Resources

Blog

Common Sense in EDI Security

What happens when an ATM needs to be filled with brand new $20 bills? Let’s examine the whole process: The $20 bills are initially stored in a bank vault. Very secure. An armored truck drives through a tunnel to the bank facility, where armed, trained, and white-listed employees transfer the money from the vault to the armored truck. Again, very...
Blog

6,000 Indian Enterprises' Data Offered for Sale on DarkNet

An unidentified hacker is attempting to sell information pertaining to more than 6,000 Indian enterprises on a DarkNet forum. Researchers at Seqrite, the enterprise security brand of IT security firm Quick Heal, found an advertisement for the data on DarkNet. As of this writing, whoever is behind the posting is currently offering the information,...
Blog

6 Common Cloud Security Threats and How to Defend against Them

Cloud services come with their own security challenges for enterprises that use them. Under the Shared Responsibility Model, a cloud service provider (CSP) is charged only with securing the infrastructure that makes cloud services possible. It does not engage in security configuration/monitoring of the operating system or applications. Instead,...
Blog

How FIM Supplements Anti-Malware

In the information security world, we always use the buzzword “Defense in Depth.” Though the concept is simple, it is difficult to implement. Organizations that carry out a proper risk analysis have a clearer picture in terms of cost/benefit analysis. In this article, we shall discuss how a FIM solution can supplement anti-malware solutions and...
Blog

Women in Information Security: Keren Elazari

Last time, I spoke with Kim Wong, a woman who recently acquired a cybersecurity role in Britain's financial services industry. This time, I'm honored to speak with Keren Elazari. Not only has she given TED talks but also founded BSidesTLV in Tel Aviv, Israel. We had a wonderful chat! Kimberly Crawley: Please tell me a bit about what you do. KE: I'm...
Blog

Graton Casino Says Patrons' Data Potentially Exposed by 'Human Error'

Graton Resort and Casino has revealed that an instance of "human error" might have exposed the personal information of some of its patrons. According to a "Notice of Data Breach" sent out to affected patrons, casino staff on September 2, 2017, "discovered that certain personal information was inadvertently distributed in a small number of email...
Blog

How Secure is Medical Technology?

Walk into almost any health care facility in America, and chances are, you’ll find a variety of new technologies that didn’t exist even a decade ago. All of your personal information is now digitized, allowing you to move doctors with little to no delay, the treatment you receive is now faster and more efficient, and even payment options can be done...
Blog

NCSAM Week 1: 5 Simple Steps to Staying Safe Online

October is here once again, and you know what means: National Cyber Security Awareness Month (NCSAM) is back with more advice on how Americans can bolster their digital security. Now in its 14th year, NCSAM 2017 kicks off its first week with STOP. THINK. CONNECT.™. This campaign is relatively straightforward: STOP to make sure security measures are...
Blog

Starting An Online Business? Here Are Some Cyber Security Tips

If you are one of those enthusiastic and adventurous entrepreneurs who are on the verge of launching your own online business, here's an important question for you: have you secured your start-up enough so that it can battle the security threats of today? If you haven't, now is the time to do so. In this blog, let's take a look at some of the...
Blog

Ransomware Attackers Demanded $19K from California School District

Ransomware attackers demanded $19,000 from a California school district for a decryption key that would unlock its encrypted data. Over the weekend of 16 September 2017, an unknown group of actors gave a $19,000 ultimatum to the San Ysidro School District, a public school district located in San Diego County, California. The demand followed a...
Blog

Hacking Robots: The Tripwire Intern Way

When I got an email giving me the opportunity to work as an intern for Tripwire, I jumped at the chance. I have always been intrigued by the world of cybersecurity and ethical hacking, so this internship truly struck home. The internship started with going through the 2017 Verizon Data Breach Investigation Report (DBIR) over the summer. The goal was...
Blog

Oral Surgery Center Notifies 128K Patients of Ransomware Attack

A medical center offering oral surgery services has notified 128,000 patients of a ransomware attack that might have exposed their information. On 24 September 2017, Arkansas Oral & Facial Surgery Center sent out breach notification letters to affected patients. Those letters reveal that the medical center detected the ransomware attack back on 26...
Blog

Europol warns ransomware has taken cybercrime 'to another level'

Europol, the European Union's police agency, has warned of the significantly rising threat posed by ransomware. As Associated Press reports, delegates at an international conference were told by Europol Executive Director Rob Wainwright that ransomware had taken the cybercrime threat to "another level." An 80-page report published by the agency...
Blog

10 Cybersecurity Scholarships to Look out for

Cybersecurity has one of the largest skill gaps of all critical infrastructure fields, with more than 3.5 million job openings estimated by 2021. While this is potentially disconcerting in light of the major security breaches that now occur with regularity, it's also positive for aspiring cybersecurity professionals. It's really an employee's (or...
Blog

5 Speaker Sessions Not to Miss at the 2017 Retail Cyber Intelligence Summit

In 2016, I shared just a few of the exciting presentations planned for the Retail Cyber Intelligence Sharing Center's (R-CISC) inaugural Retail Cyber Intelligence Summit. The event brought together CISOs and their IT security teams from the retail and consumer services industries in North American. For two days, these notable attendees shared best...
Blog

Irish Teachers' Union Learning Website Suffers Data Breach

The learning website of an Irish teachers' union has suffered a breach that might have exposed some members' personal information. On 11 September 2017, the Irish National Teachers' Organization (INTO), one of Ireland's oldest and largest teachers' trade unions, announced a security incident involving unauthorized access of its Learning website....
Blog

Tripwire Patch Priority Index for September 2017

BULLETIN CVE S2-052 Apache Struts REST Plugin Java Deserialization Vulnerability CVE-2017-9805 Oracle Security Alert Advisory - CVE-2017-9805 CVE-2017-9805 Microsoft 2017-September Developer Tools Vulnerabilities CVE-2017-8759 Microsoft 2017-September Browser Vulnerabilities CVE-2017...
Blog

HL7 Data Interfaces in Medical Environments

Ask healthcare IT professionals where the sensitive data resides, and most will inevitably direct your attention to a hardened server or database with large amounts of protected health information (PHI). Fortunately, there is likely nothing wrong with the data at that point in its lifetime. But how did those bits and bytes of healthcare data get to...
Blog

How Harmless Is Your Company’s Paramount Data?

In today’s rapid technological evolution, information from particular sources can be easily accessed, copied and shared out to a larger audience. If an organization fails to complete its basic role of being a guardian of the confidential business information within the company, it could convey unfavorable effects for business’ stability and...