The 5 biggest cryptocurrency heists of all time
The biggest crypto heists of all time include MT.GOX, Poly Network and KuCoin. How did the hacks occur, and what can we learn from them?
Topics
How IIE moved mountains to build a culture of cybersecurity
Here’s how the Institute of International Education built a pro-cybersecurity culture and drastically decreased their phishing rates using InfoSec IQ
At Johnson County Government, success starts with engaging employees
Read about how Johnson County, Kansas used InfoSec IQ to proactively fight back against phishing attacks.
How to carry out a watering hole attack: Examples and video walkthrough
What is a watering hole attack, how do they work and what can you do to defend against them? Find out in this from Infosec's Keatron Evans.
How cross-site scripting attacks work: Examples and video walkthrough
What are cross-site scripting attacks and how do they work? Find out in this walkthrough from Infosec Skills author John Wagnon.
This scholarship winner reveals the secrets to cybersecurity success
In an era of unforeseen uncertainty, Infosec Accelerate Scholarship winner Steff Allen finds himself more sure about his career choice than ever.
This scholarship winner prides herself on interdisciplinary experience
For Infosec Accelerate Scholarship winner Rachel Jones, a career in cybersecurity has never looked more promising.
Consent phishing: How attackers abuse OAuth 2.0 permissions to dupe users
What is consent phishing? How are cyberattackers using a standard protocol, OAuth 2.0, to gain access to user data even if it is robustly protected?
The state of BEC in 2021 (and beyond)
What are the trends in business email compromise (BEC) in the next 12 months likely to be? Will deep fakes or crypto be the next big thing in BEC?
Redline stealer malware: Full analysis
In recent months, a recent piece of malware dubbed Redline has been distributed and gaining traction on Russian underground forums.
A full analysis of the BlackMatter ransomware
Learn how the BlackMatter malware works, about its presence on the dark web, and how to prevent the threat from affecting you.
THOTH TECH 1: VulnHub CTF Walkthrough
Test out this capture the flag (CTF) to strengthen your cybersecurity skills.
FUNBOX UNDER CONSTRUCTION: VulnHub CTF Walkthrough
This capture the flag (CTF) will be an easy challenge for you to test your skills out. It's perfect for those looking for an easy challenge.
iOS forensics
Day by day, smartphones and tablets are becoming ever more popular, and as a result, the technology used in development to add new features or improve the security...
Kali Linux: Top 5 tools for digital forensics
There are many tools available from Kali Linux. These are the five most popular tools for digital forensics work.
Kali Linux: Top 8 tools for reverse engineering
These Kali Linux tools are great for offensive and defensive cybersecurity.
Stacks and Heap
Memory is a crucial resource for any system when conducting reverse engineering. Malware analysts must understand the way memory is assigned to a program.
During...
Only 20% of new developers receive secure coding training, says report
A lack of secure coding training presents a risk for your organization.
Container security implications when using Iron vs VM vs cloud provider infrastructures
Containers are popular, meaning more and more service providers are offering ways to manage container workloads, each with their own pros and cons.
10 biggest cybersecurity fines, penalties and settlements of 2021 (so far)
Learn about the largest fines given to companies when it comes to cybersecurity penalties and settlements in 2021.
Cybersecurity Weekly: Gift card scams, IKEA breached, cyber knowledge gaps
New twists on gift card scams flourish on Black Friday. IKEA was hit by a cyber attack that uses stolen internal reply-chain emails. Cybersecurity knowledge gaps at any level of the organization pose security risks. All this, and more, in this week’s edition of Cybersecurity Weekly.
How to use Wireshark for protocol analysis: Video walkthrough
Learn how to analyze network traffic with the free protocol analyzer Wireshark and sniffing tool tcpdump. Then try it yourself!
9 best practices for network security
Network security is important for every organization, no matter how big or small. Here are some best practices.
Dark Web hacking tools: Phishing kits, exploits, DDoS for hire and more
The demand for dark web hacking tools has reached all-time highs across the cybercriminal ecosystem during the COVID-19 pandemic.
Double extortion ransomware: Pay now or get breached
Ransomware has become a lot more sophisticated recently, and learning more about it is important to stay safe in case it happens to you.
Beginner’s guide to the basics of data encryption
Encryption is one of the best ways to protect data from being exposed due to different types of cyber incidents. Learn how it works.
Structures of cryptography
Cryptography is an important way to keep data safe. Learn about cryptography features and how cryptography works.
How to build a proactive incident response plan
The average cost of a data breach is now $4.24 million. A proactive incident response plan is crucial to help organizations mitigate that risk.
