraordinary and high-profile cyberattacks ever made public, hackers on July 15 compromised Twitter’s administrative systems and hijacked the social media accounts of prominent politicians and business leaders. The attackers then used those accounts to masquerade ... »

Emergency Enablement for Remote Work: Secure Virtual Desktop Edition

By: Matthew Watkinson “These are unprecedented times.” A sentiment rendered no less true despite my disdain for hearing this phrase multiple times a day. We ARE in unprecedented times. We live in a world where the majority of the workforce is no longer in ... »

Emergency Enablement for Remote Work: Endpoint Protection Edition

By: Joel Young We are currently navigating unprecedented times of a global pandemic, but as the World Health Organization’s announcement on March 11th emphasizes, for the first time in history it is also one we may be able to control if impacted nations’ ... »

Emergency Enablement For Remote Work: Office 365 Edition

By: Matthew Watkinson Many organizations leverage Microsoft Office 365 currently hosting over 200 Million user accounts. Windows 2008 R2 Support terminating in January of this year, it was an easy business decision to migrate the service, since servers were being ... »

Threat Of Iranian Cyberattacks: What Are The Risks?

The US Department of Homeland Security is warning organizations of potential Iranian cyberattacks. While this is no strong indication that Canada would be targeted for cyberattacks by Iran, the overall risk is heightened, especially for Canadian companies operating in or ... »

Avoiding the Zombie Cloud Apocalypse: How to Reduce Exposure in the Cloud

Moving to the cloud can feel like an impending zombie apocalypse as you wonder who could gain access to your assets and launch attacks against your company once you migrate. Going into the unknown can be unnerving for many companies ... »

Secure Sense Partners with LogRhythm to Offer Industry’s First Unlimited Data Plan for SIEM

Burlington, ON – October 1, 2019 – Secure Sense is now offering an unlimited data plan for SIEM through its partnership with LogRhythm. While other vendors in the industry have previously claimed to support unlimited data plans, those promises have ... »

How To Protect Yourself From SMiShing Attacks

We’ve all gotten them – a random text message from your bank, your phone provider, or even someone claiming to know you or a family member. Scammers are everywhere and not only do they send phishing attacks to your email ... »

Back-to-School Scams Target Students with Library-Themed Emails

Students should keep their eyes peeled for phishing emails purporting to be from their colleges, as well as online student resources laced with malware, researchers warn. College students settling back into school might want to think twice before clicking on ... »

What We Can Learn from the Capital One Hack

KrebsOnSecurity brings us an overview on what we can learn from the Capital One hack and information about the ongoing investigation. On Monday, a former Amazon employee was arrested and charged with stealing more than 100 million consumer applications for credit from Capital ... »

7 Ways Hackers Steal Your Passwords

We never stop hearing about passwords in the news and there are plenty of tips and tricks to help avoid having your password stolen – but do you know some of the most common ways hackers get a hold of ... »

Threatlist: 68% of Overwhelmed IT Managers Can’t Keep Up with Cyberattacks

Most respondents in a recent survey say they’re losing the battle despite having up-to-date protections in place. IT managers feel overwhelmed by the volume of cyberattack attempts, with most of them admitting that successful hacks of their company networks are ... »

Magecart Hackers Infect 17,000 Sites Through Misconfigured Amazon S3 Buckets

Magecart strikes again! Cybersecurity researchers have identified yet another supply-chain attack carried out by payment card hackers against more than 17,000 web domains, which also include websites in the top 2,000 of Alexa rankings. Since Magecart is neither a single ... »

Study Reveals Phishing Identification and Data Protection Are the Top Problem Areas for End Users

Proofpoint, Inc., (NASDAQ: PFPT), a leading cybersecurity and compliance company, today released its fourth annual Beyond the Phish® report, which examines end user understanding of a broad range of cybersecurity topics and best practices. The report features analysis of data related to nearly ... »

SC Magazine Names CrowdStrike Falcon X Best Threat Intelligence Technology at RSA

CrowdStrike’s incredible success at this year’s RSA event included winning the SC Magazine 2019 Trust Award for Best Threat Intelligence Technology for Falcon X™, our automated threat intelligence solution and part of the comprehensive CrowdStrike® Falcon® platform. In giving Falcon X technology this ... »

FireEye M-Trends 2019: Hidden Phishing Risks During Mergers and Acquisitions

Partner, FireEye has released their most recent M-Trends report which looks at some of the significant trends and shifts of 2019, including the Hidden Phishing Risks During Mergers and Acquisitions. FireEye had previously discussed the risks of integrating a compromised ... »

7 Signs You have a Weak Password

As we welcome 2019 and set goals for the year ahead, we think it’s the perfect time to rethink and refresh your all your weak passwords. It a great time to refresh those stale and potentially leaked passwords you’ve been ... »

The 5 Biggest Cybersecurity Predictions For 2019

Solution providers will have to contend with a multitude of security-related challenges in 2019 ranging from nation-state and supply chain attacks to increased activity around biometrics and cryptomining. Here’s are 5 cybersecurity predictions for 2019: Increased Social Engineering Will Force ... »

ThreatList: Holiday Spam, the Perfect Seasonal Gift for Criminals

It’s no surprise, consumers are much more likely to fall for spam during the holiday season. Maybe holiday cheer makes people less cynical. If so, that explains why social-engineering spam tactics prove to be more effective during the festive season. ... »

Attention Holiday Shoppers! 5 Tips To Beat Seasonal Cybercriminals

The festive spirit isn’t the only thing that’s infectious as the 2018 holiday season approaches. It’s typically the time of year when we see an uptick in cyber theft. With online spending expected to increase 14.8% compared to 2017, representing a huge ... »

Canada Post admits thousands of Ontario cannabis buyers’ information breached

Canada Post acknowledged Wednesday that thousands of Ontario customers buying cannabis had their information breached. The national mail service has not notified the buyers behind 4,500 orders who had their data compromised. The breach became public after the Ontario Cannabis ... »

How Fileless Malware Changes The Way We Treat Cyber Threats

Traditionally, AV and other endpoint security products have focused on files (executables) to detect and prevent malware. There are several advantages to this. Files can be hashed, queried in reputation services, examined by both static analysis and machine learning, and ... »

Explaining Canada’s Data Breach Regulations

Digital technology has served as a catalyst for modernization; however, it also created new opportunities for corporations to hide information from consumers. Tackling this issue, the Federal Government released new regulations requiring companies to report data breaches in a timely ... »

The Human Element: How to Protect Your Greatest Asset and Your Greatest Risk on Social Media

Kicking off National Cyber Security Awareness Month, we thought today’s Fox Friday would be a great opportunity to discuss protecting your greatest asset and greatest risk on social media with partner, ZeroFox. Experts agree: the greatest cybersecurity risk modern businesses ... »

Thousands of WordPress sites backdoored with malicious code

Malicious code redirects users to tech support scams, some of which use new “evil cursor” Chrome bug. Thousands of WordPress sites have been hacked and compromised with malicious code this month, according to security researchers at Sucuri and Malwarebytes. All compromises seem to ... »

Top Cyber Trends in Healthcare Today

The healthcare sector received more than half of all cyberattacks in 2017. The cybersecurity professionals at Fortinet, sat down with National Healthcare Practice Director at Fortinet, Sonia Arista to get her professional perspective on the key cybersecurity trends impacting the healthcare space today. What would ... »

What is Vulnerability Management

Vulnerability Management is the key for a safer future for your organization. It’s safe to say that the WannaCry Ransomware attack was one the worst attacks in recent history, approximately 200,000 devices were infected. Well, what if we told you ... »

New Ransomware Offers Free Decryption if you Infect Two Friends

A new ransomware dubbed ‘Popcorn Time’ offers you a free decrypt if you infect two friends. Let’s say it how it is, getting infected with ransomware sucks a lot. You either need to wait it out and hope a free ... »

Hacky Hack Hack

A 14-year-old Australian boy hacked into Apple servers and downloaded 90GB in documents The 14-year-old teen from Melbourne Australia was found to have broken into Apple servers and downloaded approximately 90GB of information. When law enforcement intercepted him, they confiscated ... »

Keypass Ransomware Shows More Dangerous Attacks are on the Way.

The ransomware has a manual switch that allows for more sophisticated attacks. Appearing only last week, the Keypass ransomware has already taken hundreds of devices hostage. Mainly infecting users Brazil and Vietnam, the software has spread worldwide and infected devices ... »

Why Should Organizations Use A Managed Service Provider?

Today, business owners have hundreds of things to worry about, coupled with the rise of cybercrime it becomes increasingly difficult to stay on top of everything. Bad actors work around the clock to find exploits in our networks and damage ... »

Has Tennis Turned into a Cybersecurity Battle Ground?

Wimbledon ended earlier in the summer, yet, their cybersecurity team works year round Often dubbed the grandest tennis tournament, Wimbledon hosts the greatest stars in the world for a few weeks of tennis. Founded in 1877 the tournament stays true ... »

Ivy League University Suffers Data Breach, Only Finds Out a Decade Later

Yale University suffered a data breach in 2008 leading to 129,000 affected people Located in New Haven Connecticut, Yale University is one of the most prestigious in the US. Producing alumni like; Hillary Clinton, Anderson Cooper and Indra Nooyi. Yet, ... »

Hackers Shoot for PGA Ransomware Success

The latest ransomware attack of the summer impacts golf’s governing body Early Tuesday morning officials at the Professional Golfers Association (PGA) found that their systems had been compromised. The group discovered the attack when they attempted to access documents, but ... »

Has the ‘Unhackable’ Wallet Been Hacked?

A week after launch Pen Testers say they have successfully hacked into the Bitfi wallet. July 2018 saw cryptocurrency hardware wallet manufacturer Bitfi offer a $100,000 (later raised to $250,000) bounty for anyone that was able to hack into their ... »

Google’s Summer Privacy Changes

#1: Google is implementing a new privacy system that lets you know if you are being attacked by the government Last week, Google announced they were adding a feature that notifies organizations if they believe one or more user accounts ... »

Major Apple iPhone Supplier Attacked with Virus

The virus is expected to cost the manufacturer $255million Taiwan Semiconductor Manufacturing Co (TSMC) announced that on Friday they faced a security incident. The incident started when a software tool failed to install, therefore, requiring it to be connected to ... »

What You Need to Know About the Reddit Breach

On August 1st, Reddit announced a breach where an attacker was able to access user data. In an official Reddit post, Reddit made a quick statement and said; A hacker broke into a few of Reddit’s systems and managed to ... »

Prisoners Steal $225k From Inside Prison

Using an exploit found in a payment tablet, prisoners were able to fraudulently increase their balance Idaho State prison officials said they recently found an elaborate scheme of 364 inmates exploiting a software vulnerability found in JPay . Through the ... »

Earn $10,000 to Hack into your Printer!

You heard it right, if you can hack into your HP printer you could be awarded a $10,000 reward. As the IoT is set to further explode into mainstream life, security professionals get ready for the impossible challenge of defending ... »

New Malware Maximizes Attackers Profits

New Russian born malware chooses if users should be attacked with Ransomware or Crypto Script. Historically, ransomware attacks have been strictly infecting computers with ransomware. While crypto attacks have been infecting CPU’s with crypto mining scripts. However, hackers have found ... »

Resurgence of WannaCry?

