Blog

Blog

US Senators say it shouldn't be a secret when they've been hacked

Take a look at the security headlines, and you'll see report after report of businesses and large organisations being hacked. Sensitive databases are accessed, passwords are stolen, email archives are plundered, innocent people are put at risk and corporations get a kick up the backside that they need to take security more seriously. But what you...
Blog

Understanding Vulnerability Scoring to Help Measure Risk

Understanding vulnerability scoring can be a daunting task, but a good starting point is first understanding risk and being able to distinguish risk from a vulnerability. Both have been used interchangeably throughout the years. A vulnerability is some aspect of a systems functioning, configuration or architecture that makes the resource a target of...
Blog

The Power of Vulnerability Management: Are You Maximizing Its Value?

Tripwire has been in the business of providing vulnerability management solutions with IP360 for about 20 years. With over 20,000 vulnerabilities discovered last year alone, vulnerability management continues to be an important part of most security plans. And most organizations agree. In a recent survey, 89 percent of respondents said that their...
Blog

VERT Threat Alert: March 2019 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s March 2019 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-821 on Wednesday, March 13th. In-The-Wild & Disclosed CVEs CVE-2019-0754 This CVE describes a Denial of Service vulnerability that could cause a target system to stop responding when code...
Blog

New Sextortion Scam Says Adult Sites Infected Victims with Malware

A new sextortion scam is informing victims that their computers suffered a malware infection after they visited an adult website. In this latest ruse, digital criminals claim that they infected a user with malware after they visited a child pornography website. They then say that they leveraged that infection to capture compromising video footage of...
Blog

Why You Need to Align Your Cloud Strategy to Your Business Goals

Your company has decided to adopt the Cloud – or maybe it was among the first ones that decided to rely on virtualized environments before it was even a thing. In either case, cloud security has to be managed. How do you go about that? Before checking out vendor marketing materials in search of the perfect technology solution, let’s step back and...
Blog

STOP Ransomware Variant Installing Azorult Infostealer

A variant of the STOP ransomware family is downloading the Azorult infostealer onto victim's machines as part of its infection process. Security researcher Michael Gillespie was the first to detect this malicious activity. While testing some of the crypto-malware family's newer variants, he noticed that some of them were creating traffic indicative...
Blog

How to Pick the Right Solution for FISMA SI-7 Compliance

It can be hard to know how to best allocate your federal agency’s resources and talent to meet FISMA compliance, and a big part of that challenge is feeling confident that you’re choosing the right cybersecurity and compliance reporting solution. A Few FISMA SI-7 Basics So what sorts of specifications do you need to look for, and why? While the...
Blog

Vulnerabilities in Two Smart Car Alarm Systems Affected 3M Vehicles

Two smart car alarm systems suffered from critical security vulnerabilities that affected upwards of three million vehicles globally. Researchers at Pen Test Partners independently assessed the security of products developed by Viper and Pandora, two of the world's largest and most well-known vendors of smart car alarms. With both systems, they...
Blog

International Women’s Day: Brexit, Skills-Gap and #BalanceforBetter in the Cybersecurity Industry

This year’s International Women's Day 2019 theme of #BalanceforBetter is a positive call-to-action to drive gender balance across the world. This year’s campaign states that “the race is on” for a gender-balanced boardroom and gender balance amongst employees. I admire the #IWD2019’s rallying call to put on our running shoes. With the economic uncertainty of Brexit looming, we certainly need to...
Blog

The Election Fix: Upgrading Georgia’s Electronic Voting Machines

Electronic voting systems are touted as a modern solution for fast and accurate vote tallies, but without appropriate safeguards, these systems run the very serious risk of eroding public confidence in election results. In Georgia, we’ve been using the iconic AccuVote TSX machines from Diebold for as long as I’ve lived here. The way it works with this system is that voters are given a ‘smart’ card...
Blog

Shifting Left Is a Lie... Sort of

It would be hard to be involved in technology in any way and not see the dramatic upward trend in DevOps adoption. In their January 2019 publication “Five Key Trends To Benchmark DevOps Progress,” Forrester research found that 56 percent of firms were ‘implementing, implemented or expanding’ DevOps. Further, 51 percent of adopters have embraced...
Blog

Various Membership Plans Offered by Jokeroo Ransomware-as-a-Service

The Jokeroo ransomware-as-a-service (RaaS) offers various membership plans through which would-be digital criminals can become affiliates. In his analysis of the ransomware-as-a-service, Bleeping Computer creator and owner Lawrence Abrams found that Jokeroo differs from similar platforms in that it offers at least three different membership tiers....
Blog

Why Is Penetration Testing Critical to the Security of the Organization?

A complete security program involves many different facets working together to defend against digital threats. To create such a program, many organizations spend much of their resources on building up their defenses by investing in their security configuration management (SCM), file integrity monitoring (FIM), vulnerability management (VM) and log...
Blog

New CryptoMix Clop Ransomware Variant Claims to Target Networks

A new variant of the CryptoMix Clop ransomware family claims to target entire networks instead of individual users' machines. Security researcher MalwareHunterTeam discovered the variant near the end of February 2019. In their analysis of the threat, they noticed that the ransomware came equipped with more email addresses than previous versions of...
Blog

Tripwire Patch Priority Index for February 2019

Tripwire's February 2019 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft and Adobe. First on the patch priority list this month are patches for Microsoft's Browser and Scripting Engine. These patches resolve 23 vulnerabilities, including fixes for Memory Corruption, Elevation of Privilege, Spoofing, Security Feature...
Blog

Fine-Tuning Cybersecurity with the ATT&CK Framework

This Thursday, March 7, 2019, I’ll be facilitating a Learning Lab titled Fine Tuning Your Cyber-Defense Technologies with the ATT&CK Framework at the 2019 RSA Conference in San Francisco, CA. This will be my fourth time speaking at RSA, and this will be my second time facilitating a learning lab, which I'm happy about. I really enjoy the learning...