The last book campaign was on “The Phoenix Project,” which is an easy-to-read story about a fictional company’s transformation into the world of DevOps. “Accelerate” is nothing like that, and if you’re a sucker for raw data like I am, then you may enjoy it more. “Accelerate” details the results of a multi-year study analyzing company’s software...

Without a doubt, log management should be part of the core of any IT security platform of a government agency. It has a role in not only security but also in operations and compliance requirements. Logging can provide situational awareness of things happening within an environment by keeping track of events recorded in the logs of the different...

Today’s VERT Alert addresses Microsoft’s August 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-792 on Wednesday, August 15th. In-The-Wild & Disclosed CVEs CVE-2018-8373 A vulnerability exists within the scripting engine in Internet Explorer. An attacker exploiting this vulnerability...

The U.S. Department of Defense (DoD) and HackerOne together announced the creation of a new bug bounty program called "Hack the Marine Corps." On 12 August, DoD kicked off its new vulnerability disclosure initiative at DEF CON 26 in Las Vegas, Nevada with a live hacking session. For the launch event,...

Alarms and alerts surround us every day. From the moment our clocks wake us up in the morning, we rely on alarms for many things. But what happens when those alarms and alerts malfunction? What does it do to us and how does that affect our day to day life? Recall the Dallas Emergency Alert Malfunction. As it turns out, getting tired of these alarms...

Researchers demonstrated the feasibility of taking over a enterprise network and abusing that access to exfiltrate data using just a fax number. On 12 August, Yaniv Balmas and Eyal Itkin of Check Point's malware research team presented their findings on fax security at DEF CON 26 in Las Vegas. They wanted to see if it was possible to attack an all...

ICS security is concerned with securing and safeguarding industrial control systems, keeping processes and machinery running smoothly, and ensuring that the information and data shown on the control room dashboards and screens are accurate. Like every system that is networked to the Internet, ICS must be properly secured. The problem is that ICS...

The Internet of Things (IoT) is one of the greatest forces driving technology today. According to Statista, the number of IoT devices is expected to reach 1.2 billion by the end of 2018. That number will grow to over 20 billion by 2020, per Gartner’s estimates, with more than 65 percent of enterprises deploying IoT products at that time. Such growth...

Digital attackers targeted the computer servers of a golfers' association with ransomware and encrypted files stored on those assets. Staff at the Professional Golfers' Association of America (PGA) discovered the attack on 7 August. When they attempted to access certain work files that morning, those...

Poor security measures have reportedly put the personal details of Comcast Xfinity customers at risk, a researcher has revealed. According to a BuzzFeed News report, security researcher Ryan Stevenson found a vulnerability in the high-speed ISP's online customer portal that could allow unauthorised parties to determine the partial home address of...

The Center for Internet Security’s Critical Security Controls (“the CIS Controls”) are incredibly useful in helping organizations defend themselves against digital threats. By adopting the first five controls alone, it’s possible for companies to prevent 85 percent of attacks. Adopting all 20 controls can prevent as much as 97 percent of attacks....

What does the chairman of MIT’s board of trustees and a Supreme Court judge for New York State have in common with the Weintraubs of Lebanon, Oregon? They were all victims of real-estate spoofing scams, a form of cyber-security fraud that has grown from $19 million in 2016 to over $1B in 2017. Thieves have learned that large sums of money change...

The landmark NYS DFS cybersecurity regulation that took effect in New York State in March 2017 is approaching its third of four milestones. This was the first regulation of its kind that included prescriptive direction for the protection of personally identifiable information handled by all financial institutions that conduct business in the State....

Cyber crime is a serious and growing problem. According to Cybersecurity Ventures, cybercrime damages will cost the world $6 trillion annually by 2021, up from $3 trillion in 2015. And as seen in recent high-profile hacks and data breaches involving U.S. government agencies (the NSA, the Office of Personnel Management, the Securities and Exchange...

In early August, I will be leading a couple of sessions at the Community College Cyber Summit about cyber security fundamentals. I've also been spending time working with my amazing colleagues thinking about DevOps. Spending so much time going back and forth from "back to basics" and "the future of development" had me thinking that securing DevOps...

When concepts like DevOps and Cloud computing come together, this powerful combination propels organizational growth at a rapid speed. Some trends in today’s industry have helped bring about the collaboration of these two most important change agents. Let’s take a look at them here: The world is witnessing an industry-wide shift wherein we are...

A semiconductor foundry notified its customers of a computer virus incident that at least partly disrupted its shipping schedule. On 5 August, Taiwan Semiconductor Manufacturing Company, Limited (TSMC) published an update about a computer virus infection that occurred on the evening of 3 August. TSMC...

It’s hardly a controversial statement to say that DevOps is changing the way that organizations build and deploy applications. There’s plenty of material, stories, whitepapers and whole companies that demonstrate this trend. There are, however, a couple of things that make a discussion about security and DevOps important. First, while there are a...

Compliance with version 3.2 of the Payment Card Industry Data Security Standard (PCI DSS) is a must for organizations that handle, process, transmit and store payment card data. But compliance isn’t always easy to establish or maintain. Indeed, there are certain challenges along the way that can make organizations’ compliance with PCI DSS 3.2...

Tripwire's July 2018 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft and Adobe. First on the patch priority list this month are patches for Microsoft's Internet Explorer, Edge and Scripting Engine. These patches resolve 22 vulnerabilities, including fixes for security feature bypass, information disclosure, and...