Resources

Blog

Cyber Security + Compliance Controls: What Does It All Mean, Rick?

I'm sure you have all seen the Rickie Fowler commercial where the interviewer rants about all of the confusing financial terms involved with getting a mortgage. If not, you can find it below: https://www.youtube.com/watch?v=Q1YqNTWOldY Confusion in Cyber Security Throughout my career, I have worked with hundreds of organizations. Regardless of the...
Blog

Unprotected Database Exposed 13.7M Users' Employment Information

An unprotected database made it possible for anyone on the web to view the personal and employment information of 13.7 million users. Security researcher and GDI Foundation member Sanyam Jain discovered the database and determined that it belonged to Ladders, a New York-based job recruitment site which specializes in high-end jobs. Jain then shared...
Blog

The Infamous Password

Passwords may not be the favourite piece of your workday, however, I have a theory – if I could share with you the value of a password and the reality of how simple they can be to create; then passwords may not be the monster you avoid. When you get the "your password expires in 5 days" notice, instead of feeling anxious or aggravated, let’s...
Blog

Mitigating Risks in Cloud Migration

Companies are moving to incorporate the cloud into their computing infrastructure at a phenomenal rate. This is, without question, a very positive move. It permits companies to scale processing resources up and down in response to changing demands, giving companies the operational equivalent of unlimited resources while paying only for the resources...
Blog

Tripwire Patch Priority Index for April 2019

Tripwire's April 2019 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Adobe, and Oracle. First on the patch priority list this month are patches for Microsoft's Browser and Scripting Engine. These patches resolve 13 vulnerabilities, including fixes for Memory Corruption, Browser Tampering, and Information...
Blog

Women and Nonbinary People in Information Security: Jenny Radcliffe

Last week, I spoke with bug bounty triager and Ubuntu fan Sophia Sanles-Luksetich. This week, I had the honor of speaking with social engineering specialist Jenny Radcliffe. Contrary to what a lot of Nigerian Princes would tell you, in my opinion social engineering is one of the most misunderstood areas of cybersecurity. Kim Crawley: Please tell...
Blog

Fraudster Posed as Jason Statham to Prey Upon Star-Struck Users

A digital fraudster posed as English actor and film producer Jason Statham to prey upon and steal money from star-struck users. A woman who asked not to be named said the scam began when someone posing as Statham contacted her while she was on a Facebook page dedicated to the actor. She thought it was nice that the actor had seemingly embraced ...
Blog

What Can League of Legends Teach Us About Cybersecurity?

The League of Legends game and human psychology are two things we don’t often associate with cybersecurity – but as an avid gamer, I encountered and observed many parallels between the tactics used to win games like League of Legends and the mentality that guides human behavior in general. Thus, when I began teaching security awareness and being a...
Blog

How Does Tripwire Map to the NIST SI-07 Control?

Keeping sensitive data and assets safe is the goal of regulatory cybersecurity frameworks like NIST (National Institute of Standards and Technology). But for government agency security professionals, staying compliant can feel like a Sisyphean task due to the complexity of applying the controls themselves. It’s especially difficult to attempt to...
Blog

Using Visibility to Navigate the Evolving Role of ICS Security

The current security state of industrial control systems (ICS) is a perplexing one. On the one hand, Kaspersky Lab found in a recent report that a majority of organizations (75 percent) regard ICS security as a major priority. On the other hand, organizations aren’t implementing the proper safeguards to secure their industrial control systems. The...
Blog

Operation ShadowHammer: Hackers planted malware code in video games

Last month the world was reminded once again of the danger of supply chain attacks, as it was revealed that hackers had compromised the network of Taiwanese technology giant ASUS to push out a malicious software update to as many as one million laptops. The attack, dubbed "Operation ShadowHammer" by security researchers, saw hackers successfully...
Blog

Washington State Legislature Passes New Data Breach Law

The Washington legislature has passed a bill that effectively expands the state's consumer data breach notification requirements. The Washington State Capitol (Source: Wikipedia) Previously, Washington-based organizations needed to notify consumers of a data breach only in the event that the security...
Blog

A Beginner’s Guide to PCI Compliance

PCI DSS, or the Payment Card Industry Data Security Standard, is the set of requirements for organizations who process card payments. Sounds simple enough, right? But PCI compliance can pose a major challenge to organizations if they’re not equipped with the proper knowledge and tools. Let’s take a quick look at the basics of PCI compliance, what...
Blog

Women and Nonbinary People in Information Security: Sophia Sanles-Luksetich

Last week, I had fun talking about the old-fashioned internet and defensive security with Liz Bell. This time, I spoke to bug bounty specialist Sophia Sanles-Luksetich. Did you know that Ubuntu was her first OS? Kim Crawley: Please tell me a bit about yourself and what you do. Sophia Sanles-Luksetich: I am a rookie information security consultant. I...
Blog

Drones as Cyber Weapons: A Reality, Not a Hyperbole

On the aftermath of the Mati wildfires in Greece that killed 100 people, the Greek Fire Department spokesperson made an announcement on June 2018, stating "Any manned and unmanned aircraft systems flights in an area of operations is a serious infringement and creates safety risks for flights. Any breach entails criminal and administrative liability....
Blog

'123456' Remains the World's Most Breached Password

"123456" remains the most common password which digital criminals abuse to steal unsuspecting users' sensitive information. On 21 April, the United Kingdom's National Cyber Security Centre (NCSC) partnered with security researcher Troy Hunt to publish the top 100,000 passwords from Hunt's Pwned Password service. Here are the top 20 passwords from...
Blog

Six Myths People Still Believe About GDPR

The General Data Protection Regulation (GDPR) came into force in May 2018, and by the letter of the law, virtually every business in the UK needs to comply with it. However, there are still some misconceptions surrounding the law and what it means to organisations. This can lead to difficult situations where mistakes can be made. Here are six myths...