The ransomware the took thousands hostage last year is back. But this time it’s different. Last year you may remember hearing about the WannaCry ransomware. The virus spread like wildfire and ended up infiltrating large organizations like the UK’s NHS ... »

FortiOS 6.0 Transforms Security to Enable Digital Transformation: 5 Highlights from Our Camp Secure Sense Presentation

We recently had an opportunity to deliver a presentation on FortiOS 6.0 at the Camp Secure Sense customer and partner conference in southern Ontario, Canada. With some of the most well-known organizations under the Maple Leaf Flag in attendance, the ... »

The Difference between a Computer Virus and Computer Worm

Computer Viruses and worms are often used interchangeably: there are a few key differences in how they work. Both viruses and worms are a type of malware: a worm is a type of virus. What is a Computer Virus? Computer viruses are named after ... »

Fitness App Causes a Security Risk in High Ranking Military Officers and Spies

Polar Flow announced a halt to their Explore feature among security threats Polar is a Finnish based fitness accessory company that focuses on smartwatches, bike computers and similar fitness devices. These devices are connected to their mobile application POLAR flow, ... »

How the Rise of Cryptocurrencies Fueled Cyber-Criminals

Since the start of the year, there has been a fivefold increase in phishing attacks for cryptocurrencies. In 2016, Initial Coin Offerings (ICO’s)- essentially crowdfunding for cryptocurrencies- collected around $240 million. 2017 brought in over $5.5 billion in ICO’s. This ... »

Amazon Prime Day: Christmas for Adults

Amazon made just made the start of this week much better! Prime Day gives you the next 36 hours to completely revamp everything in your house. For those of you unfamiliar with Prime Day, it’s like black Friday where millions ... »

Friday the 13th Recap of 2018 Cyber Scares

2018 is just over halfway done but we’ve still seen a few large-scale hacks What better day to reflect on the biggest cybersecurity stories of the year than Friday the 13th. Did you know, Friday the 13th has been a ... »

Mimecast acquires Cybersecurity training company Ataata

Currently, about 95% of data breaches stem from human error. Ataata aims to change this. Secure Sense partner, Mimecast describes Ataata as a “security awareness training and cyber risk management platform that helps you combat information security breaches caused by ... »

Halfway Analysis of 2018 Predictions

It’s hard to believe that we’re past the halfway mark of 2018. It seems like just yesterday we were putting up the Christmas trees and celebrating the new year. At the end of 2017, our partner Varonis wrote a blog ... »

Did you Sell Your Data to see Your Favorite Band?

Global ticket distribution company Ticketmaster recently identified malicious software in their automated chatbot. The breach was found by Ticketmaster UK on Saturday June 23rd, 2018 and affected less than 5% of their global customer base. However, “Customers in North America ... »

Phishing Intelligence Engine (PIE): Open-Source Release

By Greg Foss We are pleased to announce the release of the LogRhythm Phishing Intelligence Engine (PIE), an integrated application with LogRhythm’s Threat Lifecycle Management (TLM) platform. What is Phishing Intelligence Engine (PIE)? LogRhythm’s PIE can help streamline and automate ... »

It’s Canada Day Long Weekend, do you know who’s watching your network?

Imagine this, you’re relaxing on your dock or your porch enjoying the weather, burgers are grilling, and laughter fills the air. It sounds quite picturesque, right? But then, your phone rings, your network has been compromised. It’s no surprise, nearly ... »

Do Employees Really Fall Victim to Phishing Attacks?

A recent study conducted by security firm Positive Technologies found that 27% of participants fell victim to a form of social engineering. In the study, white hat hackers at Positive Technologies acted as true hackers and sent three groups of ... »

Mozilla Integrates ‘’ Into its Firefox Browser

The partnership allows Mozilla Firefox users to easily check if their data has ever been leaked. In an increasingly digitized world our data becomes more and more precious. Nowadays, we keep everything online, banking details and personal details just to ... »

Secure Sense Ranks #150 on the Branham300 Top 250 Canadian ITC Companies List

Now in its 25th year, the Branham300 is the definitive listing of Canada’s top publicly traded and privately held ICT companies, as ranked by revenues. Burlington, Ontario, Canada — June 27th, 2018 — Today, Secure Sense Solutions (“Secure Sense”), the ... »

Attackers Take Advantage of Fortnite’s Late Android Release

Sorry Android users, there are no shortcuts to get Fortnite early. The past few months has seen the exponential rise of Epic Games battle royal style game, Fortnite. The game has 100 users/ lobby drop into an open map where ... »

Fatboy Ransomware uses Big Mac Index to Calculate Price Demands

A recently discovered ransomware-for-hire scheme named Fatboy calculates regional ransom demands based on the publicly available Big Mac Index. The Big Mac Index is an economic measure used to find the purchasing power parity – an approximation of what consumers ... »

Hackers Shooting for World Cup Success with New Phishing Attack

The World is captivated by the biggest event in sports, the FIFA World Cup. However, hackers are using World Cup frenzy to take advantage of unsuspecting individuals. Check Point Software Technologies recently reported a phishing campaign where individuals are prompted ... »

How to Respond to Today’s Dynamic Threat Landscape

“Counting attacks is fruitless. Taking action based on trends and vulnerabilities is the best step.” This quote comes from the recently published Gartner report, How to Respond to the 2018 Threat Landscape. With today’s changing threats, the reality is that security ... »

What Everyone Must Know About Camp Secure Sense

In a few days over 100 cybersecurity professionals from around Canada will be together for the 4th annual Camp Secure Sense. Camp Secure Sense is our 2-day, 1-night security conference. Supported by our best-of-breed security partners, Camp offers guests’ today’s ... »

A Brief Explanation of Cryptojacking

2017 saw a 1200% appreciation in the value of the cryptocurrency market. In 2016 Initial Coin Offerings (ICO’s)- IPO’s for the cryptocurrency market- collected around $240 million. 2017 brought in over $5.5 billion in ICO’s. With this in mind, how ... »

Roaming Mantis Takes the World by Storm

Back in April a form of Domain Name System (DNS) virus was reported in Southeast Asia. The virus dubbed ‘Roaming Mantis’ would hijack a device and incorrectly translate a URL into an IP address. This process is standard in computing ... »

The Digital Transformation of Enterprise

The Internet of Things is emerging as one of the most significant technology developments of our time. Connecting people and things will be the new norm for consumers, but behind the scenes, IoT is already transforming how enterprises develop, market, ... »

Is Your Car Vulnerable to Cyberattack?

To put it simply; yes, your car is vulnerable to cyberattack. As automobiles become increasingly digitized the attack surface also increases. Recently, a group of Chinese white hat hackers at Keen Security Lab found 14 vulnerabilities in BMW cars. These ... »

How to build a social media protection program: a 10-step guide

Building a social media protection program is a must-have in the modern age. Business are increasingly exposed to risks — cyber, brand and physical — on social media and digital channels, all of which exists unregulated and outside of the ... »

DNA Testing Site MyHeritage Hacked

On Monday, popular DNA testing kit provider MyHeritage reported that 92million user accounts were compromised in a cyber-attack, this accounts for 96% of their customer base. The only data effected included email addresses and hashed passwords. While the breach was ... »

The 9 Most Vital Network Security Best Practices

An old truism suggests that an ounce of prevention is worth a pound of cure. While this saying is relevant in most aspects of daily life, it becomes especially appropriate when applied to business network security. Data Dangers Thanks to ... »

Fortinet Acquires Bradford Networks

On June 4th, Fortinet announced they were acquiring Bradford Networks. Strengthening the Fortinet Security Fabric and extend segmentation and security to the edge of the enterprise network including Internet of Things (IoT). This purchase comes during a time of increased ... »

Hacking Before Mainstream Adoption of the Internet

Over the past 50 years, we have seen an exponential increase in the use of digital products. This growth prompted a rise in touchpoints where hackers can potentially gain access to private information- affecting individuals and corporations alike. Yet, where ... »

What is Cyber Resilience and Why Should I Care?

I’ll be the first to admit it – there’s a lot of acronyms, buzzwords, and catchphrases in the cybersecurity industry today and it can be difficult to understand how a product reflects the core values that give these words life. ... »

Bugcrowd Programs at a Glance

We at Bugcrowd, believe crowdsourced security space is evolving rapidly. At Bugcrowd, we have more first-time Program Owners than ever trying out crowdsourced security economics through our Vulnerability Disclosure Programs and hundreds who have transitioned to on-demand and ongoing Bug ... »

Embracing Security Intent and IBNS

What is IBNS, and what are its advantages?  Intent-based network security (hereafter “IBNS”) helps with several areas that are of top concern for enterprise security leaders: Software-defined networking New application deployment Moving applications across platforms (e.g. on-prem, cloud, virtual, containers) ... »

University of Greenwich Fined £120,000

The University of Greenwich, located in the UK, has been fined £120,000 over a data leak in 2016 where 19,500 student and staff data was placed online. The data included a host of personal details including, addresses, date of birth, ... »

How a Security Fabric Helps You Make the Most of Your Secure Sense Services

As your managed services provider, we employ the best practices and best-of-breed technology—both at its security operations center (SOC) and on your premises—to help ensure the safety of your data and reduce risk. As a managed services client, you expect ... »

Saks Fifth Avenue and Lord & Taylor Suffer Massive Payment Card Breach

A few weeks ago, Saks Fifth Avenue, Saks OFF 5TH and Lord & Taylor stores located in North America suffered a massive data breach where hackers stole millions of shopper’s payment card information. This includes credit cards, debit cards, cardholder ... »

Why IT leaders attend Camp Secure Sense

In 35 days, the doors open to Camp Secure Sense 2018. With over 100 IT professionals from various industries attending it’s an event that no cyber professional should miss. Because Camp Secure Sense is a ‘no product pitch zone’ and ... »

What has Google done ahead of GDPR?

Effective on May 25th 2018, the EU is implementing an extensive data protection regulation (GDPR) that provides EU residents greater freedom over their personal data and how it is collected and used.   Over the weekend Google announced the altercations ... »

Italian soccer club SS Lazio loses €2 million from a phishing scam

Italian soccer club SS Lazio was a victim of a phishing scam held by hackers claiming to be Dutch team Feyenoord requesting funds for the transfer of a player. The scammers had insider knowledge of the deal between Lazio and ... »

Cybercriminals attack Under Armor owned App

One of the biggest data breaches in history hit Under Armor owned MyFitnessPal. MyFitnessPal is a smartphone app that tracks users caloric and macro intake. It used to be a lone app, however, in 2015 it was purchased by Under ... »

Twitter Sets the Standard for Bug Reporting

Last Thursday (May 3rd) Twitter announced “[they] recently found a bug that stored passwords unmasked in an internal log. [They] fixed the bug and have no indication of a breach or misuse by anyone. As a precaution, consider changing your ... »

Is Your Biggest Security Threat Already Inside Your Organization?

