Resources

Blog

Women and Nonbinary People in Information Security: Magda Chelly

This is now my third year of interviewing women in information security for Tripwire’s The State of Security. My experience has been amazing so far. I have learned so much from so many people – a few of whom were transgender and one nonbinary. In response to this diversity of viewpoints, I decided to rename my spring 2019 series to be more inclusive...
Blog

Tripwire Patch Insanity: The Challenge

Welcome to Tripwire Patch Insanity! Comprised of 26 vulnerabilities divided into two conferences and four divisions, the goal of this tournament is to declare which named vulnerability is king of Patch Insanity! The original list of named vulnerabilities was taken from Hanno Böck’s named vulnerabilities repo. Any entries that did not have published...
Blog

When Is a Data Breach a Data Breach?

A data breach remains a common headline in the news cycle. A different company, website or social network reports a security issue almost daily. If it feels like using the internet has become a risky endeavor, the feeling is accurate. But what exactly classifies an event as a data breach? The world wide web is littered with different security gaps...
Blog

Is the Private or Public Cloud Right for Your Business?

It wasn’t a very long time ago when cloud computing was a niche field that only the most advanced organizations were dabbling with. Now the cloud is very much the mainstream, and it is rare to find a business that uses IT that doesn’t rely on it for a part of its infrastructure. But if you're going to add cloud services to your company, you will...
Blog

'Bad Tidings' Phishing Campaign Targeting Saudi Government Agencies

An ongoing phishing campaign code-named "Bad Tidings" has been targeting several Kingdom of Saudi Arabia government agencies for years. Researchers at Anomali Labs first detected the Bad Tidings campaign back in November 2016. Since then, the operation has targeted four government agencies in Saudi Arabia: the Ministry of Labor and Social...
Blog

New Sextortion Scam Tries to Scare Users with Fake CIA Investigation

Extortionists have launched a new sextortion scam campaign that leverages a fake Central Intelligence Agency (CIA) investigation to try to scare users. In an email I obtained from a wary user, the scammers pose as a fake CIA technical collection officer named Roxana Mackay. This character claims in the email that she's found the user's personal...
Blog

Cybersecurity ROI: An Oxymoron?

Return on investment: is it worth the money? That is the central question in deciding on any procurement. Demonstrating ROI on cybersecurity products is notoriously difficult and is one of the underlying reasons for the poor state of our nation’s cybersecurity posture. Ah, but here’s the rub: showing tangible ROI on cybersecurity products is...
Blog

Smarter Vendor Security Assessments: Tips to Improve Response Rates

I have been on the receiving end of many vendor security assessments from customers and prospects. Here are some tips to increase the likelihood that you’ll get a timely, usable response to the next vendor security assessment that you send out. Understand what data you will be providing One size doesn’t fit all. The level of attention and...
Blog

Like Football, Your Cybersecurity Defense Needs a Strong Offense

“The best defense is a good offense.” History credits Revolutionary War hero George Washington with being among the first to vocalize this concept, later famously echoed by heavyweight boxing champ Jack Dempsey and football god Vince Lombardi. And it’s easy to see what they mean. The idea is that being proactive—going on the offense instead of...
Blog

Attackers Sending Fake Copyright Infringement Notices to Instagram Users

Digital attackers are targeting high-profile Instagram users with fake copyright infringement notifications in a bid to hijack their accounts. Detected by Kaspersky Lab, this scheme begins when an Instagram influencer receives an email notification informing them that their "account will be permanently deleted for copyright infringement." The email...
Blog

How Easy Is It to Spoof a Caller ID?

Caller ID spoofing has become a real nuisance with machines and scammers hiding behind a number that they are not authorized to use. This creates the need to prevent illegitimate calls from using random numbers. In the meantime, have you ever wondered how easy it is to spoof a caller ID? What software is needed? There are many online services that...
Blog

Attackers Sending Out Fake CDC Flu Warnings to Distribute GandCrab

Digital attackers are sending out fake flu warnings that appear to come from the U.S. Center for Disease Control (CDC) in order to distribute GandCrab ransomware. An attack begins when a user receives a fake CDC email. The sender field claims that the email came from "Centers for Disease Control and Prevention." But a closer look reveals the sender...
Blog

US Senators say it shouldn't be a secret when they've been hacked

Take a look at the security headlines, and you'll see report after report of businesses and large organisations being hacked. Sensitive databases are accessed, passwords are stolen, email archives are plundered, innocent people are put at risk and corporations get a kick up the backside that they need to take security more seriously. But what you...
Blog

Understanding Vulnerability Scoring to Help Measure Risk

Understanding vulnerability scoring can be a daunting task, but a good starting point is first understanding risk and being able to distinguish risk from a vulnerability. Both have been used interchangeably throughout the years. A vulnerability is some aspect of a systems functioning, configuration or architecture that makes the resource a target of...