Blog

Blog

Shadow IT – How Do You Protect What You Don’t Know You Have?

For a cybersecurity program to succeed, it must identify the assets it aims to protect. Without a clear understanding of its assets, no organization can truly understand the value of its resources, assess the risks they face, or understand how much to spend to secure its infrastructure. Unfortunately, the process of identification is not getting any...
Blog

12 Indispensable DevOps Tools for 2017

DevOps is revolutionizing the way enterprises deliver apps to the market. It blends software development and information technology operations, or the processes and services used by IT staff, as well as their internal and external clients to fulfill their business duties. Such a convergence creates an assembly line for the cloud, as Tim Erlin wrote...
Blog

Are Bug Bounties a True Safe Harbor?

Security vulnerabilities are becoming the new oil, and the bug bounty economy is booming. As news of cyberattacks and data breaches continue to consume the press, never before has the market for vulnerabilities been so dynamic. “Bug bounty programs,” frameworks where security researchers legally trade previously undiscovered vulnerabilities for...
Blog

Risk of Security: Why a Security Measure Is Needed & How It's Achieved

The Phoenix Project was an easy and enjoyable read about Bill Palmer, a manager in the IT department who unexpectedly gets promoted to VP of IT Operations. To succeed in this new role, Bill had to expand his view from just his group to the organization as a whole in order to master the "Three Ways" for how to evolve from a dysfunctional group of...
Blog

VERT Threat Alert: July 2017 Patch Tuesday Analysis

Today’s VERT Alert addresses the Microsoft July 2017 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-733 on Wednesday, July 12th. In-The-Wild & Disclosed CVEs CVE-2017-8584 In a Patch Tuesday first, we have a HoloLens code execution vulnerability. This vulnerability impacts Windows 10 and...
Blog

Brainwashing Embedded Systems IoT Hack Lab Update

I’ve been studying the security designs of various embedded devices for the past couple of years. This research has led me to uncover dozens of critical flaws in internet-connected devices ranging from enterprise NAS devices and access points to countless consumer products like wireless routers, home automation controllers, security cameras and more...
Blog

Security Risks to Consider When Deploying Containers on Docker

Docker – a platform for OS-level virtualization instances known as containers – has become a hugely popular infrastructure technology. Flexible containerization is completely changing the way we build and maintain applications at scale, with analyst group RedMonk identifying the large enterprise market as a key driving force. Towards the end of...
Blog

Email Server Vulnerability and Anti-Spam Protection Techniques

The role of cyber security in modern business is hard to overstate. Almost all business processes are automated to a degree and thus need to be thoroughly protected from any potential tampering. Vendors use anti-malware and anti-reverse engineering techniques to protect their products, but they can’t possibly weed out every vulnerability. One...
Blog

Ransomware: Building Cyber Resilience

In our first article, we defined a ransomware attack and its impact on non-profit organisations, and we made some recommendations for preventing such attacks. In this article, we look at ransomware in more depth to provide a better understanding of how to build cyber resilience. There is a growing threat to cyber-security in various dimensions but...
Blog

Book Review: Ghost in The Wires – Kevin Mitnick

While attending the RSA show in February, I met Kevin (@KevinMitnick) and obtained a copy of The Art of Invisibility, which I immediately read. Due to the great many references to Kevin’s past, I thought it would be informative and worthwhile to read Ghost in the Wires. It’s also listed on the Tripwire 10 must-read books for information security...
Blog

Starting Your Career in Cyber Security

A year ago, I wrote an article entitled Starting Your Career In Information Technology. As your career goes on, you may find yourself traveling down different routes than you originally planned. This article is a follow-up, designed to give an idea of what cyber security has become for me after I transitioned to it from networking. To begin, I was...
Blog

Mapping the Top Five CSC to Four Cybersecurity Pillars

Foundational Controls may not sound like the sexiest subject in IT but arguably, it’s the most critical – and for good reason. Quite simply, without these fundamental controls in place and knowledge of what is on your network, your organization will find it incredibly difficult to manage a breach and effectively remediate. It’s very much the vogue at...
Blog

Korean Firm Pays $1M in Ransom after Erebus Ransomware Infection

A South Korean web hosting company has paid more than one million dollars in ransom after suffering an Erebus ransomware infection. The ransomware, which has been around since September 2016 and reemerged in February 2017, struck NAYANA on 10 June. Those responsible for the attack demanded 550 Bitcoins or approximately US$1.62 million. The web...
Blog

Top 7 Tips to Stay Secure on Your Summer Vacations

We all look forward to summer and its promise of fun-filled vacations. But in our haste to momentarily escape the daily grind, many of us overlook key elements of our digital security. Computer criminals don't take vacations, after all. Digital threats follow us everywhere we go, which is why we can never let our guard down no matter how many sun...
Blog

Women in Information Security: Gwen Betts

Women and non-males are in various important cybersecurity roles. They're writing secure code, they're researching malware, they're educating end users, they're studying in school, and sometimes they're in important government positions like my last subject, Heather Butler. Gwen Betts' job is a bit different. She approached me on Twitter, telling me...