Resources

December 2017: The Month in Ransomware
Blog

December 2017: The Month in Ransomware

By Tripwire Guest Authors on Mon, 01/08/2018
Ransomware activity was on a fairly high level till mid-December but slowed down by the end of the month, perhaps due to threat actors’ holiday spree. Some of the newsmaking events included the onset of the first-ever blackmail virus targeting network-attached storage devices, the breach of California's voter database, and arrests of CTB-Locker and...
Blog

hiQ v. LinkedIn – Who Controls Your Publicly Available Data?

By Hudson Harris on Sun, 01/07/2018
The internet is vast and full of data that is publicly available to anyone with the time, or technology, to mine for insights. You can find everything from years of NYC taxi cab data and Uber information to more obscure datasets about every Jeopardy question in history or every single Iowan liquor store receipt since 2014. The volume of data availability is staggering, and it's poised to only grow...
VERT Threat Alert: August 2018 Patch Tuesday Analysis
Blog

VERT Threat Alert: CPU Vulnerabilities - Meltdown and Spectre

By Lamar Bailey on Fri, 01/05/2018
Vulnerability Description Meltdown and Spectre are hardware design vulnerabilities in CPUs utilizing speculative execution. While the defect exists in the hardware, mitigations in operating systems are possible and are currently available. CPU hardware implementations are vulnerable to side-channel attacks referred to as Meltdown and Spectre. The...
VERT Threat Alert: August 2018 Patch Tuesday Analysis
Blog

VERT Threat Alert: January 2018 Security Updates

By Tyler Reguly on Thu, 01/04/2018
Today’s VERT Alert addresses the Microsoft January 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-759 on Friday, January 5th. We are not yet certain if this release contains all January updates or if Tuesday will see a second set of updates released. In-The-Wild & Disclosed CVEs ...
Spectre and Meltdown: What you need to know
Blog

Spectre and Meltdown: What you need to know

By Craig Young on Thu, 01/04/2018
If this first week is any indication, 2018 could mark a significant paradigm shift in trusted computing and open source hardware. Chip makers have been very effective in making enhancements to greatly improve application performance, but the revelation of Spectre and Meltdown makes it clear that more attention needs to be paid to hardware level...
Blog

HIPAA – A Guide to Compliancy

By Tripwire Guest Authors on Wed, 01/03/2018
HIPAA compliance makes sense if you understand all the rules, but unfortunately, only a few have the time, resources and training invested. Most healthcare professionals understand the importance of PHI, and their intentions would never be to purposely place this information at risk. The challenge is that these professionals earn their living by providing the services that they spent eight years...
Blog

Word Crimes Part 3 – Developing Cybersecurity Vision, Mission & Strategy Statements

By Tripwire Guest Authors on Wed, 01/03/2018
As we introduced in part 1 and part 2 of this “word crimes” series, cybersecurity terminology is important, especially when representing our profession. In this final installment, we have broadened the scope as it relates to business terminology. It is vitally important for cybersecurity professionals, including current and future leaders, to understand the nuances between common business...
Riviera Beach Pays Nearly $600K to Recover Data after Ransomware Attack
Blog

School District to Spend $314K on Rebuilding Servers after Malware Attack

By David Bisson on Wed, 01/03/2018
A school district in North Carolina intends to spend $314,000 on rebuilding more than a dozen servers affected by a malware attack. On 27 December 2017, the board for Rockingham County School District held an emergency meeting and voted 7-1 to approve a 12-month, $314,000 service contract with Georgia-based technology solutions provider ProLogic ITS...
Blog

It’s 2018, Secure Your Budgets with Secure Configurations!

By Irfahn Khimji on Tue, 01/02/2018
Happy 2018, everyone! With the start of a new year, everyone makes resolutions that they may or may not be able to keep. One of the most common New Year’s resolutions (and arguably the most difficult to keep) is to exercise, get healthy, and/or lose weight. This is a common thread in businesses, as well, as we see many organizations make the resolution to trim the fat, cut budgets, and do more...
Foundational Controls for Integrity Assurance - Part I
Blog

Foundational Controls for Integrity Assurance - Part I

By Editorial Staff on Tue, 01/02/2018
Among organizations today, there's not enough focus on where digital security matters, that is, setting up the challenge/risk. Let’s come right out and say it: if you haven’t been hacked yet, you soon will be. This is not a surprise to you. You know this. We know this. Other companies know this. And yet, we saw WannaCry spread to hundreds of...
Internet of Things In Healthcare - What to Expect in 2018?
Blog

Internet of Things In Healthcare - What to Expect in 2018?

By Tripwire Guest Authors on Mon, 01/01/2018
We are heading into an era which embraces the Internet of Things (IoT), artificial Intelligence (AI), and machine learning (MI) that have immensely overturned the tech world. With particular reference to IoT, it has profoundly impacted global commerce and lifestyle. If this existing pace remains consistent, then it wouldn’t be onerous to predict the...
Women in Information Security: Roselle Safran
Blog

Women in Information Security: Roselle Safran

By Tripwire Guest Authors on Mon, 01/01/2018
Last time, I had the honor of speaking with Tiffany Gerstmar. Her work with the US Navy led to her become a cybersecurity policy professional. In this final interview of the current series, I got to speak with Roselle Safran. Not unlike Tiffany, work in US government agencies also helped her to get where she is today. Now she's the president of...
Riviera Beach Pays Nearly $600K to Recover Data after Ransomware Attack
Blog

Data Breach Potentially Struck Tallahassee Utility Customers

By David Bisson on Fri, 12/29/2017
A data breach at a payment processor might have compromised the personal and financial information of some Tallahassee utility customers. Tallahassee Treasurer Clerk Jim Cooke is warning that a breach at TIO Networks, a company used by Florida's capital to help people pay their bills, might have affected an untold number of utility customers in the...
Riviera Beach Pays Nearly $600K to Recover Data after Ransomware Attack
Blog

Data Breach Exposes 300K RootsWeb Users' Login Credentials

By David Bisson on Thu, 12/28/2017
A data breach has exposed the login credentials belonging to 300,000 users of RootsWeb, a service owned and sponsored by Ancestry.com. On 4 December 2017, someone posted a file containing the usernames and plaintext passwords of 300,000 users to a hacker forum. An analysis of the dump, which was...
The State of Security in Industrial Control Systems
Blog

The State of Security in Industrial Control Systems

By Editorial Staff on Wed, 12/27/2017
The main challenge for industrial control systems is that the processes that control those systems are connected to critical infrastructure such as power, water, gas, and transport. This means they require high availability, and it is not easy to interrupt those systems to apply security updates. Effects of any downtime means that it can affect...
The Top 10 State of Security Articles of 2017
Blog

The Top 10 State of Security Articles of 2017

By Joe Pettit on Wed, 12/27/2017
With 2017 coming to a close, we wanted to give our readers an overview of some of the most interesting, educational, and standout blogs from the year to help fill the time between Christmas and the New Year. My favourite State of Security blogs from 2017 Pentest Toolbox Additions 2017 It´s becoming a yearly tradition, but one our readers and I...