The principle of least privilege in cybersecurity prescribes that no user should have access to system resources beyond what's necessary for fulfilling a specific task. Adhering to this principle has become essential, as one of the primary ways malicious actors breach a system is by compromising (legitimate) user access. The 2020 Global State of...

Like technology itself, cybersecurity is ever-evolving and encompassing more areas of our lives, including transportation. Popular science fiction movies have led us to expect flying taxis and private space travel as the future of transportation. If that is going to become an eventual reality, the first steps towards that future are “smart cars” and...

On a Mission of Protecting Abraham Lincoln is credited with saying that “A lawyer’s time and advice are his stock and trade.” Whether the quote is mis-attributed to Lincoln is irrelevant to the greater message, which is that attorneys are “knowledge workers.” To state it as bluntly as one attorney once explained to an executive where I worked, “My...

Cybercriminals are running an online competition offering big prizes to anyone who believes they have found an unusual way to help crooks steal cryptocurrency. As security researchers at Intel471 describe, an underground cybercrime forum popular with cybercriminals has issued a call for papers that will describe "unorthodox ways to steal private...

Welcome back to #TripwireBookClub. If you recall, the last book we reviewed was The Ghidra Book: The Definitive Guide, a book that I thoroughly enjoyed because I’m a huge fan of everything Chris Eagle writes. This time, we’re looking at Crypto Dictionary: 500 Tasty Tidbits for the Curious Cryptographer. I am by no means a cryptography expert, so I...

The benefits of organizations moving some or all their IT workloads to the cloud are well-known and numerous. There are several challenges to successful cloud adoption, though, and one of the most important of them is compliance. Whether your cloud use case is low-cost data storage, scaling your infrastructure for critical business apps or disaster...

The critical infrastructure of the United States includes all those systems and assets that are essential to the proper functioning, economy, health, and safety of American society. The roads and railways that we travel on; the Internet and the mobile networks that connect us; the water that we drink; the healthcare, financial services and security...

Anthony Israel-Davis joins the show to discuss what you can do with the DBIR as a practitioner and his perspective on the proposed Cybersecurity Safety Review Board. https://open.spotify.com/episode/02DRlioMrZc98rU7wlwvid?si=YY-9l1KLTbmZz82VZvTadA Spotify: https://open.spotify.com/show/5UDKiGLlzxhiGnd6FtvEnm Stitcher: https://www.stitcher.com...

Are you doing enough to prevent scammers from hijacking your social media accounts? Even if you have chosen a strong, unique password for your online presence and enabled two-factor authentication it's possible that you've overlooked another way in which online criminals could commandeer your social media accounts and spam out a message to your...

Attacks against operational technology (OT) and industrial control systems (ICS) grew dramatically in the past few years. Indeed, a 2020 report found that digital attacks against those two kinds of assets increased by over 2000% between 2018 and 2020. Many of those attacks involved vulnerabilities in Supervisory Control and Data Acquisition (SCADA)...

Tripwire's May 2021 Patch Priority Index (PPI) brings together important vulnerabilities from Google Chrome, Adobe and Microsoft. First on the patch priority list this month are patches for macOS (CVE-2021-30657) and Google Chrome (CVE-2021-21220). Exploits for these vulnerabilities have been recently added to the Metasploit Exploit Framework....

Cybersecurity has always been a significant challenge for businesses, mostly due to the increasing financial and reputational cost of data breaches. As a result, there has been a consistent rise in tactics and technologies used to combat these threats. These methods fulfill the need for better, smarter ways to augment enterprise-level security and...

Cloud misconfigurations represent something that’s plaguing many organizations’ cloud adoption efforts. For example, a 2020 report found that 91% of cloud deployments contained at least one misconfiguration that left organizations exposed to potential digital threats. Those weaknesses contributed to more than 200 data breaches between 2018 and 2020,...

Cloud computing is an integral part of most businesses globally. Technology has transformed the way businesses operate and thrive in the industry. However, the cloud industry has been facing huge challenges when it comes to complying with various data protection and data privacy standards. With the enforcement of the General Data Protection...

MITRE ATT&CK stands for MITRE Adversarial Tactics, Techniques and Common Knowledge. It’s a curated knowledge base of adversarial behavior based on real-world observation of APT campaigns. The original impetus for the project was to answer the question, “How are we doing at detecting documented adversary behavior?” MITRE ATT&CK v1 was released in...

With all the headlines about ransomware attacks hitting companies hard, you might think there's only bad news around the subject. Well, think again. Not only has the Darkside ransomware gang seemingly shut down since the high-profile attack which resulted in the Colonial Pipeline being shut down, and numerous dark web forums announce that they...

On May 8th, I was at a gas station filling up my car before a trip I was taking when the news about a cyberattack against a large pipeline company broke. The attack led them to halt all operations. Ultimately, the incident stemmed from a ransomware infection in which a well-known threat actor took volumes of corporate data in just two hours and made...

Amazon's, Google's and Microsoft’s experiences with building massive infrastructures for the world allows for some fascinating insights into the future of IT security at scale. As a result, when Google published The CISO’s Guide to Cloud Security Transformation earlier this year, I was curious about what priorities they saw in cloud security. It’s a...

Responding to the all too familiar news of compromised Amazon cloud storage, security researchers have begun leaving “friendly warnings” on AWS S3 accounts with exposed data or incorrect permissions. The misconfiguration of access control on AWS storage “buckets” has been behind numerous high profile data breaches, including Verizon, The Pentagon,...

Organizations are increasingly faced with threats from sophisticated criminal organizations and nation-state actors. To mitigate the risks posed by cyber criminals, organizations must secure and protect their proprietary and sensitive information. They must also commit to training their employees to do their part to protect proprietary and...