Resources

Blog

Reddit rolls out 2FA to all its users

Reddit, the so-called "front page of the internet", has some important news for its 250 million registered users. You can now secure your Reddit account with two-factor authentication (2FA). The additional layer of security has been rolled out as an option to all users following months of beta-testing. To enable the feature, Reddit users must access...
Blog

Data Privacy Day: Expert Advice to Help Keep Your Data Private

Data Privacy Day began in the USA in 2008 as an extension of Data Protection Day in Europe. Since then, The National Cyber Security Alliance (NCSA) has led this international effort, which is held annually on January 28 to help create awareness about the importance of safeguarding data, respecting privacy, and enabling trust. In our efforts to help...
Blog

Adapting Security Communication to Different Audiences

Especially in recent weeks and months, information security has become an issue of interest to a lot of different people. Over the last several years, more people have started paying attention to infosec issues, which means the audience of infosec communication has drastically grown and changed. Effective communication is audience-dependent. You...
Blog

Engineering Firm Pays $1.3K after Ransomware Affects Servers, Backups

An engineering firm has paid attackers $1,300 after ransomware encrypted its servers along with its data backup system. The infection occurred when bad actors targeted DGH Engineering Ltd. with a malicious email. An employee at the firm clicked on a clink contained therein. This action paved the way for crypto-ransomware to encrypt the company's...
Blog

Another Indiana Hospital Hit by Ransomware Attack

Another hospital in Indiana has suffered a ransomware attack that affected some of its servers and prevented files from loading correctly. On 11 January, an employee of Adams Memorial Hospital of Decatur, Indiana notified administrators that some files didn't look correct. Susan Sefton, a spokesperson for the hospital, said the network went blank...
Blog

Cryptocurrency Hacks and Heists in 2017

The cryptocurrency rush took the world by storm last year. This dynamic environment lured new players, including hungry investors, miners, enthusiasts, looking to their hand at innovative startups not to mention threat actors. We witnessed blockchain splits, a boom of Initial Coin Offerings (ICOs), regulatory attempts by governments, the granting of...
Blog

Let’s Not Be Our Own Worst Security Enemy

If you are like most infosec professionals, you probably have to evaluate the security awareness training program that will be used in your organization. These training programs are important, and more recently, they are required in many regulated organizations. Perhaps your security awareness training is “home grown,” or perhaps you use a training program offered by one of the many third-party...
Blog

MailChimp Fixes Privacy Issue that Leaked Respondents' Email Addresses

MailChimp has plugged a privacy issue that leaked users' email addresses when they responded to websites' newsletter campaigns. Self-proclaimed mobile enthusiast Terence Eden discovered what he calls an "annoying privacy violation" while viewing the referral logs for his website. Those logs help document "Referer Headers" (misspelling intended),...
Blog

Less than 10% of Gmail users have enabled two-factor authentication

Internet users are doomed. I don't mean you or me; the fact that we're reading this article on Tripwire's The State of Security blog means we at least have a passing interest in protecting ourselves online. No, I mean those folks who, like us, use the internet but don't take the steps necessary to put in place the most rudimentary defenses to...
Blog

Integrity: The New "I" in PCI Compliance

The retail industry saw more than its fair share of data breaches in 2017, with security incidents impacting at American supermarket chain Whole Foods Market and clothing companies Brooks Brothers, The Buckle, and Forever 21, to name a few. At least some of those events likely resulted from retailers' poor data breach preparation. Consider the fact...
Blog

The State of IoT (In)Security

The state of Internet of Things (IoT) security today is clear: it’s terrible. IoT devices are everywhere – from Fitbits and Amazon Alexas to smart appliances and intelligent home security systems, they’ve already permeated our consumer lives. Outside of the consumer space, however, IoT is even more prevalent. IoT devices control electrical grid...
Blog

Do Your On-Premises Security Controls Extend into the Cloud?

There’s a Russian proverb “overyai, no proveryai.” (Trust, but verify.) You trust your IT department to keep your systems up and running and configured in a secure manner. But, do you verify those configurations? Often, in the rush to get things done quickly, some things slip through the cracks. And most often, security seems to be what ends up...
Blog

Mega Millions Winner "Giving Back" Twitter Campaign Looks Like a Scam

A Mega Millions lottery jackpot winner's "giving back" campaign on Twitter looks and sounds an awful lot like a scam. Numerous Twitter profiles have been popping up claiming to be operated by Shane Missler, a 20-year-old resident of Florida who won the $451 million Mega Millions lottery jackpot in January. Many of those new accounts use their...
Blog

Foundational Controls for Integrity Assurance - Part II

As I noted in my previous article, companies should use foundational controls to assure integrity of their software and critical data – doing so can help prevent many data breaches and security incidents from occurring in the first place. That's not all that integrity driven by foundational controls can accomplish. Here are two more benefits...
Blog

Crypto-Miner Named the "Most Wanted" Malware for December 2017

A JavaScript-based cryptocurrency miner earned the top spot in a list of the "most wanted" malware for December 2017. For its final Global Threat Index of 2017, Check Point observed Coinhive supplant Roughted, a large-scale malvertising campaign, as the most prevalent form of malware. This Monero-miner made waves back in October 2017 when it...