Insurance company State Farm revealed that a digital security incident might have exposed their customers' personal information. In August 2019, ZDNet obtained a copy of a letter in which State Farm disclosed a data breach. The insurance company specifically revealed that a bad actor had conducted a credential stuffing attack. This type of operation...

About a decade ago, organizations were hesitant to adopt cloud solutions, with many citing security concerns. Fast forward to 2019, and 81% of organizations have a multi-cloud strategy, spurred on by the desire for increased flexibility, usage-based spending and desire to respond to market opportunity with greater agility. In fact, organizations are...

The recent Tripwire blog ‘7 Habits of highly effective Vulnerability Management’ by Tim Erlin was a great read with some sage advice on the always relevant security topic of VM. I noticed, however, that although the seven points themselves were all Tim’s own, the title snappily paraphrased Steven Covey’s classic management book. This made me think....

American multinational conglomerate holding company AT&T has announced the launch of its public bug bounty program on HackerOne. Revealed on 6 August, the new program will award security researchers who submit reports on eligible vulnerabilities that affect AT&T's websites, mobile apps, devices and exposed APIs. In-scope flaws include weaknesses...

In a recent blog post for the State of Security, we asked security experts what they thought would make the biggest impact on the security of industrial control systems (ICS) in the next 5-10 years. They gave numerous answers, but perhaps the most frequent response was the ongoing IT-OT convergence in industrial organizations. Our experts felt that...

Cybersecurity breaches and regulatory compliance are this year's themes. Marriott was sued and fined $124 million for their data breach back in 2014, according to The Wall Street Journal. Capital One leaked 100 million credit applications including Social Security Numbers. Both LabCorp and Quest Diagnostics exposed millions of patients’ medical...

When malware sneaks inside your network, it needs to communicate back to the internet whether to exfiltrate sensitive datasets it found, accept commands of its evil masters or even simply let them know it has successfully infiltrated your infrastructure (with ransomware being one of the rare exceptions that doesn't need such connection). Somehow,...

The City of Murfreesboro has disclosed a security incident involving the online portal for its Water Resources Customer webpage. In early August, IT personnel for the Rutherford County municipality detected some security issues affecting the online portal for the Water Resources Customer webpage. Tennessean reported that they decided to shut down...

As someone who has worked for their entire career in the Managed Network Services space, if I had to pick out, over the past five years, two of the most impactful shifts in managing technology, it would be a shift from traditional, in-house servers to solutions where 3rd parties build “clouds” to provide similar business functions as well as the...

The Case for Security Awareness Training Cybersecurity and cyber security awareness are critical to business survival in an era dominated by growing virtual crime. It might be true that most people know about costly identity theft and reputation-destroying network hacks. Organizations spend millions every year trying to defend themselves against...

Security researchers detected and blocked over 65,000 attempts to steal credit card information from compromised online stores during the month of July. In July, Malwarebytes found that the majority (53.5 percent) of stolen credit card details originated from shoppers located in the United States. Canadians were the second most-prevalent group of...

Automotive giant Honda has shut down an exposed database that contained sensitive information about the security -- specifically the weak points -- of its internal network. Security researcher Justin Paine discovered the sensitive information after scouring the internet with Shodan, a specialist search engine which can be used to find exposed...

The Cybersecurity and Infrastructure Security Agency (CISA) has warned of insecure CAN bus network implementations affecting aircraft. On 30 July, CISA explained that attackers could target aircraft by exploiting insecure implementations of their CAN bus networks, tools which allow separate devices...

Are you going to Black Hat USA 2019? If you are, you’re no doubt counting down the days until 3-8 August when you can join the thousands upon thousands of security professionals at the Mandalay Bay Resort and Casino in Las Vegas, Nevada. But if you’ve been to any of its other 21 iterations, you probably know that this conference can be a bit...

Gadsden Independent School District (GISD) announced that it was working to recover from a malware infection on its network. Travis L. Dempsey, superintendent of the Sunland Park school district, posted a notice about the attack on GISD's website. Our Technology Department has been working to address...

The FBI has arrested a 33-year-old software engineer in Seattle as part of an investigation into a massive data breach at financial services company Capital One. Paige A. Thompson, also known by the online handle "erratic," has been charged with one count of computer fraud and abuse, after an investigation uncovered that a hacker had broken into...

It’s that time of year again where Black Hat and DEF CON are fast approaching and everyone interested in security will descend upon Las Vegas. While Craig Young will be there with his sold out Introduction to IoT Pentesting with Linux, I will be keeping my 2008 promise to myself and avoiding Vegas like the plague. I am, however, happy to announce...

Sephora has revealed that a data breach might have exposed the personal information of customers based in Southeast Asia, Australia and New Zealand. On 29 July, the multinational chain of personal care and beauty stores sent out a notice announcing that a digital security incident had potentially infected the personal information of customers based...

On 16 July 2019, UK’s National Cyber Security Centre (NCSC) released the second annual report of the Active Cyber Defence (ACD) program. The report seeks to show the effects that the program has on the security of the UK public sector and the wider UK cyber ecosystem. The Active Cyber Defence Program NCSC was set up in 2016 to be the single...

As a vendor, Tripwire gets asked a lot of questions from customers and potential clients about how developments in the wider world might affect digital security. One of those forces that’s on everyone’s mind is Brexit. Representatives from some of our potential customers as well as our existing clients are asking us what to focus on and what to do....