The person in the cubicle next to you could be your company’s biggest security threat. The large-scale attacks we’re accustomed to seeing in the news — Yahoo, Equifax, WannaCry ransomware — are massive data breaches caused by cyber criminals, state-sponsored ... »

A Flaw in the LinkedIn Autofill Allows Third-Party Sites Steal Your Data

Not just Facebook, a new vulnerability discovered in Linkedin’s popular AutoFill functionality found leaking its users’ sensitive information to third party websites without the user even knowing about it. LinkedIn provides an AutoFill plugin for a long time that other websites ... »

6 Things to Watch Out for in Phishing Attacks

While phishing attacks may be one of the oldest forms of attacks, they have shown no signs of slowing down. The growth of phishing attacks in both frequency and sophistication poses a significant threat to organizations of all size. It’s ... »

The Dangerous Journey of a Fake WhatsApp App on OneDrive

Partner Symantec, recently discovered a new kind of malicious Android file hosted on a OneDrive account. Here’s what they have learned and how you can take countermeasures. Over the last few years, there has been a tremendous uptick in the ... »

Tim Hortons threatens litigation after virus caused cash register outages

An association representing 70 percent of Tim Hortons franchisees is threatening its parent company with legal action after a computer virus caused intermittent cash register outages. A letter obtained by the Canadian Press from a lawyer representing the Great White ... »

Why SMBs Are Easy Targets for the Bad Guys

As malicious hackers turn up the heat, small and medium businesses can’t remain complacent – the threats to their security are real and growing worse all the time. This blog was originally posted by Symantec.  During a recent business dinner, ... »

What is Camp Secure Sense?

At Secure Sense, we do things under our own banner. And it’s no exception when it comes to Camp. But what is Camp you ask? Well, Camp Secure Sense is our take on the traditional ‘steak lunch,’ without being, a ... »

Olympic Destroyer, the malicious file-wiping malware hits Pyeongchang

Security experts say they have identified a destructive malware dubbed “Olympic Destroyer” that was likely used in a cyber attack on the Pyeongchang Winter Olympics during the opening ceremony last week. Winter Olympics officials confirmed on Sunday that a cyber ... »

Why Ethics Matter in Bug Bounties

The bitter truth is, everyone in the world (including you!) is susceptible to cybercriminals. And to no surprise, a security breach has the capacity to debilitate any organization’s reputation. But is it the actual breach or is it how the ... »

Potent SkyGoFree Malware Packs ‘Never-Before-Seen’ Features

A scary Android SkyGoFree malware packs ‘never-before-seen’ features. Researchers have identified a powerful new Android virus strain called Skygofree malware, capable of eavesdropping on WhatsApp messages, siphoning private data off phones and allowing adversaries to open reverse shell modules on ... »

Forever 21 Breach Lasted Over Seven Months

If you shopped in a brick-and-mortar Forever 21 store this year, your credit card information may have been compromised due to the company’s failure to turn on encryption in some of its point-of-sale (POS) terminals which resulted in a 7-month ... »

2018 Cybersecurity Predictions

Looking back, 2017 had all the twists and turns of a good disaster movie. Hackers steal and leak the NSA’s powerful exploit kit that’s then unleashed on the world through a Dr. Evilish ransomware-worm hybrid.  Later, a top U.S. credit reporting agency ... »

2017 Holiday Party

Better late than never right? All of us from Secure Sense just want to extend a sincere thank you to all those that attended our first (and very memorable) Holiday Party. The evening was complete with lots of food, drinks, ... »

Email Fraud Continues To Expand its Footprint in Q3 2017

Email fraud, or business email compromise, is a growing threat that impacts organizations of all shapes and sizes. These highly targeted email attacks that spoof trusted executives or partners, often don’t include a payload – such as a malicious URL ... »

Uber Paid 20-Year Old Hacker $100,000 to Hide Data Breach

Last year, Uber received an email from an anonymous person demanding money in exchange for the stolen user database. It turns out that a 20-year-old Florida man, with the help of another, breached Uber’s system last year and was paid ... »

How To Stay Safe When Online Shopping This Holiday Season

As December quickly approaches, we not only welcome the various holiday sales hosted both in-store and online but also the scams that come with it. But how can you really safely, and confidently shop online while getting a good deal? ... »

Online shopping security tips to keep your data safe this Black Friday

The Christmas ads have started, the streaming services are trying to subtly push us into listening to festive music, and the American Thanksgiving is has arrived. Thanks to our partner, Symantec, we have a Black Friday shopping guide to help ... »

Phishing Testing: Building Your Human Firewall

Phishing is becoming a major threat vector for organizations all around the world. Phishing is the exercise of sending illegitimate emails designed to elicit a response from the end user, whether that’s clicking on a link that infects them with ... »

Understanding GDPR & What it Means for Cyber Security

On May 25, 2018, the European Union will begin enforcing the new General Data Protection Regulations (GDPR) that will create one data protection standard throughout the EU. These regulations were designed to create a unified standard for personal data privacy ... »

6 lessons from horror films for avoiding phishing attacks

Most people know enough about horror films to recognize that the victims make the same mistakes time and again. There are the teenagers who follow a creepy noise and walk right into the killer, the couples who ignore warnings about ... »

What do Pumpkin Spice and Cyber Security Have in Common?

Give up yet? The answer, October. Why October? Continue reading to find out how pumpkin spice and cyber security are related. October is the month when the leaves begin to change, and fall, pumpkin spice is considered a food group ... »

Sonic Data Breach Could Have Affected Millions

Sonic first heard about the data breach when its credit-card processor detected unusual activity on customers’ payment cards. Fast-food giant Sonic has disclosed a data breach potentially affecting millions of customers. The chain has nearly 3,600 stores across 45 US ... »

Canadian Business unveils 29th annual list of Canada’s Fastest-Growing Companies

Secure Sense Ranks as Fastest-Growing Information Technology Firm on 2017 PROFIT 500 For Second Consecutive Year. Burlington, September 18, 2017-  Canadian Business and PROFIT ranked Secure Sense as the fastest-growing information technology firm for the second year and No. 20 ... »

CCleaner malware infected 2.27M users

The popular and free software, CCleaner has been reported to have infected 2.27 million users with malware. Here’s what you need to know. Users of a free software tool designed to optimize system performance on Windows PCs and Android mobile ... »

Canadians among 143 million people affected in Equifax hack

Equifax Inc. said its systems were struck by a cyber attack that may have affected about 143 million U.S. customers of the credit reporting agency, shedding light on one of the largest and most intrusive breaches in history. Intruders accessed ... »

Secure Sense First to Achieve BlackBerry Gold Partner Status in Canada

Secure Sense First to Achieve BlackBerry Gold Partner Status in Canada Burlington, Ontario, Canada — September 5, 2017 — Secure Sense today announced it is the first company in Canada to achieve BlackBerry’s Gold Partner Provider status. Part of BlackBerry’s ... »

The Importance of Bug Bounty Programs

Lately, in the news, we’ve seen a dramatic increase in organizations worldwide using a Bug Bounty model, and there have been some huge results. But what is this program and how does it work? The cybersecurity industry is in a ... »

Preparation is the best defence against a ransomware attack

Imagine how well you’d fare in a cage match with an extremely intimidating opponent. Such a nightmare scenario might seem a bit far-fetched to you. Indeed, it’s highly unlikely you’ll ever find yourself trapped and outmatched in the ring in ... »

Malicious ‘Back to School’-Themed Apps Target Young Users Who Don’t Know Better

Bad actors are constantly looking for ways to target unsuspecting users with malware or other digital threats. To increase the likelihood of a successful infection, these nefarious individuals incorporate holidays, current events and significant dates into their attack campaigns. And ... »

Foundational Controls for Common Attacks

In January 2017, Tripwire completed a survey of 403 IT Security professionals about the most common attacks and how prepared organizations are to defend against them. You can read about the details here. There are two important conclusions from the ... »

A Song of Phishing and Passwords via Cylance

Phishing for Developers Hackers are targeting Chrome extension developers with phishing attacks to hijack control over their extensions in the Chrome Webstore. The phishing attacks are very well crafted to display a replica of the real Google login page and use new ... »

#SecurityTipTuesday: Two-Factor Authentication

Did you know, about 63% of confirmed data breaches involved weak, default or stolen passwords? How can this be solved? Two-Factor Authentication. — Source: Verizon 2016 Data Breach Investigations Report  Security Tip # 4: Enable Two-Factor Authentication In the wake of ... »

#SecurityTipTuesday: Be cautious about unsolicited emails

You see an email in your inbox that reads,”Your DHL package has arrived!” Oh fantastic, my package arrived! Wait, did I order anything that’s being shipped by DHL? Let me just click and open the attachment to make sure this is ... »

3 Reasons Why Employees Don’t Care About Cyber Security

According to Verizon’s 2017 Data Breach Investigations Report, which analyzes security incidents that happened last year, again reported that humans were the weak link that led to many of the cyber security breaches. So yes, cyber criminals will generally start ... »

Have you heard of Fruitfly, a near-undetectable Mac backdoor Malware?

Even six months after it was discovered, the first Mac malware of the year is still causing a giant headache. According to ZDNet, the recently discovered Fruitfly malware is a stealthy but highly-invasive infection for Macs that went undetected for ... »

How do SME’s Fight off Cyber Attacks?

(Carbon Black) Does the fact that well-known brands are successfully attacked and breached mean that SMEs are even more at risk of cyber attacks? If SMEs can defend themselves against cyber attacks, how should they go about doing so? We ... »

Can employees learn not to make cyber security mistakes?

We’ve long maintained that technical means are not enough to protect a business from cyber threats. It’s possible for a single person to negate the effect of an entire information cyber security team. In many cases, it may be unintentional, the ... »

Brute Force: Anatomy of a Cyber Attack, Varonis

The media coverage of NotPetya has hidden what might have been a more significant cyber attack: a brute force attack on the UK Parliament. While for many it was simply fertile ground for Twitter Brexit jokes, a cyber attack like this that ... »

#SecurityTipTuesday: Stay Ahead of the Attack and Patch!

There are countless ways that attackers can compromise your network. Malware infected email attachments and compromised websites that deliver harmful scripts, typically tend to take advantage of unpatched vulnerabilities in OS systems, web browsers, and other applications to do irreparable ... »

#SecurityTipTuesday: Provide Training on Cyber Threats

Let’s think back for a second on all the safety lessons we were taught as kids; for example, when you cross a street, you look both ways. It’s so obvious right… Wrong. Cybersecurity or Cyber Threat awareness training is no ... »

Here’s what we know about what could be the latest Petya ransomware outbreak

A significant ransomware attack called Petya is spreading across Europe, Russia, Ukraine and elsewhere. What we know right now Victims so far include British advertising agency WPP (WPPGY), Danish shipping firm Maersk, Russian oil/gas company Rosneft and U.S.-based pharmaceutical firm Merck. ... »

Avoiding Alert Fatigue: Simplify Incident Response

An FBI report released last year estimated 327,374 robberies nationwide, which accounted for an estimated loss of $390 million. Cyber theft is not far different from the physical theft but in fact, it has become the most lucrative way of ... »

#SecurityTipTuesday : Managing Your Passwords Effectively!

