Resources

Blog

5 Mobile Enterprise Data Concerns to Prepare for Now

Mobile platforms and the internet have brought about massive potential and real value to many companies. This evolution has made mobile enterprise systems an essential business function, becoming a top priority for any company serious about its growth. The ability of mobile technology to improve productivity and efficiency and drive greater ROI is...
Blog

8 Steps for a Successful DevOps Transition

Organizations stand to gain a lot from transitioning to a DevOps software development model. Switching to DevOps leads to quicker problem solving, increased employee engagement, and more time for innovation. That's assuming a transition is successful, however. Enterprises can run into various problems along the way, including inadequately measured...
Blog

2 Strategies to Tighten Your Cloud Security

Creating a thorough and effective security program is difficult enough when your data is stored on-premises. But most organizations and agencies straddle hybridized on-prem and cloud environments—or they’re cloud-native entirely. This complicates the role of cybersecurity teams who now need tools that can traverse multiple environments without...
Blog

Cybersecurity: Protecting All the Endpoints

Network security is an issue that is increasingly important as businesses and even households shift more workflow processes and key tasks to the network and into the cloud. While some users may find it a challenge to protect even a single digital device, keeping an entire network secure can be a tall order for even the most tech-savvy users. From...
Blog

FBI Arrests 74 in Global Takedown of Business Email Compromise Scammers

Federal authorities have arrested dozens of alleged fraudsters in an international takedown of Business Email Compromise (BEC) schemes. According to the Department of Justice, a total of 74 individuals were arrested, including 43 in the US, 29 in Nigeria, and three in Canada, Mauritius and Poland. The operation – dubbed Operation Wire Wire – was...
Blog

What Is Integrity Management?

If you’ve been in information security for a while, you’ve likely had some experience with file integrity monitoring (FIM). It’s a capability with a long history, going back to the original open-source Tripwire tool for monitoring file hashes. And FIM has staying power. It’s still around, and there are still new deployments. There aren’t a lot of...
Blog

VERT Threat Alert: June 2018 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s June 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-782 on Wednesday, June 13th. In-The-Wild & Disclosed CVEs CVE-2018-8267 This code execution vulnerability exists in Internet Explorer’s scripting engine and relates to the handling of objects...
Blog

French Company Incurs €250K Fine for Data Leak

A French company has incurred a fine of 250,000 euros for a significant data leak that might have exposed customers' sensitive personal information. On 7 June, France's data privacy regulatory body Commission nationale de l'informatique et des libertés (CNIL) published a statement about a data leak of which it learned in July 2017. An English...
Blog

Women in Information Security: Avi

Last time, I got the opportunity to speak with Diana Initiative founder Virginia Robbins, otherwise known as fl3uryz. She deserves all the kudos for her hard work in promoting women in our industry. This time, I had the pleasure of speaking with Avi. They’re not a woman, but they certainly know what it’s like to be a gender minority in tech. Avi has...
Blog

South Korean Cryptocurrency Exchange Coinrail Confirms Hacking Attempt

South Korean cryptocurrency exchange Coinrail said it's cooperating with law enforcement after suffering a hacking attempt. In a statement posted to its website, Coinrail revealed it was working with police to investigate an incident that might have exposed 30 percent of the total number of coins traded on the exchange. It placed the remaining 70...
Blog

Mapping the ATT&CK Framework to CIS Controls

For the better part of a decade, I have spent a good amount of time analyzing security and compliance frameworks. There is beauty to be found in every one of them. Some are very high level and leave the organization to interpret how to implement the various controls, such as the CIS Critical Security Controls. Others are incredibly prescriptive and...
Blog

Three Rhode Island State Agencies Affected by Malware Attack

A malware attack affected computing devices owned and operated by three state agencies in Rhode Island, confirmed the State's digital security teams. Rhode Island's Department of Children, Youth & Families, one of the departments affected by the malware attack. According to Call 12 for Action, the...
Blog

The Value of Capture the Flag Competitions

If you've ever attended an infosec or hacker conference, you're sure to have seen the Capture the Flag or CTF. As with anything in this industry, there are ebbs and flows in the debate of the value of the competitions. Some argue that they are unrealistic. Others champion them for the skills required and the creative thinking. Let's be real for a...
Blog

Can VPNs Really Be Trusted?

With hacking attacks, government surveillance and censorship constantly in the headlines, more and more people are looking for ways to increase their privacy online. One of the simplest and most popular solutions is to use a virtual private network. With a VPN, all your internet traffic is encrypted and tunneled through a third-party server, so it...
Blog

Atlanta Ransomware Attack Wiped Out Years of Police Dashcam Footage

A ransomware attack targeting the city of Atlanta wiped out years of dashcam footage generated by the Atlanta Police Department. In an exclusive interview with The Atlanta Journal-Constitution and Channel 2 Action News, Atlanta Police Chief Erika Shields revealed that a March ransomware attack against the city cost the Department years of dashcam...
Blog

Women in Information Security: Virginia Robbins

Last time, I had a great chat with Anna Westelius. She has a lot of experience with everything from web security to Linux driver development, and I learned a lot from her. This time, I had the pleasure of talking with Virginia Robbins, otherwise known as fl3uryz. Not only is she an expert in malware detection; she also founded The Diana Initiative,...