Resources

Blog

Why Do I Need SCM?

What is SCM? Well, let’s start with what it stands for. Generally, it represents "Security Configuration Management," but it is also referred to as "Secure Configuration Management." Both are equally acceptable and mean the same thing. SCM exists at the point where IT Security and IT Operations meet. It’s a software-based solution that aims to...
Blog

Shining a Light on Mobile App Permissions

Last weekend, I was doing some work around the house and needed a flashlight. I cursed having to get up and get one from the closet when my daughter said, "Use the flashlight app, Dad." Then we discovered that my Android phone doesn't have a built-in light. This, of course, led me to look for an app and spend much more time than getting off my lazy...
Blog

Code.org Fixes Error that Exposed Volunteers' Email Addresses

Code.org has fixed an error on its website that accidentally exposed email addresses belonging to its volunteers. On Saturday, Hadi Partovi, the CEO of the non-profit organization that encourages students to learn about computer science, issued a statement of apology on the company's blog. "On Friday night we discovered and fixed an error in the...
Blog

A Penny for Your Thoughts: How Adopting the NIST Cyber Security Framework Can Save You Billions

Recently, there has been a lot of publicity regarding the new national cyber security plan and the billions of dollars pledged to its various parts, including the appointment of the United States' first ever federal chief information security officer (CISO). We understand in large part that the monies “pledged” are goals and aspirations. They are...
Blog

Hackers Breach DDoS Protection Firm Staminus, Leak Sensitive Data Online

Staminus, a global Web security company specializing in protecting against distributed denial of service (DDoS) attacks, has reportedly fallen victim to a massive hack. According to a report by investigative journalist Brian Krebs, the company’s entire network was knocked offline for more than 20 hours until Thursday evening. On Friday afternoon,...
Blog

Typo Helped Prevent Hackers From Stealing $1B in Bank Heist

A typo helped prevent a group of hackers from successfully stealing one billion dollars during a bank heist that occurred last month. In the heist, a group of attackers infiltrated Bangladesh Bank's systems and made off with the credentials necessary for making payment transfers, reports Reuters. ...
Blog

Leveraging UEBA to Deliver Just-in-Time-Training to Employees

In the information security space, there’s no shortage of insight that says increased technology and hardware are needed to combat the loss of information from expensive IT infrastructure. However, the real problems often lie in fallible human beings who’ve been entrusted to maintain the infrastructure and are failing to do so. Meanwhile, it’s...
Blog

SCM – Taking the Pain Out of Hardening Your Systems

Security Configuration Management (SCM) exists where IT security and IT operations meet. It has evolved over the years from a ‘nice to have’ to a ‘must-have.’ The last line of defence is on the endpoint, as network intrusion detection becomes less effective and as the attacks become more sophisticated. One area where a good SCM solution should...
Blog

Sophisticated Android Malware Targeting Australian Banking Apps

Researchers have discovered a sophisticated strain of Android malware targeting the mobile banking apps of some of Australia’s largest banks. Experts at IT security company ESET said the malware ­­­­– dubbed Android/Spy.Agent.SI – is not only capable of stealing users’ credentials but also thwarting two-factor authentication. “The malware . . ....
Blog

LinkedIn: The Phone Book for Social Engineers

As a security professional, I attend many conferences and networking events. I often overhear people at these events use the following exit line: “It was great meeting you. I’ll be sure to add you on LinkedIn.” Many people use LinkedIn as a virtual business card or an online resume. While LinkedIn is a great networking tool, it can also be used for...
Blog

Google Releases Security Update for Chrome 49

Google has patched three security issues in Chrome 49, the most recent version of its popular web browser. On Tuesday, the United States Computer Emergency Readiness Team (US-CERT) released a bulletin announcing the tech giant's latest round of patches. "Google has released Chrome version 49.0.2623.87 to address multiple vulnerabilities for Windows...
Blog

Rosen Hotel chain was hit by credit-card stealing malware for 17 months

Did you visit a Rosen Hotels & Resorts property between September 2014 and February 2016? If so, there's a chance that your credit card details may be in the hands of a criminal gang. Rosen Hotels has published a statement on its website, revealing that it is the latest in a long line of hotel chains and retailers to have suffered at the hands of...
Blog

Why Your Tech Friends Always Seem Stressed Out

Have you ever noticed that your friends (or family) who work in technology seem a bit more stressed than the average hedge-fund trader? One would expect that a person who deals with multi-million dollar deals would be on the high-end of the stress spectrum, whereas a person who deals mainly with bits and bytes would be far less stressed. A recent...
Blog

VERT Threat Alert: March 2016 Patch Tuesday Analysis

Today’s VERT Alert addresses 13 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-660 on Wednesday, March 9th. Ease of Use (published exploits) to Risk Table Automated Exploit Easy ...
Blog

£8,000 Telephone Scam Costs Victim Her Daughter's Wedding Fund

A telephone scam has conned a woman out of £8,000, half of which was set aside to help pay for her daughter's wedding. The Courier reports that Sylvia Bentley, 65, a Coupar Angus pensioner, was recently contacted by con artists who claimed they were employees of her TV provider. Those scammers, in turn, tricked Bentley into granting them remote...
Blog

Fully Patched, But Still Vulnerable

Tripwire isn't a patch management company, so why we conducted an extensive survey on patch fatigue is a worthwhile question to ask. The fact is, we spend a lot of time talking about and working with patches, even though we never actually deploy one for a customer. We spend so much time on patching because we're a vulnerability management vendor....
Blog

5 Tips for Detecting Suspicious Changes in Your Network

In a world where we must assume our enterprises have already been breached, monitoring the perimeter is too little, too late. Continuous monitoring, a la CDM, tells you where you are vulnerable and what to fix, but not where you are already bleeding. In my post on why change detection is so important, I talked about the growing importance of change...
Blog

Chess Lessons for Security Leaders – Part 2

In Part 1 of this article series, we considered the specific elements that make up the game of chess and how they parallel the core elements of effective security programs. In Part 2, we’ll look at some fundamental chess concepts, such as time, space, material and structure, and how these ideas parallel concepts in security. We’ll also cover the...
Blog

U.S. DoD Announces ‘Hack the Pentagon’ Bug Bounty Program

The US Department of Defense (DoD) announced last week the first ever cyber bug bounty program in the history of the federal government, inviting vetted hackers to test the security of the department’s network, website and applications. Dubbed “Hack the Pentagon,” the agency said its pilot bug bounty program is modeled after similar competitions...
Blog

Fully Functional Ransomware Targeting OS X Users

A fully functional ransomware has been observed targeting OS X users by posing as infected BitTorrent installer files. On Saturday, users of Transmission, a free BitTorrent client, began posting on the site's forum that whenever they attempted to download Transmission 2.90 on their Macs, a message would pop up warning them that the BitTorrent...