Here at Secure Sense, we want the best for you. (But I’m sure you already knew that). That being said, we’ve implemented an epic Security Tip Tuesday series where industry Wizards will be providing you, the people, with the BEST ... »

Stop Business Email Compromise and Imposture Email Threats

According to the FBI, this type of scam has siphoned more than $2.3 billion from more than 17,000 victims—and those are just reported incidents. Alongside Proofpoint, learn how to identify and stop impostor email threats (also known as business email ... »

GhostHook Attack Bypasses Window 10 Patchguard

Security experts have recently discovered a method of bypassing Windows 10 PatchGuard protections and deploying malicious code into the Windows kernel, allowing attackers to plant rootkits on systems previously thought to be impregnable. More than 400 million devices worldwide currently ... »

Google removes another set of malicious apps from play marketplace

Last week we blogged about the importance of having a cybersecurity plan address the risks of Web Applications here. Today it’s been reported that Google has removed not one, but two malicious apps ZTORG Trojans from their play marketplace (and this is ... »

Addressing the increasing risk of web applications

According to Verizon’s recent security report, attacks on web applications are now the leading source of data enterprise breaches, up 500% since 2014. The spike in attacks has caused cyber security professionals to be most concerned about customer facing web ... »

Mouse hovering malware delivery scheme identified, refered to as potentially very dangerous

It’s been discovered that cybercriminals are using a new technique to infect computers that only requires a victim place their cursor over a malicious hyperlink for the malware to be injected. The newly discovered technique was noticed by several cybersecurity ... »

Camp Secure Sense 2017 – Recap

Wow, what a week! Camp Secure Sense has come and gone and reflecting back this was one fantastic group of customers and sponsors that attended. We’ve said it before, and we will say it again, without you there would be no ... »

Samsung Galaxy S8 iris scanner fooled by hackers

The Chaos Computer Club recently posted a video showing how they fooled the iris scanner on Samsung’s new flagship phone. The group said that standard PIN systems are more secure. According to TechRepublic, the Samsung Galaxy S8’s iris scanner, which ... »

Adylkuzz Malware That Could Spread More Than WannaCry

The last few days have been understandably exhausting for security teams around the globe due to the nasty ransomware WannaCry or WannaCrypt. The malware spread widely using an exploit for a Server Message Block v1 vulnerability (MS17-010) leaked by the ... »

Protecting Your Organizations from WannaCry Ransomware

Ransomware has become the fastest growing malware threat, targeting everyone from home users to healthcare systems to corporate networks. Tracking analysis shows that there has been an average of more than 4,000 ransomware attacks every day since January 1, 2016. ... »

How to defend against the WannaCrypt global ransomware attack via ZDNet

All the malware’s attack vectors and infection spreads are not yet known, but we do know how to protect vulnerable systems. Friday’s ransomware outbreak is ongoing and while researchers work to stem the tide of infection, businesses, governments, and individuals ... »

Network Access Control: Is it Dead? The History of NAC and How the Evolving Cybersecurity Industry Changed It via Bradford Networks

As enterprise organizations continue to add BYOD, IoT devices, virtual servers/cloud services, switches, routers and offices that are connected and sharing information throughout the globe, the task of identifying and securing these endpoints can seem overwhelming. To manage these trends, ... »

Ransomware incidents surge, education a hot bed for data breaches, according to Verizon

Ransomware incidents have surged 50 percent from a year ago, educational institutions are becoming a playground for cyber espionage, and 68 percent of healthcare security threats are internal, according to Verizon’s 2017 Data Breach Incident Report (DBIR). The DBIR is ... »

New types of ransomware innovate to find opportunity

There is no shortage of new types of ransomware, many with unique features, and experts say it’s an exercise in innovation and finding revenue opportunity. Search Security reports, that ransomware is big business and it appears as if malware developers ... »

The Google Phishing Attack, Explained

Google recently made an unprecedented move by widely announcing a Gmail phishing scheme through Twitter. The phishing message was especially nasty because of its polish. Uncharacteristically for phishing, there were few errors in the message, and it was created in ... »

Top 3 Myths of Security Awareness Training

Security Mentor has been at this a while – teaching, educating and training companies worldwide about how to work smart and securely – and in the process, transforming employee attitudes towards security. Across a wide range of industries and unique business ... »

Ten Practical Steps to Protect Your Online Privacy via Cylance

Two things happened recently which should raise an alarm for anyone concerned about their online privacy. The first was a major release by WikiLeaks on March 7, 2017 of a trove of hacks and hacking techniques allegedly employed by the CIA ... »

Netflix Breach: Orange, Black, and Another Hack

How much would your organization pay in ransom to stop the early release of its intellectual property? Can you place a monetary value on a breach of this type? In the case of the weekend Netflix breach notification, they paid ... »

Executive Insights: Achieving Digital Trust in a World of Data

Cybersecurity is at a critical tipping point. With massive volumes of data being generated and analyzed across the globe every day from a variety of sources and devices, an entirely new approach to network security is required. From both a ... »

Near Impossible Target: Fileless Malware

According to a blog post by ThreatPost, the future of client-side malware attacks is fileless. And it would appear the future has arrived with a growing number of attacks using fileless or in-memory malware to pose a threat to business that’s increasingly difficult ... »

Russian ‘pioneer’ of identity theft and card fraud jailed for 27 years

According to the Naked Sophos blog, Roman Seleznev, the Russian MP’s son who was found guilty last year of hacking into point-of-sale (PoS) systems and stealing millions of credit cards, has received the longest-ever sentence for hacking to be handed ... »

Workers like to bypass or find ways around corporate cybersecurity policies

Dtex Systems researchers found that 95 percent of enterprises surveyed had employees who are actively circumventing corporate security protocols. Dirty minds and common vices were the driving force behind the majority of protocol breaches as 59 percent of the organizations ... »

InterContinental Hotels Group: Malware Hit 1,200 Locations

Investigators Eradicated Point-of-Sale Malware by March, IHG Says Intercontinental Hotels Group is warning customers that malware infected point-of-sale devices at 1,200 of its locations beginning in September 2016. That appears to be a sharp rise in the count of breached hotels ... »

Android malware creators throw up a roadblock to thwart the good guys

Emulation testbeds have been considered by security practitioners to be a useful tool to conduct operational security exercises and a variety of research. For almost as long, malware writers have sought to thwart such tools. SophosLabs has come across some ... »

Infected By Ransomware. Now What?

Don’t negotiate with e-terrorists. Be a hero and rescue your hostage PC. With nasty malware like Locky making the rounds—encrypting its victims’ files, and then refusing to unlock them unless you pay up—ransomware is a serious headache. But not all ransomware ... »

Bug Bounties: Risk and Reward

Today BugCrowd CEO, Casey Ellis, and founder and attorney at Cipher Law, James Denaro stepped on stage at AppSecUSA 2016 to talk about the logistics and legalities of bug bounties. They talked through some of the most common concerns people ... »

Big Security Hole Found in Popular Password Manager Site

A Google security researcher found the vulnerability in LastPass, endangering personal data for millions of its customers. A security researcher found a major vulnerability in popular password manager LastPass that could allow hackers to steal passwords and login credentials from ... »

One of the most dangerous forms of ransomware has just evolved to be harder to spot via ZDNet

Malicious loaders delivered by self-extracting Dropbox files – enabling payloads to bypass detection. One of the most common forms of ransomware is evolving a new technique in order to become even more effective and harder to detect – the ability ... »

Insider Threats, What and Why You Should Be Concerned

Did you know, that insider threats have been behind the sharp increases over the past 18 months in the percentage of organizations that have experienced loss or theft of company data? According to the Ponemon Institute, three out of every ... »

Secure Sense Named One of 2017 Tech Elite Solution Providers by CRN®

Secure Sense Named One of 2017 Tech Elite Solution Providers by CRN® Tech Elite 250 list recognizes IT solution providers with deep technical expertise and premier certifications. Burlington, On March 27, 2017 – Secure Sense announced today that CRN®, a ... »

Bitcoin scams: Beware of crooks trying to steal your cryptocurrency with these schemes

Cyber criminals are successfully taking advantage of social media and naivety to steal Bitcoin and distribute malware. Cybercriminals are taking advantage of the rising price and popularity of Bitcoin to try to steal the currency and distribute malware. The cryptocurrency ... »

iSNS Server Memory Corruption Vulnerability in Microsoft Windows Server

In November 2016, as part of Fortinet’s FortiGuard research work, it was discovered and reported an iSNS server memory corruption vulnerability in Microsoft Windows Server. On patch Tuesday of March 2017, Microsoft released the Security Bulletin MS17-012 that contain the ... »

Defending Against El Machete’s Malware Attacks with Cylance

Can You Protect Against El Machete? El Machete is a targeted attack campaign that was first publicly disclosed and named by Kaspersky here. The Cylance SPEAR™ Team, whilst tracking and monitoring threats, found that El Machete has continued to operate ... »

New MajikPOS Malware targets users across North America

Trend Micro has discovered a new PoS malware, tracked as MajikPOS, that is targeting business in North America and Canada. Security experts at Trend Micro have discovered a new PoS malware, tracked as MajikPOS, that is targeting business in North America. ... »

Why Small-Business Owners Are Easy Prey for Hackers

Our partner Symantec says 43 percent of all cyberattacks in 2015 targeted small businesses. Randell Heath isn’t sure how hackers got into his company’s website — all he knows is a supplier called, saying the site had become an online ... »

Hundreds of High Profile Twitter Accounts Hacked

According to The Hacker News, in a large-scale Twitter hack, thousands of Twitter accounts from media outlets to celebrities, including the European Parliament, Forbes, UNICEF, Nike Spain and numerous other individuals and organizations, were compromised early Wednesday. The compromised Twitter ... »

How online gamers use malware to cheat

We typically think of malware as something used to steal data from corporations or knock down websites in politically motivated attacks. But if you’re a gamer, sometimes it’s simply a tool for winning. SophosLabs threat researcher Tamás Boczán has been ... »

What WikiLeaks’ massive CIA leak tells us about cybersecurity via Sophos Naked Security

Here we go again. In 2010, WikiLeaks published a disturbing heads-up video of US helicopters strafing “insurgents” who turned out to be Reuters journalists. Weeks later came Cablegate, a leak by Bradley (now Chelsea) Manning of 251,000 US diplomatic cables. ... »

RSA 2017 Predictions Analysis via Sophos

Sophos offered a predictions blog that was published on their Naked Security blog last week, and now it’s time to see how accurate these predictions were. Here, we will break down each prediction and see what really happened. Sophos wrote ... »

You CAN teach an old dog new tricks, according to the 2015 ransomware variant, TorrentLocker

It’s been quiet since 2015, but TorrentLocker has suddenly returned. And this time it wants to steal your passwords too. A ransomware variant which has been relatively inactive for almost two years is back, and this time it’s stealing user ... »

Secure Sense Named 2016 LogRhythm Partner of the Year Canada

Burlington, ON,  February 28, 2017 – Secure Sense, Canada’s fastest growing IT Security company, is pleased to announce it has been named LogRhythm’s 2016 Partner of the Year, Canada. The announcement was made at the LogRhythm Partner Summit, held in Boulder, ... »

Google Does it Again: Discloses Unpatched Microsoft Edge and IE Vulnerability

This month has yet been kind of interesting for cyber security researchers, with Google successfully cracked SHA1 and the discovery of Cloudbleed bug in Cloudflare that caused the leakage of sensitive information across sites hosted behind Cloudflare. Besides this, Google ... »

Pass(word)ing the buck!

