As part of a three-part series on incorporating security into the container environment, I've talked all about containers and how to inject security into the pipeline. Let's now discuss tips on how to secure the container stack. What Do I Mean by "Stack"? What I’m calling the stack, in this case, refers to all of the layers or components involved...

Enterprise access point maker Ruckus once again patched up command injection vectors that could completely compromise both the ZoneDirector controller, as well as the Unleashed AP. One of the vulnerabilities is in fact strikingly similar to an issue in another Ruckus Web-GUI I disclosed last year. While vulnerability is essentially an inevitable...

Last time, I got to speak with Claudia Johnson. She's been in the tech industry for a long time, and she got into security the same way Brian Krebs did – by being attacked. Now I got to talk to Kristen Kozinski. She knows about secure code and web vulnerabilities. She also maintains a pretty nifty website for educating end users about security. Kim...

The holiday season is upon us, and nearly every day, my wife asks me what I want for Christmas. As a pop culture geek with interests in most fandoms, I have dozens of items that I could ask for, but the ultimate question is what do I really want to ask her to spend money on. In a perfect and very geeky world, I would likely come up with a method of...

I recently introduced a three-part series about injecting security hygiene into the container environment. For the first installment, I provided some background information on what containers are and how the container pipeline works. Let's now discuss how we can incorporate security into the pipeline. Assessing s Before Production To secure the...

BULLETIN CVE Microsoft Browser - IE and Edge CVE-2017-11848, CVE-2017-11856, CVE-2017-11855, CVE-2017-11827, CVE-2017-11833, CVE-2017-11803, CVE-2017-11844, CVE-2017-11845, CVE-2017-11874, CVE-2017-11872, CVE-2017-11863 Microsoft Browser - Scripting engine CVE-2017-11834, CVE-2017-11791, CVE...

A backdoor known as Tizi installs spyware onto Android devices in an effort to steal data from their owners' social media profiles. The Google Play Protect security team first detected the digital threat in September 2017 when they found an app with rooting capabilities. Since then, they've come across other apps that exhibit the same malicious...

With the rise in popularity of containers, development and DevOps paradigms are experiencing a massive shift while security admins are left struggling to figure out how to secure this new class of assets and the environments they reside in. While containers do increase the complexity of the ecosystem that security admins are responsible for securing...

Enterprise networks regularly see change in their devices, software installations and file content. These modifications can create risk for the organization. Fortunately, companies can mitigate this risk by implementing foundational security controls. For example, enterprises can monitor their important files for change using file integrity monitoring...

If you thought it was scary when security researchers remotely hijacked a Jeep as it was driven down the freeway, consider this - now airplanes are getting hacked. The US Department of Homeland Security has revealed that a Boeing 757 airliner was successfully hacked as it sat on the runway at the airport in Atlantic City, New Jersey on September 19,...

In the first part of this blog series, we discussed some core objectives, characteristics and principles of the GDPR, which is due to take effect on 25th May 2018. In this second article, we will discuss in greater depth some of the core IT security objectives relating to GDPR. The purpose of the GDPR is to establish directions to protect “natural...

Microsoft has patched a 17-year-old bug hidden in its Office suite that attackers can use to execute arbitrary code on vulnerable machines. The vulnerability resides in Microsoft Equation Editor (EQNEDT32.EXE). It's a component that allows users to insert and edit equations into Microsoft Word documents as an Object Linking and Embedding (OLE) item....

Today’s VERT Alert addresses the Microsoft November 2017 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-752 on Wednesday, November 15th. In-The-Wild & Disclosed CVEs CVE-2017-8700 A Cross Origin Resource Sharing bypass could allow information disclosure in ASP.NET Core. Microsoft has...

Think of all the recent DDoS attacks. They all seem to share the common trait of bad guys disrupting the normal flow of data against a legitimate business. Sometimes, these attacks are used for revenge, and other times, they are used for ransom. Sometimes, however, the bad guys become the targets. This is the story of an odd caper that played out on...

Last time, I talked with Glenda Snodgrass. She's a founder and the president of The Net Effect, a cybersecurity services company. This time, I had a fascinating discussion with Nitha Suresh. She taught me a bit about penetration testing and aircraft data networks. Kimberly Crawley: Hi, Nitha! Tell me a bit about what you do. Nitha Suresh: I am...

We've been hearing a lot about IoT security recently. The news is overwhelming us with stories about baby dolls and baby monitors that can listen in on conversations at home, not to mention surveillance cameras that provide video streams to unauthorized individuals. To better understand these events, let’s start by looking at what is IoT. According...

A researcher has uncovered security holes in Google's bug-tracking database that could have potentially resulted in malicious hackers accessing sensitive information, including details of ways to exploit unpatched vulnerabilities in Google products. Researcher Alex Birsan has described how he managed to trick Google Issue Tracker (known internally...