Resources

Blog

Why Your SOC Needs More Than a SIEM Tool

Cybercrime is becoming more sophisticated by the day. Meanwhile, the price for a breach due to damage and disruption, ransom payments and regulatory fines, is increasing. No wonder there's more of a need than ever for companies to set up a dedicated SOC using SIEM to identify threats and raise the alarm. But is that enough to fight the hackers? ...
Blog

New "Torii" Botnet's Sophisticated Techniques Set It Apart From Mirai

Researchers have discovered a new botnet called "Torii" which differentiates itself from Mirai by its use of several sophisticated tactics. Infosec expert @VessOnSecurity is the first to have discovered the new botnet: https://twitter.com/VessOnSecurity/status/1042538889582444546 Named for its use of Tor exit nodes to launch telnet attacks, Torii...
Blog

How to Avoid DevOps Security Pitfalls: 16 Experts Share Their Top Tips

DevOps is redefining the way organizations handle software development. But it’s also challenging security professionals in their efforts to manage digital risk. With that said, there are security teams need to be strategic about how they approach DevOps security. Here are some expert recommendations on what to do and what to avoid when implementing...
Blog

Tripwire Patch Priority Index for September 2018

Tripwire's September 2018 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft and Adobe. First on the patch priority list this month are patches for Microsoft's Internet Explorer, Edge and Scripting Engine. These patches resolve 18 vulnerabilities, including fixes for Elevation of Privilege, Information Disclosure,...
Blog

Malware in the Cloud: What You Need to Know

Cloud security is not as simple as it may seem. Businesses have a shared security responsibility with cloud service providers, but some lack the knowledge to keep up their share of the bargain. Poor configuration and data leaks are common problems that many businesses encounter in the cloud. These issues can lead to malware infecting your cloud...
Blog

Death, Taxes and Compliance Updates - An Addition to NIST 800-171

New updates and additions to compliance requirements are as regular as the rising and setting of the sun. Recently, The National Institute of Standards and Technology (NIST) released a companion publication to NIST 800-171 that provides guidance on how organizations can assess the CUI requirements in NIST 800-171, known as SP 800-171A. The purpose...
Blog

Women in Information Security: Sharka

Due to popular demand, my women in information security interview series is back for autumn! This marks the second anniversary since I started. Some of my subjects in this round have been waiting since last spring, so getting to chat with them has been long overdue. Let’s start with Sharka, a penetration tester who is full of enthusiasm. She wants...
Blog

5 Notable Security Incidents that Recently Affected Federal Entities

Digital attackers have a history of targeting public sector organizations. For its 2018 Data Breach Investigations Report (DBIR), Verizon Enterprise tracked 22,788 security incidents that affected the public sector. Data disclosure occurred in 304 of those events; digital espionage via phishing or the use of a backdoor served as the most common...
Blog

Cloud Security: A Cloud Provider-User Partnership

It is a common trend now to see most of the organizations opting for the cloud. Growing business demands, competition and the growth of Software-as-a-Service (SaaS) have helped propel this trend. While everything looks smart in the cloud, what about security? Does that look smart, too? Now that organizations use different kinds of cloud environments...
Blog

Is Your Security Dashboard Ready for the Cloud?

The ability to feed key security information onto a big screen dashboard opens up many new opportunities for managing the day-to-day security and maintenance workload as well as providing a useful method of highlighting new incidents faster than “just another email alert.” Most Security Operation Centres I’ve visited in recent years have embraced...
Blog

ICO to Fine Equifax £500,000 for 2017 Data Breach

The Information Commissioner's Office (ICO) of the United Kingdom announced it will fine Equifax £500,000 for a data breach that occurred in 2017. In a monetary penalty notice filed on 19 September, the ICO revealed its decision to impose the maximum fine specified in section 55A of the Data...
Blog

The makers of the Mirai IoT-hijacking botnet are sentenced

Three men who operated and controlled the notorious Mirai botnet have been sentenced to five years of probation. The Mirai botnet notoriously launched a massive distributed denial-of-service (DDoS) attack on DNS service company Dyn in October 2016 and made it impossible for many users to reach popular sites such as Amazon, Reddit, Netflix, Twitter,...
Blog

Guarding the Gate: Cybersecurity De-Mystified

With individuals, businesses and critical infrastructure increasingly becoming the target of cyber-attacks, cybersecurity today is a multifaceted challenge. As the saying goes, “There’s more than one way to skin a cat.” And if the cat equates to preventing, detecting or discovering disruptive data breaches and determining the root cause, the vendor...
Blog

U.S. Federal IoT Policy: What You Need to Know

Over the past several months, increased attention has been paid to U.S. federal government policies surrounding internal use of IoT devices. In January 2018, researchers discovered they could track the movements of fitness tracker-wearing military personnel over the Internet. In July, a similar revelation occurred with fitness app Polar, which was...
Blog

Ransomware Attack Takes Down Airport's Flight Information Screens

A ransomware attack prevented an English airport from using its flight information screens to assist passengers in their travels. On 13 September, Bristol Airport tweeted out that its flight information systems were experiencing technical difficulties. https://twitter.com/BristolAirport/status/1040427309306662912 For the two days that followed, the...