The start of the New Year is always an interesting time in the security community. Out come the statistics and stories about the worst passwords and the most common ones chosen by online users during the previous year. A recent ... »

Canadian cyber firm confirms it was the victim described in RSA investigation

A Canadian cyber security software and services company has acknowledged that it was the victim of backdoor malware inserted into one of its products two years ago in an attack detailed last week by investigators for security firm RSA . ... »

Rise of the IoT Botnets

There are many doomsday cyber scenarios that keep security professionals awake at night. Vint Cerf, one of the fathers of the Internet and current vice president and chief Internet evangelist for Google, speaking at an event in Washington, D.C., in ... »

2017 Network Security Trends Infographic

As you plan for 2017, get the facts on endpoint security and stay current on the trends. This Infographic compiles relevant data from Gartner, IDC, The Ponemon Institute, Symantec and others, on the current state of network security threats from ... »

Organizations In 40 Countries Under ‘Invisible’ Cyberattacks

Unknown threat actors are stealing sensitive financial data using memory resident malware crafted from legitimate tools, Kaspersky Lab warns. Cyberattacks have become increasingly stealthy in recent years, with goals like persistence and lateral movement becoming much more important to threat ... »

Not all ransomware tools are created equal

In case you hadn’t heard, ransomware is big, big business. In 2016 alone, ransomware payouts are closing in on the billion-dollar mark, with a whopping 70% of companies reporting that they paid to have their maliciously-encrypted data liberated after being ... »

What’s the actual cost to a business of a data breach?

Cisco has released the 10th of its annual cybersecurity reports, leading some publications to scream that security breaches can cost businesses 20% of their annual turnover. If you burrow into the headlines, however, it becomes apparent that only a third of ... »

What’s Happening at #RSAC17

Will you be attending RSA in San Francisco this February? If so, we have the lowdown on all the exciting things our partners have planned for IT’s biggest event. From dinner parties to beer and ping pong, your go-to guide is ... »

Spora ransomware goes freemium with four different payment options

A new ransomware strain called Spora has taken the “freemium” model to a new level. Many ransomware attacks include a try-before-you-buy feature on their pay pages, where you can decrypt one or two files for free as an inducement to ... »

What’s New at Secure Sense?

2017 has already poised to be an incredible and successful year for Secure Sense. Our team has been working endlessly towards our ultimate goal of becoming Canada’s most trusted cyber security firm. That being said, we’d like to take the time ... »

When Robots Go Rogue – Cylance Identifies What’s Real in AI

Westworld… J.A.R.V.I.S.… Knight Rider… seems like we’ve been surrounded by artificial intelligence (AI) for a long time, doesn’t it? Thanks to Cylance we’re able to make sense of and understand exactly what Artifical Intelligence and Machine Learning really are. As other ... »

Almost 200K Websites Affected by the OpenSSL HeartBleed Vulnerability…and counting!

The ‘Open SSL HeartBleed’ vulnerability was one of the biggest flaws in the Internet’s history that affected the core security of as many as two-thirds of the world’s servers i.e. half a million servers at the time of its discovery ... »

Not all ransomware tools are created equal

In case you hadn’t heard, ransomware is big, big business. In 2016 alone, ransomware payouts are closing in on the billion-dollar mark, with a whopping 70% of companies reporting that they paid to have their maliciously-encrypted data liberated after being ... »

These Were the Most Common Passwords Used in 2016

With all the extensive online resources, emphasis on long and complex passwords and numerous enterprise breaches we are utterly shocked that ‘password’ is still being used as a password today! Although weak and commonly used passwords have long been one ... »

13 Cyber Security Practices you MUST Follow!

Inspired by today’s Friday the 13th, we’ve compiled 13 of the best cyber security tips and best practices you should be doing following! 1) Train your employees Did you know that your organization’s biggest security risk is your employees? Since the ... »

How to Stay Protected Against Ransomware

Businesses large and small are under threat from increasingly aggressive and brutal ransomware attacks. Loss of access to critical files, followed by a demand for payment can cause massive disruption to an organization’s productivity. But what does a typical attack ... »

Browser autofill used to steal personal details in new phishing attack

Chrome, Safari, Opera and extensions such as LastPass can be tricked into leaking private information using hidden text boxes, developer finds. Your browser or password manager’s autofill might be inadvertently giving away your information to unscrupulous phishers using hidden text ... »

Mongodb Attacks Jump From Hundreds to Twenty-Eight Thousand in Days

Security researchers report a massive uptick in the number of MongoDB databases hijacked and held for ransom. On Monday, researcher Niall Merrigan reported 28,000 misconfigured MongoDB were attacked by more than a dozen hacker groups. That’s sharp increase from last week ... »

Achieving Intelligent Infrastructure Defence with LogRhythm’s Co-Pilot Service and Security Analytics

Retailers have learned hard lessons in recent years, as organizations such as Target have suffered major data breaches. In Target’s case, the compromised credit card information of 70 million customers have resulted in significant expense, lost revenues, and a damaged ... »

The 5 Worst Hacks and Breaches of 2016 and What They Mean for 2017

2016 was not the best year for security, at least where high-profile breaches, hacks, and data leaks were concerned. The year saw yet another laundry list of big-name companies, organizations, and websites hit with distributed denial-of-service (DDoS) attacks, huge caches ... »

Begin With the End(point) in Mind

Advances in artificial intelligence (AI), machine learning (ML), and mathematical algorithms have allowed cyber security professionals to bolster their threat prevention in recent years. SecOps groups have shifted focus from response to prevention, using AI/ML-powered protection products such as CylancePROTECT® to ... »

Data breaches through wearables put target squarely on IoT in 2017

Forrester predicts that more than 500,000 Internet of Things (IoT) devices will suffer a compromise in 2017, dwarfing Heartbleed. Drop the mic—enough said. With the sheer velocity of how the distributed denial-of-service (DDoS) attacks spread through common household items such ... »

Ashley Madison forced to pay for deceptive security practices

Ashley Madison’s parent company has been forced to pay US$1.6 million for actively deceiving its customers as to how safe and secure the site really was. Ashley Madison’s parent company, Ruby Corp., will be forced to pay a large settlement ... »

Lesson Learned: Security Awareness Training

Think back for a second on all the safety lessons we learned as kids; for example, when you cross a street, you look both ways. But some safety lessons had to evolve over time. For example, no one wore seat ... »

Secure Sense Achieves Blackberry Authorized Reseller Status

On December 13th, 2016 Secure Sense has achieved the Blackberry Authorized Reseller Status. This tier recognizes Partners that have invested in the acquisition of a solid sales knowledge of the BlackBerry Enterprise Mobility Suites. We’ve identified the customer demand for ... »

Don’t let your former IT staff sabotage your company

A recent news story has brought to mind a threat which probably sends a shiver down the spine of many system administrators. A 32-year-old man was sentenced to two years in prison this month for hacking the computer systems of ... »

New ‘nasty’ Ransomware Encourages Victims to Attack Other Computers

Popcorn Time malware offers users free removal if they get two other people to install link and pay. A new ransomware variant has been discovered using an innovative system to increase infections: the software turns victims into attackers by offering ... »

What is Next-Generation Antivirus (NGAV)? via Carbon Black

In information security, the mere mention of the word “antivirus” elicits a largely unfavorable response. I’ve heard some descriptions from infosec pros that include: “not enough,” “ineffective,” and “archaic.” There’s merit to these claims. Antivirus has long been the most ... »

Expedia’s IT Guy Made $300,000 By Hacking Own Execs

A former Expedia IT professional has admitted to illegally trading on secrets he discovered by hacking his own company’s senior executives. Jonathan Ly stole passwords and infiltrated devices belonging to Expedia’s CFO and head of investor relations, which enabled him to ... »

DailyMotion Hack Leaks Emails, Passwords of 87m Users

DailyMotion, a popular video sharing website, said Tuesday it recently suffered an “external security problem” resulting in the compromise of an unspecified number of its users’ data., a repository of breached data, added DailyMotion to its list of “Hacked ... »

Retail Cybersecurity: Black Friday and Cyber Monday Have Arrived.

It’s the most wonderful time…of the year! No, no, we aren’t talking Christmas. Welcome back, Black Friday and Cyber Monday! In the U.S., the post-Thanksgiving shopping blitz of Black Friday often serves as a make-or-break event for many retailers. Indeed, ... »

Ten Cyber Security Predictions for 2017 via BeyondTrust

In the cosmic wink of an eye, 2016 is almost done. So, it’s that time of year to invoke the dark arts of prediction and try to determine how the next year will unfold. For cyber security, predicting the future ... »

LogRhythm 7.2 Now Available For Download

LogRhythm’s platform has been purpose-built to power the next-generation Security Operations Center (SOC), and with the release of 7.2, is now further optimized to help you deliver the industry’s most efficient, effective end-to-end threat lifecycle management solution. Scalability: Reduce total ... »

CryptoLuck Ransomware Emerges

A new ransomware family spotted for the first time recently is already being distributed via an exploit kit (EK). Dubbed CryptoLuck, the new ransomware variant was discovered by “Kafeine”, a Proofpoint researcher and maintainer of the Malware don’t need Coffee blog. Noteworthy ... »

The 7 Most Significant Government Data Breaches

Mega compromises at federal and state agencies over the past three years has compromised everything from personal data on millions to national security secrets. The Georgia Secretary Of State Office Breach In October 2015, Georgia Secretary of State Brian Kemp’s ... »

Blacknurse Low- Volume DOS Attack Targets Firewalls

A type of denial of service attack relevant in the 1990s has resurfaced with surprising potency against modern-day firewalls. Dubbed a BlackNurse attack, the technique leverages a low-volume Internet Control Message Protocol (ICMP) -based attack on vulnerable firewalls made by ... »

Customer information stolen in alleged cyberattack at Casino Rama

The Casino Rama Resort says its customers, vendors and current and former staff should keep an eye on their financial information. An Ontario casino is warning customers, vendors and staff to monitor all bank accounts, credit cards and other financial ... »

Top 10 Strategic Technology Trends for 2017

Artificial Intelligence and machine learning will increasingly be embedded into everyday things such as appliances, speakers and hospital equipment. This phenomenon is closely aligned with the emergence of conversational systems, the expansion of the IoT into a digital mesh and the ... »

Secure Sense Recognized on 2016 CRN Next-Gen 250 List

Secure Sense Recognized on 2016 CRN Next-Gen 250 List Annual List Features Trailblazing Solution Providers Transforming Business with Emerging Technologies Burlington, Ontario, November 7, 2016 – Secure Sense, Canada’s Fastest-Growing IT Company, announced today that CRN®, a brand of The ... »

CyberCrime is on the Rise? Big Surprise..

Attacks Hike? New Cybercrime Report Shows 40 Percent Increase for Merchants, Financial Institutions. Cybercrime is on the rise. While this isn’t shocking news, the recent Q3 2016 ThreatMetrix study found that even during the traditionally slow third quarter, both financial ... »

Brandon Bourret, Photobucket Hacker Sent To Prison for Computer Fraud

Creator of Software to Facilitate Privacy Invasion and Online Extortion Sentenced to Federal Prison for Conspiracy to Commit Computer Fraud. Photobucket was the victim of a bizarre cybercrime case, outlined by the US Department of Justice yesterday. Brandon Bourret of ... »

Can We Take It With Us to the #Cloud?

