Blog

Blog

Getting Creative with your Vulnerability Management Strategy

You don’t have to look hard to find organizations utilizing a small fraction of the capabilities of a vulnerability management tool. Often, that’s because the focus is on meeting a compliance obligation. For example, PCI DSS 3.2.1 says, “11.2.1 – Perform quarterly internal vulnerability scans.” It’s difficult to learn the capabilities of a tool...
Blog

Lessons to Learn from Armored Cars in the Era of Cloud Computing

We employ a lot of militaristic terms in the IT security sector, and the language of defense is robust in part because it draws upon a rich history of technical innovations. When we talk about the future of IT, it’s hard not to think about cloud infrastructure, so when we’re exploring the growth of cloud resources, I’d suggest that it may also be...
Blog

Critical Vulnerability Uncovered In Kubernetes

The first major security flaw has been uncovered in Kubernetes, the popular container orchestration system developed by Google. The vulnerability, identified as CVE-2018-1002105, carries a critical CVSS V3 rating of 9.8 due to low attack complexity, requiring no special privileges, and a network attack vector. ...
Blog

Read All About It: The Breaches That Won’t Make the Headlines

It’s been a busy few months for those tracking cybersecurity breaches. Considering that this quarter alone has seen headlines for British Airways identifying additional victims behind its already significant breach, Facebook’s massive messaging leak and Yahoo’s significant payout related to earlier data breaches, there are plenty of high profile...
Blog

The Digital Deciders and The Future of Internet

Recently, the nonpartisan think tank New America published a report called “The Digital Deciders: How a group of often overlooked countries could hold the keys to the future of the global internet." The purpose of this report – authored by Robert Morgus, Jocelyn Woolbright and Justin Sherman – is to survey how nations around the world approach...
Blog

What Type of Vulnerabilities Does a Penetration Test Look For?

Penetration testing is becoming increasingly popular as organizations are beginning to embrace the need for stronger cybersecurity. But there are still too many businesses that don’t fully understand the benefits of regular security testing. Pen testing is vital for any kind of organization with an IT system or website. A recent survey of...
Blog

US charges Iranian hackers for SamSam ransomware attacks

Authorities in the United States have charged two people in connection with a series of notorious ransomware attacks. According to the Department of Justice, 34-year-old Faramarz Shahi Savandi and 27-year-old Mohammad Mehdi Shah Mansouri were the masterminds behind attacks against more than 200 networks since 2015. Unlike normal ransomware attacks ...
Blog

Tripwire Patch Priority Index for November 2018

Tripwire's November 2018 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft and Adobe. First on the patch priority list this month are patches for Microsoft's Internet Explorer, Edge and Scripting Engine. These patches resolve 13 vulnerabilities, including fixes for Memory Corruption, Elevation of Privilege (EoP),...
Blog

Cybercrime: There Is No End in Sight

Whoever said “crime doesn’t pay” hasn’t been following the growth of cybercrime across the globe. A thriving underground economy has evolved over the past decade to become a massive industry. Estimates in the Web of Profit research paper show cybercriminal revenues worldwide of at least $1.5 trillion – equal to the GDP of Russia. If cybercrime was a...
Blog

The Challenges of Managing Third-Party Vendor Security Risk

It’s no longer enough to secure your own company’s infrastructure; you now must also evaluate the risk of third-party vendors and plan and monitor for breaches there, too. Data breaches are reported in the news all the time, and more than 60 percent of them are linked to a third-party. When you’re a business owner, that is a scary statistic. Third...
Blog

Worm Using Removable Drives to Distribute BLADABINDI Backdoor

A newly detected worm is propagating through removable drives to distribute a fileless variant of the BLADABINDI backdoor. In mid-November, researchers at Trend Micro first observed the worm, which the security firm detects as "Worm.Win32.BLADABINDI.AA." They're still investigating the threat's exact method for infecting a system. But after...
Blog

Catching Configuration Changes that Can Lead to Data Exposure

Amazon’s new security issue, which came to light just days before one of its biggest sale events of the year, is making recent headlines. And whilst it probably won’t stop the online retail giant from achieving a profitable Black Friday and Cyber Monday this year, it certainly will make many users stop and think. Though it’s still early in the...
Blog

NIST Framework for Critical Infrastructure Cybersecurity

Four years after the initial iteration was released, the National Institute of Standards and Technology (NIST) released version 1.1 of the Framework for Improving Critical Infrastructure Cybersecurity. The framework was initially developed to be a voluntary, risk-based framework to improve cybersecurity for critical infrastructure in the United...
Blog

German Social Media Provider Fined €20K for Data Breach

A German social media provider received an order to pay a €20,000 fine for a data breach that occurred in the summer of 2018. Knuddels.de (Source: Spiegel Online) On 22 November, the regional data protection watchdog LfDI Baden-Württemberg announced that it had imposed the fine on a local "social...
Blog

Rooted in Security Basics: The Four Pillars of Cyber Hygiene

The term “cyber hygiene” pops up frequently in articles, blogs and discussions about cybersecurity. But what does it really mean? Some say it is an ill-defined set of practices for individuals to follow (or ignore). Others say it is a measure of an organization’s overall commitment to security. Still others – and I am among them – think of “cyber...