Medical devices can be vulnerable to security breaches in the same way as any other networked computing device. This may potentially affect its safety and effectiveness. The FDA (Food and Drug Administration) has issued final guidelines for manufacturers to consider cybersecurity risks as part of their medical device design and development. Its...

A privacy breach at a school district in New Jersey exposed portions of 1,200 employees' Social Security Numbers. The breach occurred at Irvington Public Schools on 16 April when an "unknown source" sent out an email to an undetermined number of recipients. The email contained the names of current...

Most organizations have already adopted or are moving towards adopting a DevOps model into their work culture for improved productivity and workflow. In simple terms, DevOps is an application delivery methodology that encourages collaboration and communication between the developers and operations teams across all phases of the Software Development...

Blockchain and other emerging distributed ledger technologies offer the promise of increased security, transparency and resilience based on the use of distributed, immutable records. At the same time, the European Union General Data Protection Regulation (GDPR), which takes effect May 25, 2018, governs the use and protection of personal data...

FedRAMP, or the Federal Risk and Authorization Management Program, is a standardized approach to security assessment, authorization, and monitoring for cloud applications. It was created by the U.S. General Services Administration in response to growing government usage of the cloud, which has obvious benefits at many levels of operation and...

Defense Evasion has the most techniques of any of the other tactics discussed in the MITRE ATT&CK Framework so far. What I find interesting about these techniques is that they expose the tradecraft of the various threat actors behind malware attacks. https://www.youtube.com/watch?v=NDT2qnpvKTk Another interesting piece of this tactic is some malware...

Now in its 11th installment, Verizon’s Data Breach Investigations Report (DBIR) is a must-read for cybersecurity professionals across the globe. The 2018 edition dives deep into more than 53,000 real incidents and 2,216 confirmed data breaches with the ultimate goal of informing defenders on the threats they face and how to protect against them. The...

The MITRE ATT&CK Framework is an excellent resource when it comes to defining threat intelligence. The hundreds of techniques mapped across various tactics help define an adversary’s behaviors in enterprise networks. What’s better is that it provides prescriptive level guidance on how to both mitigate and detect the techniques. While it is not...

London's Royal Borough of Kensington & Chelsea has been fined £120,000 (approximately US $170,000) by the Information Commissioner’s Office (ICO) after it unlawfully identified 943 people who owned vacant properties in the borough. How did the sensitive data leak out? Because of a sloppy understanding of how to wipe information properly out of Excel...

A while ago, I had the crazy idea that I needed to read more technical books, so I purchased a pair of books that appealed to me: Attacking Network Protocols and Serious Cryptography, both published by No Starch Press. I was interested in reading along with others and sharing our thoughts and opinions, so I spoke with members of VERT and our...

When the European Union General Data Protection Regulation (GDPR) comes into force on May 25, 2018, what will happen to currently-available domain registration data in WHOIS? The GDPR restricts how personal data about natural persons residing in the European Union can be collected, used and transferred, and it defines “personal data” very broadly....

Digital attackers are targeting organizations in the energy sector like never before. For example, just a few weeks ago, the FBI and Department of Homeland Security issued a joint report describing a massive Russian hacking campaign to infiltrate America’s critical infrastructure. In a first, the US government publicly blamed Russia’s government for...

The 5th annual DevSecOps community survey for 2018 from Sonatype reveals heightened interest in DevSecOps practices after the recent surge of high profile breaches, as well as highlights security integration statistics among teams with mature DevSecOps workflows. In this blog post, we’ll discuss some of the important findings from the survey of 2...

A teenager faces upwards of 10 years in prison for downloading 7,000 freedom of information releases that contained people's sensitive personal information. On 11 April, Nova Scotia's police raided the home of a yet-unnamed 19-year-old. As many as 15 officers seized computer equipment from the teen, who lives with his parents and siblings and is in...

Much attention and excitement within the security world has recently been focused on the lucrative surge in crypto-mining malware and hacks involving or targeting cryptocurrency implementations themselves. Yet the volume of ‘real world’ transactions for tangible goods and services currently paid for with cryptocurrency is still relatively niche in...

Last time, I spoke with Cyber Czar founder Sorene Assefa. She’s passionate about raising cybersecurity awareness in South Africa. This time is really special because I got to chat with Tripwire’s own Cindy Valladares. She really recognizes the importance of valuing people with information security talents. Kim Crawley: What do you do and how did you...

A newly issued patch plugs more than a dozen vulnerabilities that affect certain versions of an industrial multiport secure router series. On 13 April, Cisco Talos published a report revealing the security weaknesses as part of a coordinated disclosure strategy with Moxa, an automation solutions provider for companies seeking to get the most out of...

Technology has become the lens through which we perceive and experience day-to-day life. Take the smartphone as an example. What used to be a technological rarity and business-oriented tool has become the nexus of our personal and recreational lives. Pew Research Center has found that more than three-quarters (77 percent) of Americans currently own...

For those reading this who were cognizant of such topics as the Internet of Things (IoT) and security architecture back in 2016, you may have had some passing knowledge of the Mirai botnet attacks that showed us all just how risky the present client-server model of IoT can be. At issue is the reality that the vast majority of these kinds of networks...

The chief executive officer of a Bitcoin exchange believes the theft of more than $3 billion from the platform was an inside job. On 12 April, the team behind Coinsecure replaced the Indian exchange's website with a statement. The notice reveals that someone exposed users' Bitcoin funds and then stole them out of a wallet under the platform's...