As more organizations move to the cloud, security professionals are coming to a number of hard realizations, and quickly. First, saying “no” to the cloud is NOT happening. What IS happening is moving to the cloud, so get over it. ... »

Google and Microsoft in war of words over bug disclosure

The search engine company publicized a critical Windows bug 10 days after informing the software firm about it. Google and Microsoft are in a war of words after the search engine company publicized a critical Windows bug just 10 days ... »

Protect Your Network from an IoT Device Attack – Like the Recent DDoS Assault on Dyn

On October 21st, waves of crippling Distributed Denial-of-Service (DDoS) attacks left some of the most prominent names on the web struggling to ensure consistent access. Dyn, Inc., a company that provides domain name services for about 6% of Fortune 500 ... »

Don’t Let A Lack of Resources Compromise Your Cyber Security

As a bank in today’s digital environment, cybersecurity concerns play a heavy hand in how we approach evolving customer needs, internal processes, and regulatory requirements. But in our current landscape, where companies of all sizes and in myriad industries can ... »

Yesterday’s Technology & Cyber Risk Today: Time for a Security Assessment? via Bradford Networks

For most IT teams, addressing or thinking about cyber security is a daily concern. From updating AV software to creating security profiles, most IT professionals spend a portion of their day on tasks with a goal of securing their network. ... »

Big Surprise – Russian indicted over LinkedIn and Dropbox mega-breaches

A Russian citizen has been arrested in the Czech Republic and indicted in connection with massive breaches: the 2012 attack on LinkedIn and the subsequent attack on Dropbox. The man, 29-year-old Yevgeniy Nikulin, from Moscow, also allegedly targeted Formspring, a ... »

There’s a New Trojan in Town, Spreading Through Targeted Email Campaign

The authors of a malware sample that has been around for more than two years have yet another trick for distributing it. The Kovter malware sample that has infected systems around the world for the past couple of years is ... »

IoT Bots Cause Massive Internet Outage October 21st, 2016

The real perpetrator of the widespread Internet outage on Friday, October 21, 2016 is still not known but the weapon of choice was definitely IoT devices compromised with Mirai malware. The Distributed Denial of Service (DDoS) attack that started on ... »

Hackers Used Your Vulnerable Tech To Throttle The Internet

Devices were infected to carry out a “sophisticated, highly distributed attack” to wreak online havoc. Hackers unleashed a complex attack on the internet through common devices like webcams and digital recorders and cut access to some of the world’s best-known ... »

A massive cyber attack caused major websites to go down across the internet

Internet users around the world, but mostly in the US, reported that some top websites were not loading on Friday morning. The affected sites included Amazon, Twitter, Etsy, Github, and Spotify. The issue appeared to have something to do with ... »

SMBs victims of phishing attacks 5x more than ransomware via SC

Despite a glut of research into new ransomware variants, low-tech threats like phishing attacks and viruses pose a more prevalent threat to small businesses than ransomware, according to a recent survey of SMB owners.   Thirty-seven percent of small businesses ... »

Nuclear Power Plant Disrupted by Cyber Attack

The head of an international nuclear energy consortium said this week that a cyber attack caused a “disruption” at a nuclear power plant at some point during the last several years. A nuclear power plant became the target of a disruptive ... »

Hack warnings prompt cyber ‘security fatigue’

Relentless cyber security warnings have given people “security fatigue” that stops them keeping themselves safe, suggests a study. Many ignored warnings they received, found the US National Institute of Standards and Technology (NIST). Others were worn out by software updates and ... »

Securing Enterprise Networks from Rapidly Increasing Malicious Attacks

Enterprise organizations are appealing targets for hackers. These networks can provide everything from valuable personal data profiles, to financial and research data – all valuable commodities on the dark web. The interest in targeted enterprise attacks has increased dramatically, with ... »

Happy Cyber Security Awareness Month!

Ahh, October. The time of the year when the air gets crisp, the leaves begin to change and Cyber Security Awareness begins! We may be bias, but we think October is the best month of the year. We live in ... »

Cybercrime-as-a-Service Offered To Militants, Terrorists, Says Europol

The Darknet could provide ample resources and services for terrorists to carry out attacks, claims report. Cybercriminals offering contract services for hire offer militant groups the means to attack Europe but such groups have yet to employ such techniques in major ... »

How to Sell Cloud Security Solutions to SMBs

It’s easy to think of cybersecurity threats as something that mainly targets the nation’s largest and most profitable enterprises. In the news, we see stories of the data breaches of massive healthcare and insurance networks, of retailers with thousands of ... »

Hackers Hold Investment Bank To Ransom

Hackers who call themselves TheDarkOverlord recently tried to extort a series of health care organizations into paying hefty ransoms. Their most recent target is WestPark Capital. The hackers have stolen apparent internal documents from a Californian investment bank and published them online, likely in an effort ... »

Taming the Great Disruptor: How Managing Change Can Bolster Your Security

Did you know China is having a hard time hiring hackers to meet the demand of vulnerable U.S. security systems? Okay, well… that might be a fictional story published by satirical newspaper The Onion. But it does highlight an important ... »

Fortinet Threat Landscape Report

Periodically, Fortinet publishes a set of findings based on threat intelligence gathered from hundreds of Cyber Threat Assessments performed across the globe. This report provides analysis and insight into the threats experienced within certain industry segments and regions. Published just ... »

PowerBroker Password Safe API is Available to Developers – for Free

Calling all vendors, end users, and application developers! BeyondTrust is now offering a free method to make all of your solutions more secure if you require a user or application to provide credentials for connectivity or authentication. BeyondTrust’s PowerBroker Password ... »

Temporal Chain Normalization: The Unsung Hero of Event Correlation

When it comes to correlation capabilities, LogRhythm has you covered. With AI Engine you can perform a variety of activities, from observing a single activity to applying advanced behavior rules across multiple dimensions (entities, devices, log sources, metadata, etc.). In ... »

Yahoo says 500 million accounts stolen

Yahoo confirmed on Thursday data “associated with at least 500 million user accounts” have been stolen in what may be one of the largest cybersecurity breaches ever. The company said it believes a “state-sponsored actor” was behind the data breach, meaning ... »

Is your network causing bottle-necks that hinder growth?

We recently read a thought-provoking article authored by one of our technology partners Fortinet, titled Network Security in the New Service Provider Reality. The article discusses how networks have to evolve and embrace the growing, dynamic distribution of data, as ... »

Cyber terrorism seen as the BIGGEST single future threat

47% of UK IT decision makers (ITDMs) are more worried about cyber terrorism attacks now than they were 12 months ago, according to IP EXPO Europe. This was identified as the biggest cyber security risk in the future (27%), followed ... »

Can Bug Bounty Programs Halt the Rise of APTs?

Security researchers recently discovered a new, advanced form of malware that is so sophisticated, it is believed only a nation state could have developed it. Known as “Project Sauron”, the malware went undetected for five years until Kaspersky Labs discovered ... »

How Ransomware Works via Carbon Black

Ransomware is similar to other malware in that it installs itself on a computer and runs in the background without the user’s knowledge. But unlike malware that hides and steals valuable information, ransomware doesn’t hide. As soon as ransomware has locked a user’s ... »

Cybercrooks use drive-by malware to rob Reddit users’ cryptowallets

An as yet unnamed drive-by-download malware is targeting the cryptowallets of Reddit users. Details of the attack are still unclear, but it appears attackers are using malicious links designed to appeal to those monitoring the changes in the Bitcoin prices. They ... »

Secure Sense Ranks No. 13 on the 2016 PROFIT 500

  – PROFIT and Canadian Business unveils 28th annual list of Canada’s Fastest-Growing Companies – Burlington, Ontario (September 15, 2016) Canadian Business and PROFIT today ranked Secure Sense No. 13 on the 28th annual PROFIT 500, the definitive ranking of Canada’s Fastest-Growing ... »

Google Project Zero Prize Pays $200,000 for Critical Vulnerability Chains

Apple isn’t the only one offering up a $200,000 reward for severe vulnerabilities on mobile devices. Google followed suit yesterday with the announcement of the Project Zero Prize, and like the Apple Security Bounty, the top payout is $200,000. Announced ... »

Consumers More Concerned with Financial Data Getting Hacked than Private Information about Their Families Being Exposed

Survey also reveals consumers more likely to hear about data breaches from the news or social media — not from companies holding their data. Centrify, the leader in securing enterprise identities against cyberthreats, today released findings from its 2016 Consumer Trust ... »

“Not If, but When” – Reflections on the OPM Breach

In my previous lives as a special agent in the FBI and also as the CSO of major U.S. corporations, I had to undergo periodic background investigations, usually every five years. I hold government clearances, and it was simply one ... »

Proofpoint report shows a significant rise in social media fraud

Proofpoint has released its inaugural Social Media Brand Fraud Report which investigates the current state of social media brand fraud to understand criminals’ methods and examine how this business risk is evolving. The company compiled a list of the top ... »

DDoS attacks growing more complex, larger

Distributed denial of service attacks — long serving as the weapon of choice for low-skill hackers — are getting more complex, with nearly two-thirds involving multiple kinds of attack traffic, according to new figures. If you need a refresher on what a DDos ... »

Cyber Security Cheat Sheet

Hello, September, we’ve been anxiously awaiting your arrival. For most of you, September means back to school for your children, and back to work for you! We understand how easy it is to loose track of security terminology while spending ... »

Dropbox Hack Leads to Dumping of 68m User Passwords on the Internet

Data stolen in 2012 breach, containing encrypted passwords and details of around two-thirds of cloud firm’s customers, has been leaked. Popular cloud storage firm Dropbox has been hacked, with over 68m users’ email addresses and passwords dumped on to the ... »

Crew Interview: Susan Singleton

Today marks the third week of Secure Sense Crew Interview, a little q&a, so you can get to know the phenomenal technical and sales teams we have here! For our third interview, to show off our crew, we present to ... »

Why You Don’t Shouldn’t Use WiFi at an Airbnb Rental

The threat exploded at the most recent Black Hat conference when security expert Peter Galloway  proclaimed what he had done on a recent vacation: he went back to his Airbnb rental and attacked the WiFi network.  “Within five minutes flat, I ... »

Overlay Malware Revealed on Google AdSense

Sipping on your first-morning coffee, and checking the news on your Android, seems pretty harmless right? Wrong. The latest strand of malware can hit any site that uses Google AdSense … and unfortunately that’s a lot of them. The malware ... »

Presenting a Cylance Unbelievable Tour: Toronto 2016!

