Resources

Blog

VERT Threat Alert: August 2018 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s August 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-792 on Wednesday, August 15th. In-The-Wild & Disclosed CVEs CVE-2018-8373 A vulnerability exists within the scripting engine in Internet Explorer. An attacker exploiting this vulnerability...
Blog

'Hack the Marine Corps' Bug Bounty Program Announced by DoD

The U.S. Department of Defense (DoD) and HackerOne together announced the creation of a new bug bounty program called "Hack the Marine Corps." On 12 August, DoD kicked off its new vulnerability disclosure initiative at DEF CON 26 in Las Vegas, Nevada with a live hacking session. For the launch event,...
Blog

Alert Fatigue Is a Big Cybersecurity Problem

Alarms and alerts surround us every day. From the moment our clocks wake us up in the morning, we rely on alarms for many things. But what happens when those alarms and alerts malfunction? What does it do to us and how does that affect our day to day life? Recall the Dallas Emergency Alert Malfunction. As it turns out, getting tired of these alarms...
Blog

ICS Security: The European Perspective

ICS security is concerned with securing and safeguarding industrial control systems, keeping processes and machinery running smoothly, and ensuring that the information and data shown on the control room dashboards and screens are accurate. Like every system that is networked to the Internet, ICS must be properly secured. The problem is that ICS...
Blog

Ransomware Strikes Computer Servers of Golfers' Association

Digital attackers targeted the computer servers of a golfers' association with ransomware and encrypted files stored on those assets. Staff at the Professional Golfers' Association of America (PGA) discovered the attack on 7 August. When they attempted to access certain work files that morning, those...
Blog

Flaw exposed Comcast Xfinity customers' partial home addresses and SSNs

Poor security measures have reportedly put the personal details of Comcast Xfinity customers at risk, a researcher has revealed. According to a BuzzFeed News report, security researcher Ryan Stevenson found a vulnerability in the high-speed ISP's online customer portal that could allow unauthorised parties to determine the partial home address of...
Blog

Two-Thirds of Organizations Don’t Use Hardening Benchmarks to Establish a Secure Baseline, Report Reveals

The Center for Internet Security’s Critical Security Controls (“the CIS Controls”) are incredibly useful in helping organizations defend themselves against digital threats. By adopting the first five controls alone, it’s possible for companies to prevent 85 percent of attacks. Adopting all 20 controls can prevent as much as 97 percent of attacks....
Blog

Beware: Real Estate Scams are Growing

What does the chairman of MIT’s board of trustees and a Supreme Court judge for New York State have in common with the Weintraubs of Lebanon, Oregon? They were all victims of real-estate spoofing scams, a form of cyber-security fraud that has grown from $19 million in 2016 to over $1B in 2017. Thieves have learned that large sums of money change...
Blog

The Next Milestone for the NYS DFS Cybersecurity Regulation is Approaching

The landmark NYS DFS cybersecurity regulation that took effect in New York State in March 2017 is approaching its third of four milestones. This was the first regulation of its kind that included prescriptive direction for the protection of personally identifiable information handled by all financial institutions that conduct business in the State....
Blog

Why You Should Consider a Career in Government Cyber Security

Cyber crime is a serious and growing problem. According to Cybersecurity Ventures, cybercrime damages will cost the world $6 trillion annually by 2021, up from $3 trillion in 2015. And as seen in recent high-profile hacks and data breaches involving U.S. government agencies (the NSA, the Office of Personnel Management, the Securities and Exchange...
Blog

Back to the Future: Stick to the Fundamentals for DevOps Security

In early August, I will be leading a couple of sessions at the Community College Cyber Summit about cyber security fundamentals. I've also been spending time working with my amazing colleagues thinking about DevOps. Spending so much time going back and forth from "back to basics" and "the future of development" had me thinking that securing DevOps...
Blog

DevOps and Cloud: The Match that Drives Today’s Businesses

When concepts like DevOps and Cloud computing come together, this powerful combination propels organizational growth at a rapid speed. Some trends in today’s industry have helped bring about the collaboration of these two most important change agents. Let’s take a look at them here: The world is witnessing an industry-wide shift wherein we are...
Blog

Security as a Quality Gate for DevOps

It’s hardly a controversial statement to say that DevOps is changing the way that organizations build and deploy applications. There’s plenty of material, stories, whitepapers and whole companies that demonstrate this trend. There are, however, a couple of things that make a discussion about security and DevOps important. First, while there are a...
Blog

How the CIS Controls Can Help You Achieve PCI DSS 3.2 Compliance

Compliance with version 3.2 of the Payment Card Industry Data Security Standard (PCI DSS) is a must for organizations that handle, process, transmit and store payment card data. But compliance isn’t always easy to establish or maintain. Indeed, there are certain challenges along the way that can make organizations’ compliance with PCI DSS 3.2...
Blog

Tripwire Patch Priority Index for July 2018

Tripwire's July 2018 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft and Adobe. First on the patch priority list this month are patches for Microsoft's Internet Explorer, Edge and Scripting Engine. These patches resolve 22 vulnerabilities, including fixes for security feature bypass, information disclosure, and...
Blog

Some Dos and Don'ts for Hiring Your Security Leader

I’m an executive-level security headhunter. That means I spend a lot of my week doing two things: talking to CISOs or those people ready to be CISOs and consulting with companies that are in the market for a security leader. My experience is that companies looking for a security leader fall into three categories. The first category consists of...
Blog

Is the End of the EU-US Privacy Shield in Sight?

European Union data protection law restricts the transfer of EU-origin personal data to countries outside the European Economic Area unless there is a mechanism in place to ensure an adequate level of protection of the personal data. In 2000, the European Commission approved the EU-SU Safe Harbor Privacy Principles that allowed many U.S. companies...