Fortscale Insider Blog

security training

03 Jun Security Training Helps, But it’s Not Enough

Industry experts agree that the actions of employees and other insiders are major contributors to data security incidents. Security training helps, but studies show it’s not very effective. Ponemon Institute recently released a report on “Managing Insider Risk through Training & Culture." The study examined enterprises that already have security and data protection training in place, and measured the effectiveness of those programs. Security training...

Read More
LinkedIn breach

01 Jun LinkedIn Breach Surges by 110 Million Records

Like millions of others, last week I received a notice from LinkedIn that my personal data may have been stolen during a data breach in 2012. What prompted the notice four years after the LinkedIn breach was that a few days ago the company “became aware that data stolen from LinkedIn in 2012 was being made available online." LinkedIn posted a...

Read More
penetration test Part 2

31 May How IT Staff Can Make a Professional Internal Penetration Test —Part 2

As I mentioned in Part 1, penetration testing isn't just for hackers and security professionals. If you know how your infrastructure technology works to a protocol level then you can test it fairly properly. That means any IT staff member could be making their own internal penetration tests. As you get more comfortable doing these tests, you may be interested in...

Read More
Fort Friday compromised accounts

27 May Fort Friday Security Clips— Reddit, Myspace Compromised Accounts Rising

  Reddit compromised accounts increasing Redditors are currently under a hack attack—it is account takeover time—the clocks ticking. A Reddit official announcement noted an "uptick in account takeovers (ATOs) by malicious (or at best spammy) third parties." Reddit's founding engineer, Christopher Slowe (AKA: KeyserSosa) wrote "Though Reddit itself has not been exploited, even the best security in the world won't work when users...

Read More
hacktivists strike global banks via operation OpIcarus

26 May OpIcarus — Hactivists Strike Global Banks — And Us

During the past few weeks, the hacktivists group known as “Anonymous” has engaged in an operation they have termed OpIcarus, which is aimed at disrupting the Global Banking network. What began as an Anonymous operation has now become a joint project between Anonymous and Ghost Squad Hackers, the Last American Vagabond, and LulzSec Global. Together their DDoS attacks have interrupted service...

Read More
Dark web

25 May Dark Web — Tor Use is 50% Criminal Activity — How to Detect It

The Dark web is a collection of thousands of websites that use anonymity tools such as Tor and I2P to mask their IP address. Tor was intended to offer anonymity and protection for legitimate purposes. But it’s also a significant haven for criminal activities. Detecting when your users are coming from a Tor site is critical. I’m occasionally asked about anonymizers and...

Read More
penetration test Part 1

24 May How IT Staff Can Make a Professional Internal Penetration Test —Part 1

Pretend I'm doing some sort of introduction here with statistics from like the FBI and friends about internal threats. Good, you just made the first step toward penetration testing—you imagined something. With a few tips you're ready to do your own internal penetration test. In this 2-part series you'll get the know-how that lets any IT staff person make an internal...

Read More
stolen credentials on the black market

23 May Stolen Credentials — Millions of User Passwords for Sale on Black Market

Reusing the same password across multiple sites nets stolen credentials A few months ago it was revealed that login details for around 300 million Gmail, Hotmail and Yahoo accounts were available for purchase on the black market. That figure comes from a single source that was discovered on the Darknet. The actual number is believed to be much much larger. To add...

Read More
Fort Friday Security Clips

20 May Fort Friday Security Clips— Flight 804, TeslaCrypt, Cyber-espionage Malware Discovered

EgyptAir Flight 804: No hard evidence yet Early Thursday morning EgyptAir Flight 804 was cruising normally beneath clear skies on a flight from Paris to Cairo, then suddenly lurched from left to right (issuing no distress signal) and plummeted 38,000 feet—disappearing  into the Mediterranean Sea. Egyptian authorities, some Russian officials and aviation experts say downed flight 804 may have been an act of...

Read More
compromised passwords

19 May Compromised Passwords in 6 of Top 10 Vulnerabilities

There are a lot of opinions about the biggest vulnerabilities when it comes to computer security. But compromised passwords remain a common theme among most lists of top vulnerabilities. Although top vulnerabilities may be manifest in varying ways, stealing user credentials belonging to legitimate users—especially privileged users is at the heart of most of the biggest vulnerabilities. Passwords Top The List A case...

Read More