Resources

Blog

VERT Threat Alert: February 2021 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s February 2021 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-928 on Wednesday, February 10th. In-The-Wild & Disclosed CVEs CVE-2021-1732 A vulnerability in Win32k that allows for privilege escalation has been exploited in the wild. The...
Blog

General Tips for Children & Teens on Safer Internet Day

On February 9, 2021, the world will celebrate the 18th iteration of Safer Internet Day. The theme of this year’s event is “Together for a better internet.” It’s a reminder that all of us have a responsibility to help make the web a safer place. One of the ways we can do this is by taking the online safety of children and teens to heart. In their...
Blog

Social Media Best Practices for Safer Internet Day

On February 9, 2021, the world will celebrate the 18th iteration of Safer Internet Day. It’s an opportunity for everyone to recognize the importance of staying safe online. It’s also a reminder that all of us play a part in making the web a safer place. One of the ways we can observe Safer Internet Day is by helping children and teens navigate...
Blog

Amazon Addresses Best Practice Secrets Management with AWS Secrets Manager

Data breaches are becoming increasingly common, and one factor driving this escalation is the fact that today’s IT systems are integrated and interconnected, requiring login information from multiple parties and services. In response, Amazon Web Services has launched the AWS Secrets Manager, a service designed to help organizations get a handle on...
Blog

Sloppy patches are a breeding ground for zero-day exploits, says Google

Security researchers at Google have claimed that a quarter of all zero-day software exploits could have been avoided if more effort had been made by vendors when creating patches for vulnerabilities in their software. In a blog post, Maddie Stone of Google's Project Zero team says that 25% of the zero-day exploits detected in 2020 are closely...
Blog

How the CIS Foundations Benchmarks Are Key to Your Cloud Security

Many organizations are migrating their workloads to the cloud. But there are challenges along the way. Specifically, security leaders are concerned about their ability to protect their cloud-based data using secure configurations.Tripwire found this out when it partnered with Dimensional Research to survey 310 professionals who held IT security...
Blog

Tripwire Patch Priority Index for January 2021

Tripwire's January 2021 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Dnsmasq and Oracle. First on the patch priority list this month are patches for Dnsmasq related to the seven so-called "DNSpooq" vulnerabilities. Dnsmasq is an open-source DNS forwarding application, and systems using this software should...
Blog

11 Respected Providers of IT Security Training

We at The State of Security are committed to helping aspiring information security professionals to reach their full potential. Towards that end, we compiled a two-part list of the top 10 highest paying jobs in the industry. Back in 2017, we even highlighted the U.S. cities that rewarded security personnel with the best salaries, amenities and other...
Blog

Emotet botnet takedown - what you need to know

What's happened? Law enforcement agencies across the globe say that they have dealt a blow against Emotet, described by Interpol as "the world's most dangerous malware", by taking control of its infrastructure. Police have dubbed their action against Emotet "Operation LadyBird." What is Emotet? Emotet is an extremely advanced and pernicious...
Blog

The Right to Privacy: Navigating Personal, Physical and Digital Safety

CW/TW: This article mentions the implications that privacy and data can have on domestic abuse and violence. Zoe Rose is a cybersecurity consultant and recognized as one of the 50 most influential women in cybersecurity. In this episode Zoe explains why it is important for the average person to be aware of privacy and shares tips for staying safe. ...
Blog

Ghidra 101: Decoding Stack Strings

In this blog series, I will be putting the spotlight on some useful Ghidra features you might have missed. Each post will look at a different feature and show how it helps you save time and be more effective in your reverse engineering workflows. Ghidra is an incredibly powerful tool, but much of this power comes from knowing how to use it...
Blog

What Does Data Privacy Mean to Consumers and Corporations?

January 28 is Data Privacy Day (DPD)! I know, you're so excited that you've got a party planned to get your executives, Marketing and Sales personnel to spend all day reviewing and revising your Privacy Policy (especially now that Privacy Shield is invalid). The general focus of DPD is to inform consumers about the need to maintain the privacy of...
Blog

A Look at the Legal Consequence of a Cyber Attack

Is your system 100% ready to face the severest cyber-attack and mitigate the risk of a possible data breach? If you are unsure about your cyber-safety structure, then it’s time to upgrade it. Otherwise, you could be at risk of lengthy legal battles that result in hefty fines. Beyond that, the cost in terms of reputational loss could be catastrophic...
Blog

4 Steps for Assessing Your NERC CIP Compliance Program

The North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) Standards are a cybersecurity compliance framework designed to protect utility organizations. Adhering to these guidelines is essential—falling short will leave your environment vulnerable to malicious actors and can result in some hefty fines. NERC CIP...