Mauchel Barthelemy

Continuous training will inevitably affect productivity. Slowly but surely, these statistic numbers are improving. I’m almost certain things looked worse five to ten years ago. Also, let’s keep in mind that no security system is perfect and of course so are employees. There will be employees who demonstrate more concerns than others. Obviously,…[Read more]

This is another example that proves there is no perfect defense system out there. No one is safe. Hopefully those targeted organizations adopt necessary measures to improve their security systems before this escalates to something worse.

This would be the classic result of developers not incorporating security minded people in their work process. I could be wrong, but most times this is what happened. Another root cause could be not developing the proper culture to pen-test Magento’s systems regularly. A number of other reasons could lead to this. Hopefully Magento can address…[Read more]

The more I’m reading about this, the more I’m thinking about it a reverse way. Which leads me to ask:
What if those tools were leaked on purpose? What if those so called tools are being used to spy on the same people who may think they stole them?

Shain, very informative article. thank you! I would argue that most CSOs do not know everything accessing their network. A lot of companies allow employees to connect almost any smart device on their network. Also, I’m not sure their is a long way to go for end users to understand these risks. It will depend on the nature of the campaign to…[Read more]

I would rather agree that the list should be updated every year because it would be better to stay ahead of hackers for no major reasons than operating under risk of ethical hackers not evolving enough. There should never be a good reason to be one step behind of cyber criminals.

Loi, that’s good to know and thanks for sharing. This represents another good reason people should take applying updates seriously. It’s funny that certain people refuse to update their mobile devices’ OS because they are “afraid” certain parts of the user interface no longer look the same.

Drilling a whole the size of a golf ball next to the PIN pad and inserting a wire into it requires quite some physical efforts performance. This convinces me be to believe that this form of attack would be difficult to execute successfully if proper surveillance equipment is installed. But hey, hackers are figuring out to bypass whatever…[Read more]

Tizen was supposed to be an Android and iOS’s competitor started a few years ago. For some reason, the mobile OS did not catch on as Samsung hoped, so they decided to change the focus around Tizen. Long story short, they deployed Tizen to IoTs. I have not been paying much attention to Tizen, but I was always eager to learn about the quality of t…[Read more]

Crucial move there. This needs to be done (correctly) before autonomous vehicles become more popular. I also support the fact that the bill is trying to protect drivers’ privacy. Lastly, I think you meant this is one of the things you like the most about this bill as opposed to the one thing you like about it. Very good article Ahmed.

Adding more to the problem? Maybe Google was right about Symantec after all. Google recently accused Symantec of misissuing tens of thousands of certificates for encrypted web connections. Symantec has been a pioneer in IT Security company for many years, so the company needs to do something to address these as soon as possible. The last thing…[Read more]

This was a concern raised at my job this week due to the nature of information we deal with daily. Cyber criminals are trying to make connections to FTP servers in anonymous mode to allow write access to inject malicious tools. Preventive measures include checking FTP servers running in anonymous mode.

It’s a good thing that NetHunter requires physical access; otherwise, it would have been much easier for cyber criminals to cause much greater damage with it. We must also remember that it is still a dangerous tool that can fall into the hands of an organization’s number one threat, disgruntled employees.

This technique has the potential to enhance internal spy. It also proves why a company’s employee should always be considered as the number one threat. Who knows how long this methodology had been in use and linked to recent scandals pertaining to IT security.