Resources

Blog

Google Releases Security Update for Chrome 49

Google has patched three security issues in Chrome 49, the most recent version of its popular web browser. On Tuesday, the United States Computer Emergency Readiness Team (US-CERT) released a bulletin announcing the tech giant's latest round of patches. "Google has released Chrome version 49.0.2623.87 to address multiple vulnerabilities for Windows...
Blog

Rosen Hotel chain was hit by credit-card stealing malware for 17 months

Did you visit a Rosen Hotels & Resorts property between September 2014 and February 2016? If so, there's a chance that your credit card details may be in the hands of a criminal gang. Rosen Hotels has published a statement on its website, revealing that it is the latest in a long line of hotel chains and retailers to have suffered at the hands of...
Blog

Why Your Tech Friends Always Seem Stressed Out

Have you ever noticed that your friends (or family) who work in technology seem a bit more stressed than the average hedge-fund trader? One would expect that a person who deals with multi-million dollar deals would be on the high-end of the stress spectrum, whereas a person who deals mainly with bits and bytes would be far less stressed. A recent...
Blog

VERT Threat Alert: March 2016 Patch Tuesday Analysis

Today’s VERT Alert addresses 13 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-660 on Wednesday, March 9th. Ease of Use (published exploits) to Risk Table Automated Exploit Easy ...
Blog

£8,000 Telephone Scam Costs Victim Her Daughter's Wedding Fund

A telephone scam has conned a woman out of £8,000, half of which was set aside to help pay for her daughter's wedding. The Courier reports that Sylvia Bentley, 65, a Coupar Angus pensioner, was recently contacted by con artists who claimed they were employees of her TV provider. Those scammers, in turn, tricked Bentley into granting them remote...
Blog

Fully Patched, But Still Vulnerable

Tripwire isn't a patch management company, so why we conducted an extensive survey on patch fatigue is a worthwhile question to ask. The fact is, we spend a lot of time talking about and working with patches, even though we never actually deploy one for a customer. We spend so much time on patching because we're a vulnerability management vendor....
Blog

5 Tips for Detecting Suspicious Changes in Your Network

In a world where we must assume our enterprises have already been breached, monitoring the perimeter is too little, too late. Continuous monitoring, a la CDM, tells you where you are vulnerable and what to fix, but not where you are already bleeding. In my post on why change detection is so important, I talked about the growing importance of change...
Blog

Chess Lessons for Security Leaders – Part 2

In Part 1 of this article series, we considered the specific elements that make up the game of chess and how they parallel the core elements of effective security programs. In Part 2, we’ll look at some fundamental chess concepts, such as time, space, material and structure, and how these ideas parallel concepts in security. We’ll also cover the...
Blog

U.S. DoD Announces ‘Hack the Pentagon’ Bug Bounty Program

The US Department of Defense (DoD) announced last week the first ever cyber bug bounty program in the history of the federal government, inviting vetted hackers to test the security of the department’s network, website and applications. Dubbed “Hack the Pentagon,” the agency said its pilot bug bounty program is modeled after similar competitions...
Blog

Fully Functional Ransomware Targeting OS X Users

A fully functional ransomware has been observed targeting OS X users by posing as infected BitTorrent installer files. On Saturday, users of Transmission, a free BitTorrent client, began posting on the site's forum that whenever they attempted to download Transmission 2.90 on their Macs, a message would pop up warning them that the BitTorrent...
Blog

5 Innocent Mistakes That Cause an IT Security Breach

Security breaches, also known as a safety violation, occur when a person or application illegally enters a confidential IT border. This could result in the hacking of unauthorized data, services, networks and applications that are highly critical. Breaches can also cause bankruptcy and destroy a company’s reputation, which is why most businesses...
Blog

5 Tips to Improve Your Defenses Against Social Engineering

Social engineering is perhaps the most dangerous vector of attack available to hackers. Social engineering could be a phone call made by an attacker to extract data; an email phishing attack that is composed to look like a legitimate request to gain sensitive information; or a physical intrusion into the building by someone claiming false...
Blog

Survey: 88% of IT Pros Say Forcing Tech Companies to Give Data Access to Gov't Would Undermine Security, Privacy

88 percent of security professionals feel that forcing technology companies to give the U.S. government access to encrypted data stored on consumer devices would undermine user security and privacy. That is just one of the findings of a new survey in which Tripwire asked 198 security professionals attending the RSA Conference 2016 their thoughts...
Blog

An Apathetic Afterthought: The Security Challenge of the Healthcare Industry

What you are about to read is not from 1995. This is not Throwback Thursday. What follows is an account of the first full day of booth duty at Healthcare Information and Management Systems Society (HIMSS) 2016 conference in sunny Las Vegas. For those of you who have never heard of HIMSS, (I certainly hadn’t until my boss asked me to attend.) it is a...
Blog

Making the Case for a Security Budget

As an IT consultant, I visit with a variety of organizations looking for me to assess and tell them how much they need to budget for security. There are two common scenarios: The organization is ready to make a commitment to security. They ask me to quantify their security investment based on a certain metric, such as number of PCs/Servers or how...
Blog

RSA Conference 2016 Takeaways – Part 2

Yesterday, we at The State of Security offered a recap of some of the notable presentations that have occurred at RSA Conference USA 2016. We now continue our coverage of this week's event with Part 2 of our RSA Conference 2016 Takeaways series. Dreaming of IoCs: Adding Time Context to Threat Intelligence Speaker: Travis Smith (@MrTrav), Senior...
Blog

RSA Conference Badge-Scanning Smartphones Exhibit Poor Security

The RSA Conference is taking place in San Francisco this week, and all the big names in computer security have converged on the Moscone Center where they will happily tell you all about their products, services and latest research. And the only cost for you is that the vendors will likely want to scan your badge if they think you're a potential lead...
Blog

Hit by Ransomware? Do Not Pay!

Imagine you have been hit by a ransom Trojan. If you do not have a backup – you pay. You either pay the price with money, or you pay it with your files. That’s it. Money or files, no win. Criminals are wise enough not to demand too much for your data. They calculate their ransomware pricing based on country of residence, company size, etc. For...
Blog

Is Relying on Anti-virus Making You Insecure?

The world of technology is never in stasis, but as frantic as the field is, information security moves even faster. Those of us who work to stay aware of the latest trends in cyber security sometimes lose sight of the sobering reality that most people don't have the time or drive to do this--especially if it's not paying the bills. The combination...
Blog

The Hot Topic of Cyber Security & Healthcare

This week, I am torn between attending RSA 2016 in San Francisco or HIMSS (Healthcare Information Management Systems Society), a very large healthcare conference in Las Vegas that annually attracts over 44,000 healthcare & IT professionals. Well, there's good news. I am going to both. Why? Cyber security is a major focus at HIMSS. In fact, there is...