 They say, “Seeing is believing.” And, that’s never been truer for those information security professionals who have attended a Cylance’s coast-to-coast “Unbelievable Demo Tour”. The good news if you have never been? We’ve added a stop in Toronto, for the ... »

All Your Cars Belong to US: Keyless VW Cars Can Be Hacked

Do you drive a Volkswagen? If so, we have some bad news. Tens of millions of vehicles sold by Volkswagen AG over the past 20 years, and various current models, are susceptible to theft because keyless entry systems can be ... »

Carbon Black: 3 POS Security Recommendations Following the Oracle MICROS Breach

Christopher Strand of Carbon Black reports flawlessly on the POS security recommendations those can take away from last week’s Oracle MICROS breach. If you were on a vacation, or just living under a rock, read the original story posted by ... »

20 top US hotels hit by new malware attacks

A new group of US hotels has fallen victim to PoS malware that is believed to have exposed private customer financial data. 20 US hotels operated by HEI Hotel & Resorts on behalf of Starwood, Marriott, Hyatt, and Intercontinental may ... »

Secure Sense Earned #23 on the 2016 CRN Fast Growth 150 List

Secure Sense Named to 2016 CRN Fast Growth 150 List List Recognizes Thriving Solution Providers in the IT Channel Burlington, Ontario, August 8, 2016 – Secure Sense announced that it has been named to The Channel Company’s 2016 CRN® Fast ... »

330,000 Exposed in Oracle MICROS Breach

One of the top three global point-of-sale providers, MICROS which was purchased by Oracle in 2014, has been breached. This is quite the cause for concern, as MICROS is currently deployed in over 180 countries, to over 330,000 sites. Oracle ... »

Kimpton Hotels Investigate Card Breach Claims

Kimpton Hotels is a boutique hotel brand, including 62 properties across the United States. The boutique chain is currently investigating reports of a credit card breach across multiple locations. On July 22, KrebsOnSecurity reached out to San Francisco-based Kimpton after hearing ... »

Insider Threat Trojan, Delilah, Makes Her Debut

According to Gartner, “Delilah” is the world’s first insider threat Trojan that targets individuals via social engineering and/or extortion, sometimes using ransomware techniques. It allows attackers to capture sensitive and sometimes compromising footage of victim’s in order to extort them ... »

This Week In Breaches: Ubuntu Forums

On July 14, a member of the Ubuntu Forums Council reached out to the Canonical team to inform them that someone had claimed to have a copy of their Forum’s database. The next day Ubuntu released a security notice confirming ... »

Gotta Catch ‘Em All … Including a Virus?

It’s official – Pokémon Go has taken the world by storm. This week it surpassed Candy Crush as the number one played mobile game, and even bigger, it surpassed Twitter’s daily user engagement. To make things even more remarkable … ... »

With KeRanger, Mac Users Are No Longer Immune to Ransomware Threats via Varonis

Cybercriminals who previously targeted Windows operating systems with ransomware have expanded their customer base to include the Mac OS. Known as KeRanger, it’s the first ransomware variant detected that infects Mac users. Unlike the usual methods of entry, such as ... »

iCloud Takeover Really is as Simple as One, Two, Three

Approximately 40 million iCloud accounts are rumoured to be hacked, but according to CSO Online, that number is likely overblown. Step one: Leaked credentials. Step two: “Find My iPhone” – lost mode. Step three: Lock user out and leave a ... »

Another Android Vulnerability, Is Anyone Really Surprised?

In the latest saga of Android vulnerabilities, a new malware called “HummingBad” is making its rounds and has already infected over 10 million devices worldwide. According to Check Point, the majority of infected devices are overseas in Asian countries, and ... »

Multiple Critical Vulnerabilities Exposed: Time to Update!

On June 28, 2016, Google’s Project Zero Researcher Tavis Ormandy released a blog that published details of multiple critical vulnerabilities with various Symantec products. According to Ormandy, these vulnerabilities, “Don’t require any user interaction, they affect the default configuration, and ... »

2.2 Million Sensitive Records Leaked

A mid-2014 database that contained 2.2 million records of individuals with suspected ties to terrorism, organized crime, money laundering, bribery, and corruption links has been leaked. The source of the leak is from World-Check, a database of politically exposed persons ... »

Is Vulnerability Management Still a “B” Horror Movie? via BeyondTrust

Here we are in 2016, and the state of information security (specifically the lack thereof) feels more like a bad Toxic Avenger sequel than a box office blockbuster. We’ve had major breaches, huge failures,  significant doubt, speculation about new technologies ... »

Dangers of Selling Old Hard Drives and Devices

If you were at our annual Camp Secure Sense this year, then you will remember the compelling presentation by Fortinet’s Senior Security Strategist, Aamir Lakhani. Lakhani spoke about the reality of digital breadcrumbs being left behind, without the realization. He ... »

Cyberattacks on Healthcare Institutions Shows No Signs of Slowing Down

This year has seen record high attacks against hospitals, most notably the ransomware attack that held Hollywood Presbyterian Medical Center hostage for over two weeks. Data stored within healthcare networks is a rising target for attackers on a global scale and ... »

Is your virtualized environment at risk for a data breach?

You know a concept is solid when it grows from a good idea to a standard business practice. It can feel like the change takes place overnight, especially if the solution can quickly prove its ROI – a company adopts ... »

Yikes! The Average Breach Costs How Much?!

According to a study conducted for IBM by Ponemon Institute, the average cost of a data breach has drastically increased. Ponemon conducted 1,500 interviews in over 383 victim organizations, for 16 different industries, within 12 countries. It was discovered that ... »

Vulnerability Exposed: Time to Update

A serious vulnerability has been identified, and it’s time to update, today. On June 16th, Adobe released a critical update for the Flash Player that fixes several vulnerabilities, including CVE-2016-4171. According to Adobe, if successfully exploited, “this vulnerability could cause ... »

Secure Sense Technology Partner BlueCoat, Acquired by Symantec

As a value added reseller, at Secure Sense we only partner with the best of breed network, security, and cloud providers – one of these companies being Blue Coat. On Sunday, June 12th, 2016, American endpoint protection company, Symantec announced ... »

The Cost Of Data Breaches Rises Past $4 Million

The Cost Of Data Breaches Rises Past $4 Million: Post VIA DarkReading: Ponemon annual report shows data breach benchmark index on the rise again, while Deloitte advises those tangible costs may be just the start to financial impact racked up ... »

Twitter Wasn’t Hacked, People Just Love Reusing Passwords

Last week there were many reports that Twitter had been hacked and that a user database of 32 million, was listed on the dark web. Twitter claims that this is not the case. Twitter’s Information Security Officer, Michael Coates, posted ... »

10 Things to Watch: Detecting a Phishing Email

As you may have noticed, the topic of phishing has been at the forefront of the concerns within the IT security 2016 landscape. As attacks become more challenging to identify, organizations become more susceptible to breach. Ransomware infections are often instigated ... »

This Week in Breaches: The Mega Breaches Keep On Coming

Mega breaches have been one of the prominent stories of 2016, begging the question – will it ever stop?, Russia’s version of Facebook, is another social media platform in less than two weeks to have an old data breach ... »

Mark Zuckerberg’s Twitter and Pinterest accounts hacked, LinkedIn password dump most likely to blame

Facebook co-founder and CEO Mark Zuckerberg understandably has social media accounts on other networks. And like most avid online users, he ignored to maintain standard security password practices. Over the weekend, Zuckerberg’s Twitter and Pinterest accounts were hacked. The group ... »

What a Week for Social Media Platform Hacks

In the latest string of old hacks coming back to life, microblogging, social network Tumblr, who was hacked in 2013 – has a much larger scope than anticipated. Back in 2013, Tumblr refused to release the number of those affected ... »

Wait – Myspace is Still Around AND it Was Hacked?

Yes – apparently the early 2000’s dominant social media platform still does exist, and still potentially has 50 million unique visitors per month. What’s even more of a shock, is that this hack could be the largest password leak in ... »

Proactive Versus Reactive, We See You Reddit!

First off – no Reddit has not been compromised, so if you have an account to this broad range social media site, you can let out that deep breath you’re holding. But they, along with every other organization that takes ... »

DARK READING REBLOG: Epic Security #FAILS Of The Past 10 Years

We thought this was a great breakdown of some of the most epic security fails over the past 10 years. Happy 10-year Anniversary Dark Reading, thank you for always providing insightful, and top news articles in the information security world. ... »

Phishing Attacks Jump 250% From Oct Through March

It has been reported a record-breaking 250% increase in phishing activity between October of 2015 and March, 2016, says Business Wire (sourced from Anti-Phishing Working Group). As previously blogged, phishing is defined as ‘the activity of defrauding an online account holder of ... »

4-Year-Old Data Hack Has a Much Larger Scope Than First Reported

Back in June of 2012, LinkedIn confirmed that they had been breached, and approximately 6.5 million user’s credentials had been compromised. Now, almost 4 years later that number has grown exponentially. Busy bee hacker “peace_of_mind”, or ‘Peace’ as they seemingly ... »

Camp Secure Sense 2016 – Recap

What a whirlwind week, Camp Secure Sense has come and gone and we could not have had a better group of individuals to have been there! First off, we would like to thank every single one of you, our amazing ... »

Easing Your Enterprise into the Cloud

With so much negative publicity focused around “the cloud”, it’s no wonder that companies are cautious to make the switch. But we all know that there is a certain level of push-back when it comes to changes, especially ones that ... »

Hackers Play Freeze Tag with Your Android Device

Well, it’s not a game, and it certainly isn’t fun, especially if you’re holding the phone – but hackers are constantly finding new ways to mess with Android users. This time, it is in the form of a quasi-ransomware coined ... »

Did Anyone Learn from the Ashley Madison’s Breach?

It should really come as no shock to anyone these days that an online dating website has been hacked. The latest subject of attack is self-proclaimed ‘elite’ dating website, which has suffered a massive database leak, exposing the personal ... »

James Bond Going Digital?

If you’ve seen the 2015 blockbuster film, Spectre, then you know where we’re heading with this. MI6 and James Bond, on a clandestine mission, to ensure the safety of the world’s population remains in the hands of living, breathing spies ... »

Amazon Sold Me Embedded Malware, and All I Got Was This Lousy T-shirt

Well … they didn’t sell it to me per say, and no one got a shirt, but Amazon has been unknowlingly selling security recording equipment with embedded malware. This discovery was made by Mike Olsen, labeled as an “artful hacker” ... »

Mega Breach in The Philippines

55 million voters, 55 million citizens now susceptible to fraud and identity theft after a massive data breach that leaked the entire database of the Philippines’s Commission on Elections (COMELEC). With 55 million voters in the Philippine’s, this could go ... »

How Hackers Are Getting Siri to Show Them Your Photos

When the FBI took Apple to court it was with the intention of ordering the tech giants to build a backdoor that allowed them entry into a terrorists locked iPhone, as we have previously blogged. The FBI has since dropped ... »

This Week in Breaches: Trump Hotels, Again?