Sparrow.ps1: Free Azure/Microsoft 365 incident response tool
Sparrow is a powerful tool used for detecting malicious activities in Azure and Microsoft Office 365.
Securing cloud endpoints: What you should know
Let’s take a closer look at security challenges affecting endpoints in public and private clouds.
AWS security and compliance overview
Amazon offers many solutions for ensuring your environment is secure and meets many industry standard compliance frameworks. By properly utilizing tools such...
Android security: Everything you need to know [Updated 2021]
Android devices have a host of security risks, but updates are helping to mitigate them.
Application sideloading in Windows 10
Windows 10 security is a constantly evolving and update process. Data security in Windows 10 starts with a high encryption, using BitLocker. Access is restricted...
Operation technology sees rise in targeted remote access Trojans and ransomware
Operation technology (OT) is one of the most overlooked segments of the IT sector that attack groups target.
Vehicle hacking: A history of connected car vulnerabilities and exploits
New cars have features that need a connection to work, like keyless entry via smartphones or in-car Wi-Fi systems, which can introduce vulnerabilities.
Genetic testing “hottest” new form of health insurance fraud, FBI warns
The FBI is finding more and more cases of health insurance fraud. Learn more about it.
Healthcare data security issues: Best security practices for virtual healthcare sessions
With more telehealth and related digital mechanisms to deliver health, healthcare data security standards are more important than ever.
Most common MITRE ATT&CK tactics and techniques: CISA shares most common RVAs
CISA has released a list of Risk and Vulnerability Assessments, or RVAs, to the MITRE ATT&CK Framework and have released their findings to the public...
Using MITRE ATT&CK with cyber threat intelligence
The MITRE ATT&CK framework is a tool developed by the MITRE Corporation. It is designed to provide information about how a cyberattack works and the various...
Deception technologies: 4 tools to help you identify threats and mitigate risks
Deception technologies have come a long way from the days when honeypots were used to analyze attacker behavior. Today’s deception tools contain advanced...
Threat hunting with Kolide and osquery
In this article, we’ll discuss how we can use Kolide Fleet for threat-hunting purposes. This article is not intended to be an introductory piece, but rather...
Will a Digital Bill of Rights solve machine learning and privacy issues?
Will the Digital Bill of Rights fix the machine learning algorithm and privacy conundrum?
Engineering personality analysis from machine learning
From social media to eye movement to handwriting, there are numerous ways to uncover your personality traits — and for cybercriminals to exploit them.
Fixing the cybersecurity skills gap: Draw on wider talent pools
In order to fill open cybersecurity positions, organizations need to focus on recruiting from new and underrepresented talent pools.
Why recent cyberattacks are shining a spotlight on the state of cybersecurity today
Cybersecurity issues are plaguing organizations large and small today, and it's a technical and personnel issue.
Decentralized identifiers (DIDs) and blockchain: The silver bullet for online privacy?
Learn more about decentralized identifiers and the role they play in keeping your privacy and data intact.
Cryptocurrency Enforcement Framework: Impacts on digital forensic investigations
A new Cryptocurrency Enforcement Framework was recently released. Learn how it may impact cryptocurrency, cybersecurity and digital forensics investigations.
Smart Toys and Their Cybersecurity Risks: Are Our Toys Becoming a Sci-Fi Nightmare? [updated 2021]
As smart toys get more advanced, they bring more cybersecurity risk with them.
Japan’s IoT scanning project looks for vulnerable IoT devices
The Internet of Things (IoT) is still a baby compared to other computing technologies, but the market has already exploded and continues to expand at a healthy...
NIST first responder guidance: Balancing mobile security with response time
The NIST 1800-13 standard describes how public safety first responder organizations can improve access to sensitive data without compromising security
Critical software security guidance issued by NIST
Explore the five best practices in cybersecurity risk mitigation for all organizations based on NIST's Security Measures for EO-Critical Software Use.
Infosec Skills December Challenge: special edition to Hack the Holidays
Join the quest for new skills, bragging rights and over $1,000 in prizes. Each month, we’ll release a brand new challenge. Can you complete it?
ICS cyber ranges: Hands-on training for industrial control system security teams
Incident response has been a pillar of cybersecurity for decades. But plans to account for the unique risks surrounding the specialized command and control...
PenTest+: DoDD 8570 overview
In November 2020, the US Department of Defense (DoD) has selected CompTIA PenTest+ as an approved certification for military personnel and defense contractors...
Introduction to the DoD Cyber Workforce Framework (DCWF)
In response to the ever-changing world, including the increased focus on cyberspace as a theater of war, the US Department of Defense (DoD) decided that it...