Following on from the round-up we released yesterday, today we look through the rest of what our regular contributors shared as their standout moments from 2018. Bob Covello, IT Security Director | @BobCovello "The most memorable event for me in 2018 was a positive one. There was enormous progress made towards getting multi-factor authentication...

Over the past few years, I've had the pleasure of welcoming interns on our security research team. One of my goals was to pass on knowledge of security to these folks and pique their interest in (a career in) security. The goal of any teacher is to pass on their knowledge to the younger generation, in essence creating a miniature version of...

As 2018 draws to a close, it's been a fascinating year in the IT security community. From record-breaking data breaches, new regulations and the Meltdown and Spectre debacle, we can certainly say it's been eventful. To round the year off, we thought it would be interesting to ask some of our regular contributors (and followers on Twitter) what their...

'Tis the season to be shopping, as some might say. Holiday seasons are very good for retail businesses, with increased traffic in both online and brick-and-mortar stores. Unfortunately, business is good for cybercriminals during these busing shopping times, too – and, as a result, retailers need to ensure that their physical and cyber resources are...

Today’s VERT Alert addresses Microsoft’s December 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-809 on Wednesday, December 12th. In-The-Wild & Disclosed CVEs CVE-2018-8611 Microsoft is reporting that this Windows kernel privilege escalation vulnerability is seeing active...

Cybersecurity is a manpower constrained market – therefore, the opportunities for artificial intelligence (AI) automation are vast. Frequently, AI is used to make certain defensive aspects of cyber security more wide-reaching and effective. Combating spam and detecting malware are prime examples. On the opposite side, there are many incentives to...

When carried out sensibly and securely, communication through social networks and other online public forums can be beneficial, both socially and professionally. However, if you’re not careful, it can lead to numerous undesirable consequences, one of which is cyberstalking. Cyberstalking is stalking or harassment carried out over the internet. It...

You don’t have to look hard to find organizations utilizing a small fraction of the capabilities of a vulnerability management tool. Often, that’s because the focus is on meeting a compliance obligation. For example, PCI DSS 3.2.1 says, “11.2.1 – Perform quarterly internal vulnerability scans.” It’s difficult to learn the capabilities of a tool...

We employ a lot of militaristic terms in the IT security sector, and the language of defense is robust in part because it draws upon a rich history of technical innovations. When we talk about the future of IT, it’s hard not to think about cloud infrastructure, so when we’re exploring the growth of cloud resources, I’d suggest that it may also be...

Penetration testing is becoming increasingly popular as organizations are beginning to embrace the need for stronger cybersecurity. But there are still too many businesses that don’t fully understand the benefits of regular security testing. Pen testing is vital for any kind of organization with an IT system or website. A recent survey of...

Tripwire's November 2018 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft and Adobe. First on the patch priority list this month are patches for Microsoft's Internet Explorer, Edge and Scripting Engine. These patches resolve 13 vulnerabilities, including fixes for Memory Corruption, Elevation of Privilege (EoP),...

The term “cyber hygiene” pops up frequently in articles, blogs and discussions about cybersecurity. But what does it really mean? Some say it is an ill-defined set of practices for individuals to follow (or ignore). Others say it is a measure of an organization’s overall commitment to security. Still others – and I am among them – think of “cyber...

I am neither a political scientist nor a historian. However, I am conscious of some certain past events in human history which had political impacts and also influenced the course of history as we know it. Some say such events occurred on the basis of social, political and historical backgrounds and factors, whilst others pointed out to the certain...

A few weeks ago, I had the opportunity to speak at SecTor on a topic that I’ve been interested in bringing attention to for a while, the shifting IoT market. You can view the entire presentation online; however, I was asked if the checklist that I present was available via any other means. The following is the IoT Purchasing Checklist that I...

Time to dispel with a myth: quantum computing is still just a theory. It’s not. If you don’t believe us, read here. And because it’s past the theoretical stage, commercialization is not far away, even as there is also an open source push for the technology. Over 100 applications can run on quantum computers. and they are being used to simulate...

Flaws in code lines, file system and data input methods make up the core security vulnerability of any application. This is what we address through secure coding practices. Secure coding guidelines stand out as the last battling army before the enemy line of security risks and threats. Basically, secure coding practices will make developers more...

Be organized and efficient. It’s a simple rule of life that makes things run a whole lot smoother. This is something especially important when running your vulnerability management program. There are only so many hours in a day, rather, there are only so many hours in a down cycle where the business will let you scan their environment for...

Today’s VERT Alert addresses Microsoft’s November 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-805 on Wednesday, November 14th. In-The-Wild & Disclosed CVEs CVE-2018-8589 This vulnerability was reported to Microsoft by Kaspersky Labs, who discovered it being exploited by multiple...

In 1998, Congress unanimously passed the Digital Millennium Copyright Act (“DMCA”) to implement two international copyright treaties. Among other provisions, the DMCA addresses the use of technical measures (digital rights management or DRM) that control access to copyrighted works. The new provisions impose fines and criminal penalties for: ...