“Cyber” is not an appropriate category of risk. Often cited in 10-K reports, discussed by board directors and C-suite executives, and referenced by Enterprise Risk Management (ERM) or Governance, Risk and Compliance (GRC) professionals, the category merely perpetuates ambiguity and lack of understanding related to all things “cyber.” Because of this...

Recently, an incident commonly referred to as “stackoverflowin” swept social media. On February 4, 2017, a 17-year-old hacker from the UK using the alias ‘stackoverflowin’ decided on a whim to do some printing. He printed quite a bit. In fact, he printed so much that it started to trend on Twitter. That’s because he printed to every open printer on...

An Android trojan is using SMS phishing texts (or "smishing" messages) to prey upon unsuspecting South Korean mobile users. In July 2017, users uploaded to South Korean websites screenshots of texts asking them to click on suspicious shortened links. One message warns recipients that someone might have leaked a private picture of them to the web....

Cyber security is a relatively new concern to the healthcare sector. Most organizations began looking into it in just the past five years. Given this still-nascent focus, there have been some real lows for healthcare and highs for cyber attackers. Good News to Start There's some good news to share with respect to healthcare providers (acute and...

Your cyber security department has some big hurdles when it comes to hiring. In IT, 10 percent of all job postings are in cyber, and the growth rate is 2x faster than other IT jobs. There will be 1.5-2 million unfilled cyber jobs by 2019. Currently, cyber job postings take 24 percent longer to fill than other IT jobs and 35 percent longer to fill...

Wannabe computer criminals can now easily create Android ransomware thanks to what are known as trojan development kits (TDKs). TDKs automate the process of developing new mobile malware by leveraging a version of the computer-aided software engineering (CASE) tool model. These device-aided malware engineering (DAME) utilities enable an actor to...

2017 is a busy year for The National Institute of Standards Technology (NIST). In January 2017, the lab and federal non-regulated agency organization updated its Cyber Security Framework, a risk-based guideline which organizations can leverage to combat ransomware and other digital threats. Additionally, who can forget the December 2017 deadline for...

Malware is spreading via Facebook Messenger as part of an attack campaign designed to infect users with multi-platform digital threats. In early August, Kaspersky Lab senior security researcher David Jacoby received a curious message via Facebook's messenger service. The message originated from one of his friends with whom he rarely speaks on the...

Electronic Health Record (EHR) systems have been around for over 40 years. The adoption surge came in the United States with an Executive Order for nationwide deployment in 2014. Today, they are the heart for most healthcare providers. The value of EHRs has been well-documented, offering improved patient care while improving organizational...

Bad actors commonly abuse LinkedIn to launch digital attacks. With over 500 million members spread across 200 countries, the professional networking site contains crucial information that nefarious individuals can use to attack nearly any organization and its corporate data. They just need to establish an initial foothold in the company. Most of the...

A California city has temporarily shut down its online utility bill payment system amid fears that the portal suffered a breach. On 22 August 2017, the City Manager's Office of Oceanside, CA announced a possible security incident affecting its online bill payment system that residents can use to pay their utility (water, sewer, and trash) bills. As...

All CISOs know at least one story of a penetration test that went wrong. And many of them can share stories of penetration tests that went deeply wrong. For this reason, it is a worthwhile exercise to take account of best practices in managing such engagements. This is important for modern enterprise security teams given the prominent role...

The UK’s National Health Service (NHS) has reportedly fallen victim to another massive cyber-attack, exposing the confidential records of up to 1.2 million patients. According to reports, an unknown hacker claimed to exploit a weakness in the NHS’ appointment booking system, SwiftQueue. The vendor is contracted by eight NHS trusts to manage booked...

Identity thieves are porting users' mobile phone numbers to devices under their control in order to hijack their web accounts. This type of attack begin when hackers call up a mobile service provider. Using a bit of social engineering, the bad actors convince an agent at the provider to transfer control of a target mobile phone number to a device...

A common best practice in any field is to benchmark performance or results against industry norms. Based on comparison results, adjustments or business decisions can be made. In the case of industrial control systems (ICS), security benchmarking is a challenge because there isn’t a lot of data available and it’s not as extensive or granular as...

As much as Facebook has brought many people from the remotest parts of the world together, connecting them over vast expanses of space and time, the platform has become one of the major distributors for cybercriminals. Their malicious intent is to spread viruses, malware and spyware throughout the abyss that is the internet. Being able to target...

Friday, August 18th was Bad Poetry Day. To celebrate, Tripwire decided to ask some of it's employees and friends in the community to share some of their security poems with us. Some folks tweeted theirs out using the hashtag #tripwirebadpoetryday. Others sent them in. Here are some of our favorites: Roses are red, Violets are blue Tripwire is...

New Jersey law enforcement has arrested a couple for abusing a vulnerability affecting Lowe's website in order to steal merchandise. On 15 August, Ocean County Prosecutor Joseph D. Coronato and Brick Township Police Chief James Riccio announced the arrests of Romela Velazquez, 24, and Kimy Velazquez, 40. Together, the couple allegedly orchestrated a...

How prepared are you for the NERC CIPv5 audit? Maybe you’re ready to jump in with both feet, maybe you have no idea where to start, or maybe you’re somewhere in the middle. No matter where you land, there are some best practices to help you along the way. While I can’t promise to rid you of all past sins and violations, I do have pointers based on...

Bad actors are constantly looking for ways to target unsuspecting users with malware or other digital threats. To increase the likelihood of a successful infection, these nefarious individuals incorporate holidays, current events and significant dates into their attack campaigns. It's, therefore, no surprise that digital miscreants are capitalizing...