Blog

Blog

Tripwire Patch Priority Index for April 2019

Tripwire's April 2019 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Adobe, and Oracle. First on the patch priority list this month are patches for Microsoft's Browser and Scripting Engine. These patches resolve 13 vulnerabilities, including fixes for Memory Corruption, Browser Tampering, and Information...
Blog

Women and Nonbinary People in Information Security: Jenny Radcliffe

Last week, I spoke with bug bounty triager and Ubuntu fan Sophia Sanles-Luksetich. This week, I had the honor of speaking with social engineering specialist Jenny Radcliffe. Contrary to what a lot of Nigerian Princes would tell you, in my opinion social engineering is one of the most misunderstood areas of cybersecurity. Kim Crawley: Please tell...
Blog

Fraudster Posed as Jason Statham to Prey Upon Star-Struck Users

A digital fraudster posed as English actor and film producer Jason Statham to prey upon and steal money from star-struck users. A woman who asked not to be named said the scam began when someone posing as Statham contacted her while she was on a Facebook page dedicated to the actor. She thought it was nice that the actor had seemingly embraced ...
Blog

What Can League of Legends Teach Us About Cybersecurity?

The League of Legends game and human psychology are two things we don’t often associate with cybersecurity – but as an avid gamer, I encountered and observed many parallels between the tactics used to win games like League of Legends and the mentality that guides human behavior in general. Thus, when I began teaching security awareness and being a...
Blog

How Does Tripwire Map to the NIST SI-07 Control?

Keeping sensitive data and assets safe is the goal of regulatory cybersecurity frameworks like NIST (National Institute of Standards and Technology). But for government agency security professionals, staying compliant can feel like a Sisyphean task due to the complexity of applying the controls themselves. It’s especially difficult to attempt to...
Blog

Using Visibility to Navigate the Evolving Role of ICS Security

The current security state of industrial control systems (ICS) is a perplexing one. On the one hand, Kaspersky Lab found in a recent report that a majority of organizations (75 percent) regard ICS security as a major priority. On the other hand, organizations aren’t implementing the proper safeguards to secure their industrial control systems. The...
Blog

Operation ShadowHammer: Hackers planted malware code in video games

Last month the world was reminded once again of the danger of supply chain attacks, as it was revealed that hackers had compromised the network of Taiwanese technology giant ASUS to push out a malicious software update to as many as one million laptops. The attack, dubbed "Operation ShadowHammer" by security researchers, saw hackers successfully...
Blog

Washington State Legislature Passes New Data Breach Law

The Washington legislature has passed a bill that effectively expands the state's consumer data breach notification requirements. The Washington State Capitol (Source: Wikipedia) Previously, Washington-based organizations needed to notify consumers of a data breach only in the event that the security...
Blog

A Beginner’s Guide to PCI Compliance

PCI DSS, or the Payment Card Industry Data Security Standard, is the set of requirements for organizations who process card payments. Sounds simple enough, right? But PCI compliance can pose a major challenge to organizations if they’re not equipped with the proper knowledge and tools. Let’s take a quick look at the basics of PCI compliance, what...
Blog

Women and Nonbinary People in Information Security: Sophia Sanles-Luksetich

Last week, I had fun talking about the old-fashioned internet and defensive security with Liz Bell. This time, I spoke to bug bounty specialist Sophia Sanles-Luksetich. Did you know that Ubuntu was her first OS? Kim Crawley: Please tell me a bit about yourself and what you do. Sophia Sanles-Luksetich: I am a rookie information security consultant. I...
Blog

Drones as Cyber Weapons: A Reality, Not a Hyperbole

On the aftermath of the Mati wildfires in Greece that killed 100 people, the Greek Fire Department spokesperson made an announcement on June 2018, stating "Any manned and unmanned aircraft systems flights in an area of operations is a serious infringement and creates safety risks for flights. Any breach entails criminal and administrative liability....
Blog

'123456' Remains the World's Most Breached Password

"123456" remains the most common password which digital criminals abuse to steal unsuspecting users' sensitive information. On 21 April, the United Kingdom's National Cyber Security Centre (NCSC) partnered with security researcher Troy Hunt to publish the top 100,000 passwords from Hunt's Pwned Password service. Here are the top 20 passwords from...
Blog

Six Myths People Still Believe About GDPR

The General Data Protection Regulation (GDPR) came into force in May 2018, and by the letter of the law, virtually every business in the UK needs to comply with it. However, there are still some misconceptions surrounding the law and what it means to organisations. This can lead to difficult situations where mistakes can be made. Here are six myths...
Blog

The Weather Channel Suffers Ransomware Attack

Local and national weather forecast provider The Weather Channel suffered a ransomware attack that temporarily prevented it from going live on the air. Regular viewers got a surprise when they tuned into The Weather Channel on the morning of 18 April. They were expecting to watch "AMHQ," the network's live morning show which begins at 06:00 EST....
Blog

Man fried over 50 college computers with weaponized USB stick

It's not as though 27-year-old Vishwanath Akuthota made it hard for authorities to prove that he was the person who destroyed $58,000 worth of college equipment in February this year. On Valentine's Day, February 14th 2019, Akuthota walked around the campus of the College of Saint Rose in Albany, New York. He had graduated from the college in 2017...
Blog

Ransomware Attack Targeted Data Intelligence Firm Verint

Bad actors used a ransomware attack to target the Israeli offices of the customer engagement and digital intelligence company Verint. On 17 April, ZDNet received a screenshot taken by an employee who works at one of Verint's Israeli offices. The screenshot shows what appears to be a warning message which the data intelligence firm displayed on...
Blog

Establishing Information Security in Project Management

A person recently asked me if it was possible to implement ISO 27001 using a specific project management software product. They used the tool in the past to define project plans and make project reviews. While I told them this is entirely possible, the truth is one can implement ISO 27001 even without a project plan or any specific tools. But should...