In the midst of some of the most interesting times in geopolitical history, Tripwire wanted to see how the infosec community is currently feeling about nation-state attacks. It thus decided to conduct a survey while at Infosecurity Europe 2018 in London. Specifically, Tripwire surveyed 416 attendees to see what the future of nation-state attacks...

Last time, I had the opportunity of speaking with Avi. Avi’s not a woman, but they’re a badass hacker with a natural intuition for cybersecurity that has been put to excellent use. This time, I had the pleasure of speaking with Susan Ballestero. She has unique experience with working in a security operations center and being an information security...

Industrial control systems (ICS) first proliferated at a time when cybersecurity didn’t weigh heavily on organizations’ minds. Since then, there have been two significant developments in the industry. First, cybersecurity has become a mission-critical concern for businesses everywhere. Second, there’s been a shift to new network technologies that...

Network security is an issue that is increasingly important as businesses and even households shift more workflow processes and key tasks to the network and into the cloud. While some users may find it a challenge to protect even a single digital device, keeping an entire network secure can be a tall order for even the most tech-savvy users. From...

Today’s VERT Alert addresses Microsoft’s June 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-782 on Wednesday, June 13th. In-The-Wild & Disclosed CVEs CVE-2018-8267 This code execution vulnerability exists in Internet Explorer’s scripting engine and relates to the handling of objects...

Last time, I got the opportunity to speak with Diana Initiative founder Virginia Robbins, otherwise known as fl3uryz. She deserves all the kudos for her hard work in promoting women in our industry. This time, I had the pleasure of speaking with Avi. They’re not a woman, but they certainly know what it’s like to be a gender minority in tech. Avi has...

With hacking attacks, government surveillance and censorship constantly in the headlines, more and more people are looking for ways to increase their privacy online. One of the simplest and most popular solutions is to use a virtual private network. With a VPN, all your internet traffic is encrypted and tunneled through a third-party server, so it...

Last time, I had a great chat with Anna Westelius. She has a lot of experience with everything from web security to Linux driver development, and I learned a lot from her. This time, I had the pleasure of talking with Virginia Robbins, otherwise known as fl3uryz. Not only is she an expert in malware detection; she also founded The Diana Initiative,...

I’m pleased to announce that next month, I will be offering the two-day training series A Guided Tour of Embedded Software Hacks at Shakacon X as well as at Black Hat USA in August. As a reminder, I will also be back at SecTor with reloaded material for a one-day Brainwashing Embedded Systems advanced class aimed at students who have already...

If you're a U.S. taxpayer, you've likely heard how Tax Day 2018 was uniquely rocky for the Internal Revenue Service (IRS). A series of technical problems prevented the IRS from processing tax returns filed electronically on 17 April. The agency rebooted its systems and restored them later that night, but it nevertheless extended the deadline for...

The Hack the DTS bug bounty program uncovered dozens of vulnerabilities in the Defense Travel System serving the Department of Defense. On 30 May, vulnerability coordination platform HackerOne revealed the results of Hack the DTS. Nineteen trusted security researchers participated in the 29-day program and submitted 100 vulnerability reports over...

The world is full of first responders. You may not realize it, but you will know someone who is a first responder. Typically, one would associate a first responder with the three main emergency professions: Ambulance, Police and Fire. Within the Ambulance profession, that person who is first on the scene to deliver medical assistance to a poorly...

Tripwire's May 2018 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft and Adobe. First on the patch priority list this month are patches for Microsoft Browsers and Scripting Engine. The patches for Internet Explorer resolve a security feature bypass vulnerability and the patches for Edge resolve memory corruption,...

I had the opportunity to attend the Knowledge18 conference this past week, and from the registration to closing, I’ve never been to a show that's had so much energy. Knowledge18 staff would start the morning with a DJ playing music and with the staff energetically greeting attendees/sponsors while moving to the music. The Tripwire booth also had...

Regular readers of The State of Security should now have a general understanding of why organizations need security for their containers. But they still might be a bit fuzzy on the specifics. In particular, they might still be unclear on the types of threats they need to address as well as the container areas that are most at risk. This knowledge is...

Amidst the volatility, uncertainty and noise of the cybersecurity field, few best practice frameworks have emerged as consistently reliable and useful as the Center for Internet Security (CIS) Security Controls. Recently updated as version 7.0, the CIS Controls represent the most important security controls that an organization must implement to...

Cryptojacking attacks affected a quarter of organizations in their cloud environments, found a recent cloud security report. In RedLock's Cloud Security Trends, researchers with the security firm's Cloud Security Intelligence (CSI) team discovered that 25 percent of organizations had suffered cryptojacking incidents in the cloud. This rate marked a...

BULLETIN CVE Scripting Engine CVE-2018-1019, CVE-2018-0980, CVE-2018-0995, CVE-2018-0994, CVE-2018-0993, CVE-2018-0990, CVE-2018-0979, CVE-2018-1000, CVE-2018-0989, CVE-2018-0987, CVE-2018-0981, CVE-2018-1001, CVE-2018-0988, CVE-2018-0996 Browser CVE-2018-0870, CVE-2018-1018, CVE-2018-1020, CVE-2018-0997, CVE...

As new technologies like the cloud, IoT, Big Data and more emerge, organizations are playing catch up to upskill their employees to handle challenges that come with them. According to ESG’s 2018 annual global survey of the state of IT, more than half (51 percent) of respondents said their organization had a problematic shortage of cybersecurity...