According to Security Guru Brian Krebs, Donald Trump’s series of luxury properties – the Trump Hotel Collection is the subject of another credit card system breach (Anonymous anyone??).   Earlier this year we reported about a series of hotel breaches, including ... »

Ransomware has been the dominant nuisance to cyber security in 2016 thus far, and doesn’t seem to show any signs of slowing down. In recent news, the main target of a ransomware attack has been hospitals and health care organizations that ... »

1.5 Million Customers’ Information Exposed in Data Breach

Every year Verizon Enterprise Solutions, a B2B unit of the telecommunications company, releases their Data Breach Investigations Report (DBIR). This report is complete with case studies of the year’s most interesting and impactful data breaches. The reports include the hard lessons ... »

For Hire: Uber Bounty Hunters

Typically, when most North Americans hear the term Bounty Hunter, images of a jacked up, sunglass wearing, blonde goliath come to mind. In terms of cyber security, it’s highly unlikely you’d ever see someone who fits that bill. It recently ... »

iMessage Vulnerability Discovered

Researchers from Johns Hopkins University have discovered a flaw that allows skilled attackers to intercept and decrypt video and images sent on iMessage. Apple partially fixed the flaw in the latest iOS 9, but the exploit leaves versions prior vulnerable. ... »

JLaw Breach

In late August of 2014, approximately 100 female celebrities had their privacy breached, when personal and intimate photos were published online, sourced from their private iCloud or Gmail accounts. At the time of the leak, or commonly known as “The ... »

Bank of England Governor, or Nigerian Prince?

In July of 2013, Mark Carney was appointed the Governor for the Bank of England, and within mere months, he was the subject of a “Nigerian Prince” email scam. California native Cameron Smith was the target of this scam when ... »

Anti-DDoS Firm Target of DDoS Attack

Irony- the expression of one’s meaning by using language that normally signifies the opposite, or in this case, a company who falls victim to the very thing they exist to defend against. On March 10, 2016 global DDoS protection company, ... »

The Ottawa Hospital Infected with Ransomware

One of the largest threats to cyber security in 2016 – ransomware, has a worrisome emerging trend; targeting hospitals. Ransomware has made quite an impact on the year so far and is likely to continue its trajectory of havoc. We ... »

Proof Reading: The Difference Between $80 Million and $850 Million

Foundation. One relatively average word that brought down a scam worth nearly $1 billion. On February 5, 2016, the Federal Reserve Bank of New York received a succession of requests seemingly from the Bangladesh Central Bank in Dhaka. If the ... »

My Mac Can’t Really Be Vulnerable, Can It?

On March 4, 2016, the Palo Alto Networks research team discovered a new MAC OS X ransomware called KeRanger that had infected the Transmission BitTorrent client installer. KeRanger is the first official complete and functioning ransomware to affect OS X. ... »

When Real Life Pirates Get Tech Savvy

Imagine being a pirate on the high seas, sailing around the world, hoping to land a gold mine – that one ship that was loaded with exactly what you’ve been searching for. Now imagine how much easier it would be ... »

OpenSSL Secured Websites Vulnerable to DROWN

A group of international academic researchers have discovered a vulnerability in OpenSSL security that has the potential to affect as many as 11.5 million servers. The hole in this security protocol allows Secure Sockets Layer (SSLv2) an outdated security protocol, ... »

Evolving Ransomware; Websites Beware

A new malicious program has surfaced, indicating a new trend in ransomware development that has already seen a resurgence in 2016. CTB-Locker, has been attacking files on web servers, infecting at least 100 websites over the past several weeks. Also ... »

Snapchat Falls Victim to Phishing Attack

On Friday February 26, 2016, the popular photo sharing app, Snapchat, fell victim to a sophisticated phishing attack. Employees were “targeted by an isolated email phishing scam”, where the scammer impersonated Snapchat’s Chief Executive Officer, Evan Spiegel, according to a ... »

Vulnerability in GNU glibc Affecting Nutanix Products: February 2016

Advisory ID:        Nutanix-sa-003-glibc     CVE-2015-7547 Last Updated:     25 February 2016 Published:           25 February 2016 Version:               1.0 On February 16, 2016 and industry-wide critical vulnerability in the GNU ... »

Vulnerability Revealed in Nissan LEAF

On February 24, 2016, Troy Hunt, a Microsoft MVP for Developer Security reported a vulnerability in the remote management APIs for Nissan LEAF. If you have the VIN number of any of the cars, you are able access certain features ... »

This Week in Breaches: Linux Mint

On Saturday February 20, 2016 Linux Mint project leader Clement Lefebvre confirmed that the website of the community-driven operating system had been hacked.  An attacker by the handle of “peace_of_mind”, is claiming responsibility for the hack of the site, deceiving ... »

When a Real World Virus Affects the Digital World

On February 1, 2016, the World Health Organization (WHO) declared a Public Health Emergency of International Concern (PHEIC) regarding the outbreak of Zika virus and all associated birth defects. Zika has been the determined cause of microcephaly, an abnormal smallness ... »

Apple Set to Play Hardball with the U.S Government

On February 16, 2016, a California court ordered Apple to assist the FBI in hacking and gaining complete access into an iPhone. The phone previously belonged to one of the San Bernardino shooters who tragically took the lives of 14 ... »

Hospital Held Ransom by Cyber Criminals

On February 5, 2016, Hollywood Presbyterian Medical Centre in Los Angeles was hacked and fell victim to a ransomware attack. The computer systems have been offline for over a week and a half, and according to the hackers will not ... »

I’ve Got 99 Problem’s and Quite a Few of Them Are STILL Android

On September 10, 2015 our guest blogger Fortinet, reported about malware issues within Androids, specifically with ‘Stagefright’. Today the focus has shifted toward third-party app stores, which do not have the same level of frontline security, nor the same level ... »

This Week in Breaches: The US IRS

On February 9, 2016 the United States Internal Revenue Services released a statement that they had ‘identified and halted an automated attack’ on their website with the Electronic Filing PIN application. This application can be used to electronically file taxes. ... »

An Interloper Listening in On Your Calls

While most backdoor attacks have limited functionality, Skype has a sophisticated nuisance that’s come-a-knocking, referred to as T900, a variant of the T5000 malware family. Secure Sense partner FireEye reported about this family back in 2014, when the T5000 sent ... »

Privacy Shield Takes Safe Harbour’s Place

Formed in 2000 by the United States and the European Union, The International Safe Harbour Privacy Principles Agreement regulated the way that US companies could export and handle the personal data of EU citizens. This agreement was to establish a ... »

eBay Exposed to Vulnerability

On December 15, 2105, Israeli security firm Check Point, informed the e-commerce giant, eBay about an online sales platform vulnerability. This flaw would allow cyber criminals to distribute phishing attacks and deploy malicious code on eBay’s users. On February 2, ... »

This Week in Breaches: Landry’s POS Breach

The Houston-based hospitality chain Landry’s, has recently released news of a point of sale, or POS malware attack at the organization’s restaurants and additional properties dating back to 2014, and 2015. An original report regarding the security incidents by Landry’s ... »

Major Monetary Cyber Thefts in Europe

Within 6 days of each other, two large European companies suffered a combined loss of €120 million, roughly $184 million Canadian. I bet you’re wondering how? On January 19, 2016, Austrian aerospace component manufacturers FACC AG, reported an outflow of ... »

This Week in Breaches: University of Virginia

Nowadays cyber-attacks are more aggressive and more sophisticated, making it even harder for companies and institutions to catch up and keep up with the evolving technology. But sometimes, a common email scam is all takes to infiltrate your security environment. ... »

FortiOS SSH Update

  On January 13, 2016 we reported about a FortiOS SSH exploit, and it looks like it has a larger scope than originally reported. After the original report, Fortinet further investigated their product line and discovered the same vulnerability on some ... »

This Week in Breaches: Hyatt Hotels

In late November of last year, Hyatt acknowledged that malware affecting credit card payment data had been found within their systems. An investigation was launched with third party security companies Mandiant and Kroll, and a public announcement of the breach ... »

Wearable Technology, Just as Susceptible to Account Compromise

Certain Fitbit accounts have been recently reported as compromised. IT security blogging guru, Brian Krebs reached out to Fitbit CSO, Marc Brown, who has confirmed that it is not a massive breach of account databases, but rather stolen individual account ... »

‘Backdoor’ FortiOS Exploit!

FortiOS is an operating system that powers Fortinet’s firewall platform, FortiGate. On January 9, 2016, an exploit for an SSH backdoor in the FortiGate operating system was posted to the Full Disclosure mailing list. In a statement released by Fortinet ... »

The end is near, for older versions of Internet Explorer

Say au revoir to Internet Explorer 7-10 and bonjour to Internet Explorer 11 … at least from a tech support standpoint. Today is the official day Internet Explorer officially drops support for its earlier versions. A notice on the Microsoft ... »

This Week in Breaches: Time Warner Cable

The American cable telecommunications company, which happens to be the second-largest cable company in the country, has admitted that 320,000 customer passwords MAY have been obtained[i]. TWC has stated that the email and password details were likely stolen either through ... »

Pearson Vue Credential Manager System Compromised With Third Party Malware

The massive scale of today’s data breaches this year alone are astronomical, Pearson Vue joins that list this week. Responsible for conducting and controlling millions of exams for people all around the world each year in nearly every walk of industry. ... »

Meet eDellRoot, The Rogue Certificate

Say hello to eDellRoot, the next major vulnerability to hit the enterprise information technology and security landscape. Dell, being one of the world’s largest computer manufacturers, has reported a vulnerability concerning a Self-Signed root certificate that is breaking HTTPS. It ... »

SecTor 2015 Recap

Every year SecTor brings together experts from around the world to share their latest research and techniques involving underground threats and corporate defences. The conference provides an unmatched opportunity for IT Professionals and Managers to connect with their peers and ... »

Sophos Guest Blog: Got encryption? Consider these 6 things to choose the right encryption solution

With the proliferation of data and the need to access it from anywhere at any time, encryption is rapidly emerging as the best place to start your data security strategy. Despite some common ideas about encryption that it is too ... »

Guest Blog Post: Centrify ‘Fundamental Security Controls Most Overlooked’

When we take a look at the security industry as a whole there is a focus on all the various APTs and Zero Day-sorts of unknown attacks. However with the rush to fight the good fight; the basics of authentication, ... »

iPhone iOS Threat: Ins0mnia Never Sleeps

FireEye researchers discovered a vulnerability (ins0mnia) in iPhone iOS allowing potentially malicious applications to run continuously in the background, even after it appears that the user has closed them. This vulnerability, critically affects non-jailbroken iOS devices: malicious software designed to ... »

Online Infidelity Site, Ashley Madison, Target of Breach Of 37+ Million Users’ Data

The Canadian owned adult dating site for spousal affairs was the victim of a huge data breach on Monday—potentially exposing millions of users’ real names, nude photos, sexual fantasies, as well as billing address and financial information—a breach which raises ... »

An Enemy of the Internet

A cache of documents that has recently surfaced has provided a captivating look into the world of commercially available cyberwar software. The documents reveal many details of the products and clients of Italian company Hacking Team, an organization labeled ‘an ... »

Breach of Houston Astros Has Big Implications for Corporate Cyber Espionage

An ongoing FBI investigation has uncovered the cyber-espionage and breach of  the Houston Astro’s organization allegedly by the St. Louis Cardinals. Even though cyber-espionage is not a new phenomenon, it has historically been the wheelhouse of intelligence-gathering or intellectual property ... »

Tripwire Gold Status Partner

Secure Sense is happy to announce our recent move to a Gold Status Partner with Tripwire. Currently, we are the only Gold level Canadian Tripwire reseller in all of Canada. Tripwire has played an integral role in our Security profile ... »