Resources

Blog

A DevOps Model: What It Is and Why It's Beneficial

Software development has changed significantly in recent years. This transformation is, in part, a response to challenges resulting from the traditional waterfall software development model. Under the old process, a software company receives a deadline for creating a product that's ready to roll out to customers. The firm activates its team of...
Blog

Twitter Asks Users to Change Passwords After Finding Internal Log Bug

Twitter is asking its more than 330 million users to change their passwords after it discovered a bug within one of its internal logs. On 3 May, CTO Parag Agrawal announced the discovery of a weakness that had undermined Twitter's secure storage of users' passwords. He explained that Twitter uses the bcrypt cryptographic hashing algorithm to convert...
Blog

Kitty malware gets its claws into Drupal websites to mine Monero

Websites running vulnerable versions of the Drupal content management system are being targeted by the latest incarnation of the Kitty malware family. Security researchers at Incapsula report that Kitty is attempting to hijack servers using the highly critical Drupalgeddon 2.0 remote code execution exploit (CVE-2018-7600), which was made public at...
Blog

Phishers Leveraging GDPR-Themed Scam Emails to Steal Users' Information

Phishers are using scam emails that leverage the European Union's General Data Protection Regulation (GDPR) as a theme in an attempt to steal users' information, a security firm found. Researchers at managed threat detection solutions provider RedScan came across one such phishing message that appeared to originate from Airbnb. The scam email, which...
Blog

The FBI’s 10 Most-Wanted Black-Hat Hackers – #7 and #6

The FBI's 10 most-wanted black-hat hackers countdown continues this week with No. 7 and No. 6: the co-conspirators Bjorn Daniel Sundin and Shaileshkumar “Sam” P. Jain. On 26 May 2010, the U.S. District Court of Northern Illinois indicted Sundin, Jain and a third suspect for one count of conspiracy to commit computer fraud, one count of computer...
Blog

Man Pleads Guilty to Sicking Army of Spambots on Twitch

A 20-year-old man has pleaded guilty to targeting more than a thousand members of streaming video platform Twitch with an army of spambots. On 1 May, Brandan Lukas Apple confessed to a charge of "mischief in relation to computer data" before a Port Coquitlam provincial court judge. The court responded by handing down a four-month conditional...
Blog

Integrity Management: What It Is and How It Can Protect Your Data

In a previous article, I noted that organizations are witnessing a surge in integrity-based attacks targeting their networks. Enterprises can defend themselves against these types of threats by turning to the National Institute of Standards and Technology (NIST) Cybersecurity Framework. They can then pair the risk-based approach with NIST SP 800-53...
Blog

Women in Information Security: Jen Fox

Last time, I got to speak with Leanne Williams. As a pen testing professional, she knows there’s a lot more to penetration testing than pointing a network vulnerability scanner at an IP address. This time I had the pleasure of chatting with Jen Fox. She’s all about cybersecurity in the very challenging compliance space. Kim Crawley: Tell me a bit...
Blog

Lending Website Cites GDPR Concerns as Reason Why It Shut Down

A lending website ceased all operations over concerns with the European Union's General Data Protection Regulation (GDPR). Chris Beach, the founder of Streetlend.com, decided to shut down the service after five years of operation due to uncertainty and risk created by the GDPR. He explained in a message posted to the site that the penalties...
Blog

Security Controls: The Key to Ensuring 'Security in the Cloud'

Organizations face a number of security challenges when migrating to the cloud from on-premise data centers. Their work isn't done once they've completed the move, either. At that stage, enterprises must decide on the best approach to fulfill their end of the Shared Responsibility Model and ensure "security in the cloud" with respect to protecting...
Blog

Canadian Government Unveils New Data Breach Regulations

The government of Canada has unveiled new regulations that specify how organizations must report and respond to a data breach. The Canadian Parliament in Ottawa, Canada. (Source: Wikipedia) On 18 April, the Governor General of Canada released the Breach of Security Safeguards Regulations (SOR/2018-64...
Blog

Why We Believe Georgia's S.B. 315 Bill Will Increase Cybersecurity Risk

In 2017, an independent security researcher discovered that a vulnerability had been exploited in the Kennesaw State University Election Center. The researcher responsibly reported the breach to authorities. In response, the Georgia Attorney General’s office requested that a bill be drafted to criminalize any unauthorized access to any computer or...
Blog

Women in Information Security: Leanne Williams

Last week, I had the pleasure of talking to Tripwire’s own marketing specialist, Cindy Valladares. Marketing fits a valuable and overlooked need in the cybersecurity field. Cindy’s creative talent for bringing out the best in people helps Tripwire shine in this industry. This time, I got to chat with pen testing whiz Leanne Williams. Enjoy! Kim...
Blog

Medical Device Security Standards

Medical devices can be vulnerable to security breaches in the same way as any other networked computing device. This may potentially affect its safety and effectiveness. The FDA (Food and Drug Administration) has issued final guidelines for manufacturers to consider cybersecurity risks as part of their medical device design and development. Its...