Security News


Jan 2018

Migrating to the Cloud the Secure Way

It is 2018 and “The Cloud” continues the trend of upward growth. The Gartner Group predicts by 2021, 28% of all IT spending will be for cloud-based infrastructure, middleware, application and business process services. Online services help make our work and personal lives more productive and easier. Some advantages of the cloud are that you can easily access your data from anywhere and sync it with...

Read More


Jan 2018

What you should know about Spectre and Meltdown

By Corey McReynolds Two large exploits, “Spectre” and “Meltdown”, have been released that allow reading privileged memory with side-channel attacks on Intel and ARM processors. This issue is known to affect nearly all processors in personal computers, Macs, servers and mobile devices (both Android and iOS). AMD processors are affected (only to “Spectre”), but to a much lesser degree. The result of a successful attack can...

Read More


Oct 2017

KRACK exploit explained

A recently discovered vulnerability in the most widely used wireless security standard may be one of the biggest in years. The good news is there are precautions that can be taken to keep you and your business safe. Sword & Shield’s Corey McReynolds and Joe Gray explain: What the Attack is This attack exploits a vulnerability in Wireless Protected Access (WPA), both WPA and WPA2 encryption...

Read More


Aug 2017

Petya: Cyber Warfare Deception

By Ryan Ernst The following article originally appeared in the August 2017 edition of Gulf Insider online magazine. “All warfare is based upon deception.” – Sun Tzu, The Art of War Petya, the global cyberattack launched weeks after the WannaCry ransomware, appeared at first as a new variant of the original 2016 ransomware of the same name.  However, security researchers soon identified significant differences prompting...

Read More


May 2017

InfoSec Threats Spread Worldwide

By Ryan Ernst InfoSec threats are a global concern. Well-publicized cyberattacks in the U.S. are only one chapter in a worldwide cyberwar. History of attacks in the Middle East The Middle East is one theater in that war. Back in 2012, Shamoon, a computer virus designed for sabotage and corporate espionage, was unleashed on Saudi Aramco, a Saudi Arabian petroleum company, in 2012. The attack wiped out...

Read More


Apr 2017

Shadow Brokers Release: Microsoft Exploits and Your Business

By Jason Graf It seems like something out of a spy novel: A covert band of cybercriminals releases details of extraordinary weaknesses in unsupported versions of Windows that could be used to wreak havoc on businesses and individuals worldwide. The Shadow Brokers release is real, and it has the potential to cause serious damage. On April 14, the Shadow Brokers, a hacker group originating in...

Read More


Jan 2017

Joe Gray Discusses Dyn DDoS’s Effect on Supply Chain Security

Sword & Shield Enterprise Consultant Joe Gray guest posts on Tripwire’s State of Security blog. WHAT IS SUPPLY CHAIN SECURITY? In the most conventional sense, when we think of Supply Chain Security, we immediately equate it to Target and the HVAC vendor that was used to pivot into Target’s network and perform the attack on the Point of Sale (POS) systems that exfiltrated 40 million...

Read More


Dec 2016

Russel Van Tuyl Joins WATE News 6 to Discuss the Latest Yahoo Breach

Sword & Shield Managing Consultant of Security Assessments Russel Van Tuyl talks with WATE News 6 about how to protect yourself after the latest Yahoo! breach. Yahoo says it believes hackers stole data from more than one billion user accounts in August 2013. The California company says it’s a different breach from the one it disclosed in September, when it said 500 million accounts were...

Read More


Dec 2016

SOC Warning: Stealthy Stegoloader Can Evade Analysis Tools

By Lee Tibbals and Brian Lowe An interesting relic from the past came to visit recently in the form of a threat called Steganography. Steganography is a well-known and ancient practice of concealing a file, or a message inside of another file or message. The first recorded uses of steganography are accepted to have been around 440 BC in ancient Greece, where a message was...

Read More


Dec 2016

Experts: IoT Will Be Hacked Again in 2017

It was nearly two weeks before Halloween and nearly three weeks before Election 2016 when millions were denied access to such popular websites like Twitter, Reddit, The New York Times and PayPal. Some thought it was the Russians attempting to hack the election. Others thought it might be an early seasonal prank, but the event that blocked Internet access for large sections of the country...

Read More

Page 1 of 41234