Resources

Blog

The 6 Top Tips of Things to Do at Black Hat USA 2019

Are you going to Black Hat USA 2019? If you are, you’re no doubt counting down the days until 3-8 August when you can join the thousands upon thousands of security professionals at the Mandalay Bay Resort and Casino in Las Vegas, Nevada. But if you’ve been to any of its other 21 iterations, you probably know that this conference can be a bit...
Blog

Gadsden Independent School District Discloses Malware Attack

Gadsden Independent School District (GISD) announced that it was working to recover from a malware infection on its network. Travis L. Dempsey, superintendent of the Sunland Park school district, posted a notice about the attack on GISD's website. Our Technology Department has been working to address...
Blog

The Creation of Captain Tripwire: A Cyber Security Comic Book

It’s that time of year again where Black Hat and DEF CON are fast approaching and everyone interested in security will descend upon Las Vegas. While Craig Young will be there with his sold out Introduction to IoT Pentesting with Linux, I will be keeping my 2008 promise to myself and avoiding Vegas like the plague. I am, however, happy to announce...
Blog

Sephora Reveals Breach Might Have Affected Southeast Asian Customers

Sephora has revealed that a data breach might have exposed the personal information of customers based in Southeast Asia, Australia and New Zealand. On 29 July, the multinational chain of personal care and beauty stores sent out a notice announcing that a digital security incident had potentially infected the personal information of customers based...
Blog

NCSC Active Cyber Defence Report 2019: Evidence Based Vulnerability Management

On 16 July 2019, UK’s National Cyber Security Centre (NCSC) released the second annual report of the Active Cyber Defence (ACD) program. The report seeks to show the effects that the program has on the security of the UK public sector and the wider UK cyber ecosystem. The Active Cyber Defence Program NCSC was set up in 2016 to be the single...
Blog

How Will Brexit Affect Cybersecurity for UK Organizations?

As a vendor, Tripwire gets asked a lot of questions from customers and potential clients about how developments in the wider world might affect digital security. One of those forces that’s on everyone’s mind is Brexit. Representatives from some of our potential customers as well as our existing clients are asking us what to focus on and what to do....
Blog

Johannesburg Electricity Provider Falls Victim to Ransomware Attack

A company responsible for providing electricity to the South African city of Johannesburg disclosed that it fell victim to a ransomware attack. On 25 July, City Power disclosed on Twitter how the attack had affected all of its databases and applications as well as its network. https://twitter.com/CityPowerJhb/status/1154277777950093313 In subsequent...
Blog

Ask the Experts: What Will Have the Greatest Impact on ICS Security in the Next 5-10 Years?

As we noted in August 2018, industrial control system (ICS) security has become more complicated since the introduction of the web. Organizations are now bringing together the logical and physical resources of both information technology (IT) and operational technology (OT). This creates various ICS security challenges, including how each team must...
Blog

Lancaster University Says Phishing Attack Behind Data Breach

Lancaster University has revealed that a successful phishing attack resulted in a data breach involving the data of its students and applicants. On 22 July, the public research university announced on Twitter that it had suffered a "sophisticated and malicious phishing attack." This tweet linked to a security update published on the school's website...
Blog

Three Adware Apps Used Clever Tactics to Hide on Android Devices

Researchers detected three apps that leverage clever tactics to hide on Android devices so that they can display adware to users. The three adware distributors (com.colors.drawing.coloring, hd4k.wallpapers.backgrounds, and launcher.call.recorder) each had more than 10,000 downloads when Bitdefender Labs first came across them. Its researchers think...
Blog

Six System and Software Vulnerabilities to Watch Out for in 2019

Wouldn’t it be an easier life if we didn’t have to worry about the exploitation of vulnerabilities in solutions and software on which we have spent good time and resources? A world where correctly configured systems configured were left alone to perform their functions until they became redundant and/or needed replacing? It is a beautiful dream....
Blog

FaceApp Concerns: Myth or Mess?

There’s a lot of conversation regarding FaceApp right now. I have friends talking about it on Facebook, politicians are tweeting about it, CNN and Forbes have reported on it, and my favorite YouTuber Philip DeFranco covered it. People around the world are torn on the privacy implications of this application, yet the person who started this dumpster...
Blog

Multi-Cloud Security Best Practices Guide

A multi-cloud network is a cloud network that consists of more than one cloud services provider. A straightforward type of multi-cloud network involves multiple infrastructure as a service (IaaS) vendors. Can you use AWS and Azure together? For example, you could have some of your cloud network’s servers and physical network provided by Amazon Web...
Blog

Communication – The Forgotten Security Tool

Security professionals have many tools in their toolbox. Some are physical in nature. (WireShark, Mimikatz, endpoint detection and response systems and SIEMs come to mind.) Others not so much. (These assets include critical thinking faculties, the ability to analyze complex processes, a willingness—some call it a need—to dig in and find the root...
Blog

Ransomware Attack Disrupts Some Services at Onondaga County Libraries

A crypto-ransomware attack has disrupted some services at all library locations across Onondaga County in New York State. On 16 July, the Onondaga County Public Library system published a tweet in which it explained that many of its public services were unavailable. https://twitter.com/OCPL_CNY/status/1151123985616244736?ref_src=twsrc%5Etfw WSYR-TV...
Blog

Back to Basics: Infosec for Small and Medium-Sized Businesses

Too many small and medium-sized businesses (SMBs) are under the belief that purchasing “This One Product” or “This One Managed Service” will provide all the security their network requires. If this were true, large corporations with huge IT budgets would never have data breaches! Before you start buying expensive new technology to protect your...