Resources

Blog

The Principle of 'Least Privilege' in the World of Cybersecurity

The principle of least privilege in cybersecurity prescribes that no user should have access to system resources beyond what's necessary for fulfilling a specific task. Adhering to this principle has become essential, as one of the primary ways malicious actors breach a system is by compromising (legitimate) user access. The 2020 Global State of...
Blog

Protecting a New Vulnerable Population on the Internet

On a Mission of Protecting Abraham Lincoln is credited with saying that “A lawyer’s time and advice are his stock and trade.” Whether the quote is mis-attributed to Lincoln is irrelevant to the greater message, which is that attorneys are “knowledge workers.” To state it as bluntly as one attorney once explained to an executive where I worked, “My...
Blog

#TripwireBookClub – The Crypto Dictionary

Welcome back to #TripwireBookClub. If you recall, the last book we reviewed was The Ghidra Book: The Definitive Guide, a book that I thoroughly enjoyed because I’m a huge fan of everything Chris Eagle writes. This time, we’re looking at Crypto Dictionary: 500 Tasty Tidbits for the Curious Cryptographer. I am by no means a cryptography expert, so I...
Blog

Overcoming Compliance Issues in Cloud Computing

The benefits of organizations moving some or all their IT workloads to the cloud are well-known and numerous. There are several challenges to successful cloud adoption, though, and one of the most important of them is compliance. Whether your cloud use case is low-cost data storage, scaling your infrastructure for critical business apps or disaster...
Blog

Tripwire Patch Priority Index for May 2021

Tripwire's May 2021 Patch Priority Index (PPI) brings together important vulnerabilities from Google Chrome, Adobe and Microsoft. First on the patch priority list this month are patches for macOS (CVE-2021-30657) and Google Chrome (CVE-2021-21220). Exploits for these vulnerabilities have been recently added to the Metasploit Exploit Framework....
Blog

2021 Cybersecurity: Mitigating Mobile Security Risks for CISOs

Cybersecurity has always been a significant challenge for businesses, mostly due to the increasing financial and reputational cost of data breaches. As a result, there has been a consistent rise in tactics and technologies used to combat these threats. These methods fulfill the need for better, smarter ways to augment enterprise-level security and...
Blog

Impact of GDPR on Cloud Service Providers

Cloud computing is an integral part of most businesses globally. Technology has transformed the way businesses operate and thrive in the industry. However, the cloud industry has been facing huge challenges when it comes to complying with various data protection and data privacy standards. With the enforcement of the General Data Protection...
Blog

5 Things to Do with MITRE ATT&CK – Tips and Tricks Special

MITRE ATT&CK stands for MITRE Adversarial Tactics, Techniques and Common Knowledge. It’s a curated knowledge base of adversarial behavior based on real-world observation of APT campaigns. The original impetus for the project was to answer the question, “How are we doing at detecting documented adversary behavior?” MITRE ATT&CK v1 was released in...
Blog

IT Network Attacks Can Impact Your OT Networks, Too

On May 8th, I was at a gas station filling up my car before a trip I was taking when the news about a cyberattack against a large pipeline company broke. The attack led them to halt all operations. Ultimately, the incident stemmed from a ransomware infection in which a well-known threat actor took volumes of corporate data in just two hours and made...
Blog

Google’s Office of the CISO Points the Way Towards Scaling Security

Amazon's, Google's and Microsoft’s experiences with building massive infrastructures for the world allows for some fascinating insights into the future of IT security at scale. As a result, when Google published The CISO’s Guide to Cloud Security Transformation earlier this year, I was curious about what priorities they saw in cloud security. It’s a...
Blog

Hacker Tools Used for Good as Exposed Amazon Cloud Storage Accounts Get Warnings

Responding to the all too familiar news of compromised Amazon cloud storage, security researchers have begun leaving “friendly warnings” on AWS S3 accounts with exposed data or incorrect permissions. The misconfiguration of access control on AWS storage “buckets” has been behind numerous high profile data breaches, including Verizon, The Pentagon,...