Resources

Blog

Revised Critical Infrastructure Protection Reliability Standard CIP–003–7: What Are the Changes?

The U.S. Government is constantly working to improve its ability to respond to the growing threat of cyber-attacks facing the national power grid. Towards that end, the Federal Energy Regulatory Commission (FERC) approved the revised critical infrastructure protection reliability standards for cybersecurity management controls on April 19, 2018. The...
Blog

Apps that steal users' browser histories kicked out of the Mac App store

Apple has removed "Adware Doctor" from the macOS App Store amid claims that the program was uploading browser histories to China. Adware Doctor, which sold for $4.99 and was listed last week among the highest grossing apps in the "Paid Utilities" category of the macOS App Store, promised it would "keep your Mac safe", "get rid of annoying pop-up ads...
Blog

Beware of the New Way Crooks Can Drain Your Credit Card Account

This article describes one of the recent frauds used by cybercriminals to steal funds from people’s credit cards. Unfortunately, it is a simple one to pull off, so peruse the details below and make sure you don’t get on the hook. The malicious logic in a nutshell The malefactors use a legit remote access tool for mobile devices called AirDroid....
Blog

Tripwire Patch Priority Index for August 2018

Tripwire's August 2018 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft and Adobe. First on the patch priority list this month are patches for Microsoft's Internet Explorer, Edge, and Scripting Engine. These patches resolve 21 vulnerabilities, including fixes for Remote Code Execution, Elevation of Privilege,...
Blog

Use This NERC CIP v6 Standards Summary to Stay Compliant

Thanks to FERC’s Order 822, the North American Electric Reliability Corporation’s critical infrastructure protection standards, known as NERC CIP, are continually updated. Seven updated standards proposed by NERC for inclusion have now been accepted. April 1st, 2016, was the compliance deadline for the NERC CIP v5 requirements. Most of the newly...
Blog

An EHR Systems Check-Up: 3 Use Cases for Updating Cyber Hygiene

Have you ever wondered how much your patient health record could garner on the black market? Whereas a cybercriminal only needs to shell out a mere dollar for your social security number, your electronic health record (EHR) is likely to sell for something closer to the tune of $50. This is according to research firm Cybersecurity Ventures, who also...
Blog

How to Cultivate Security Champions at the Workplace

Good security engineers are hard to come by. What is a company to do? Not all companies can afford outrageous salaries to acquire one, much less a full team of security professionals. Even if those few companies can afford it today, how do they retain them? The answer to this is not simple and is realistically beyond the scope of one simple article...
Blog

#TripwireBookClub – Gray Hat Python

In this third installment of #TripwireBookClub, we look at “Gray Hat Python,” written by Justin Seitz and published by No Starch Press. I had the opportunity to briefly meet Justin at CanSecWest the year this book was published, which only increased my interest in the book and ensured my preorder. I read it back then (2009), and now, nine years...
Blog

Strengthen Production Systems with Container Runtime Security

Container security is not a unitary action but a multifaceted process. It involves securing the build environment using secure code control and other strategies. The procedure also necessitates securing containers’ contents via code analysis and unit tests. At some point, organizations need to develop a plan to secure their containers in production...
Blog

Police Investigating Data Breach at Chinese Hotel Group

Local authorities are currently investigating a data breach at a Chinese hotel group that could have exposed customers' personal information. Huazhu Hotels Group headquarters (Source: Wikipedia) According to the Xinhua state news agency, Shanghai police launched an investigation into a data security...
Blog

Evolution of Cyber Security in Healthcare

In the healthcare industry, data sets are growing rapidly, both in volume and complexity, as the sources and types of data keep on multiplying. As of now, 30 percent of the world's information is assessed to be medical services data, and in the U.S., many hospitals collect over 100 data points per patient per day. This healthcare data keeps on being...
Blog

Instagram to Support Authenticator Apps for Improved 2FA Feature

Instagram announced its plan to support third-party authenticator apps as part of an improved two-factor authentication (2FA) feature. On 28 August, Instagram co-founder and CTO Mike Krieger unveiled the photo- and video-sharing social networking service's upcoming support for third-party authenticator apps. Users will be able to select ...
Blog

Three Ways to Secure Legacy Infrastructure

It is a well-known fact that legacy equipment shall continue to play a crucial role in the continuity and stability of critical infrastructure, especially in industrial control systems. A recent Center for Digital Government survey found that 70% of respondent agencies depend on legacy infrastructure for their operations. Another recent report from...
Blog

The Sky Is Falling! No Wait, That’s Just Our Data in the Cloud!

Back in the good old days, we used to have to order physical servers to run our applications. When servers became too expensive, we found efficiency in virtualization. Why have one box running one server when I could have 10 or more on a single box? Who would have thought I could simply push a button and have a server ready in minutes as opposed to...