Resources

Blog

What Are the Questions to Ask When Looking for a Scalable Solution?

Looking for a scalable solution and not sure what to ask? The best way to start off is to get an understanding of what scalability means because it can vary depending on the problem(s) that are trying to be solved, the company, and who you are talking to. According to Merriam-Webster, scalability is “capable of being easily expanded or upgraded on...
Blog

Relay Attack against Keyless Vehicle Entry Systems Caught on Film

On September 24, 2017, two men pulled up alongside a home in Elmdon in the county of West Midlands, England. One of the men walked up to the house while the other approached a Mercedes parked outside. The former waved a box in front of the victim's house. Seconds later, the latter opened the driver's door of the victim's car, got in, and drove away...
Blog

Tripwire Patch Priority Index for November 2017

BULLETIN CVE Microsoft Browser - IE and Edge CVE-2017-11848, CVE-2017-11856, CVE-2017-11855, CVE-2017-11827, CVE-2017-11833, CVE-2017-11803, CVE-2017-11844, CVE-2017-11845, CVE-2017-11874, CVE-2017-11872, CVE-2017-11863 Microsoft Browser - Scripting engine CVE-2017-11834, CVE-2017-11791, CVE...
Blog

GhostWriter: MITM Exposure in Cloud Storage Service

With the cloud rapidly becoming the principal source of computing and data storage resources for organizations of all sizes, new types of exposures and attack paths have emerged. Earlier in the year, security researchers made a series of discoveries around organizations misconfiguring their AWS S3 buckets that allowed public access to the data...
Blog

Tizi Backdoor Uses Spyware to Steal Android Users' Social Media Data

A backdoor known as Tizi installs spyware onto Android devices in an effort to steal data from their owners' social media profiles. The Google Play Protect security team first detected the digital threat in September 2017 when they found an app with rooting capabilities. Since then, they've come across other apps that exhibit the same malicious...
Blog

Women in Information Security: Claudia Johnson

Last time, I had fun speaking with Beth Cornils. She has a pretty cool job that involves testing IoT cars. This time, I spoke with Claudia Johnson. A cyber attack got her into the industry, and now she helps answer people's questions about cybersecurity. Kim Crawley: Please tell me about what you do. Claudia Johnson: In my current, as well as,...
Blog

Elite UK Club Announces Theft of 5,000 Members' Data

An elite club in the United Kingdom has announced a data security incident where someone stole data pertaining to 5,000 of its members. Oxford and Cambridge Club. (Source: Wikipedia) The theft occurred when someone stole a backup computer drive for the Oxford and Cambridge Club out of a locked room...
Blog

Best Strategies for Avoiding Cloud Data Leaks

In recent years, there has been a huge movement from storing data the traditional way, as the cloud has grown and become the better answer and option for companies and organizations alike. However, this has also led to a growth in cyber criminals and data breaches now that someone can access sensitive documents from their living room couch. As such,...
Blog

Cybercrime Laws: What Internet Fraud Victims Need to Know

As the Internet continues to be an important part of our lives, it also becomes a more dangerous avenue for cybercrime. The risk increases as the massive online community’s use of the Internet becomes more rampant. And despite the public being aware of cybersecurity issues, anonymous online criminals are able find more victims and creative ways to...
Blog

Eight Arrests Made in Connection with $3.5M Credit Card Skimming Scheme

Federal and local authorities have arrested eight individuals in connection with a credit card skimming scheme that caused losses in excess of $3.5 million. On 17 November, representatives of the United States Attorney Western District of Kentucky's office, Kentucky FBI division, Secret Service, and the Louisville Metro Police Department announced...
Blog

Criminals Demanded $8K from Sacramento Regional Transit after Attack

Criminals demanded a ransom of approximately $8,000 after they attacked the Sacramento Regional Transit's (SacRT) computer system. The attack occurred on 18 November, reports The Sacramento Bee, when unknown attackers defaced the public transportation agency's main website with the following message: I’m sorry to modify the home page, i’m good...
Blog

Why 'Yes Persons' Make Change Control a Necessity for Your Company

Recently, my nine-year-old son informed me that he had observed over time how I always seem to help other people and how others always depend on me. I said to him that, in a way, he is much the same, as he is always saying 'yes' to doing little jobs. Together, we defined ourselves as being 'yes persons.' However, as our conversation evolved, I said...
Blog

Securing the Entire Container Stack, Lifecycle and Pipeline – Part 1

With the rise in popularity of containers, development and DevOps paradigms are experiencing a massive shift while security admins are left struggling to figure out how to secure this new class of assets and the environments they reside in. While containers do increase the complexity of the ecosystem that security admins are responsible for securing...
Blog

Australian Broadcasting Corporation Leaked Data through AWS S3 Bucket

The Australian Broadcasting Corporation (ABC) leaked sensitive data online through a publicly accessibly Amazon Web Services (AWS) S3 bucket. Public search engine Censys indexed the misconfigured asset on 14 November during a regular security audit of the S3 environment. Researchers at the Kromtech security center don't know who might have accessed...
Blog

Women in Information Security: Beth Cornils

Last time, I had fun talking with Victoria Walberg. She really understands cloud and IoT cybersecurity. This time, I got to speak to Beth Cornils. She has a pretty cool job that involves making IoT cars safe! Kim Crawley: Hi, Beth! Tell me about what you do. Beth Cornils: I am a product manager for an autonomous vehicle company. Prior to that, I was...
Blog

What Is Vulnerability Management?

Enterprise networks regularly see change in their devices, software installations and file content. These modifications can create risk for the organization. Fortunately, companies can mitigate this risk by implementing foundational security controls. For example, enterprises can monitor their important files for change using file integrity...
Blog

Scammers Steal S$80K from Woman Using Fake Police Website

Scammers stole S$80,000 from a woman by tricking her into visiting a fake phishing website for the Singapore Police Force (SPF). On 13 November, local law enforcement received a report from the woman that someone had stolen several thousand Singapore dollars from her bank account. She told investigators that the trouble started sometime earlier when...