Blog

Blog

VPNFilter botnet has hacked 500,000 routers. Reboot and patch now!

At least half a million routers and storage devices in dozens of countries around the world have been infected by a sophisticated botnet, in preparation for an alleged planned cyber attack on Ukraine. The botnet, which has been given the rather unglamorous name of VPNFilter, is believed to be likely to be controlled by a state-sponsored hacking...
Blog

Why You Need to Master the Basics – A Three Step Campaign

When I was growing up, my father enrolled me in martial arts at an early age. I liked everything about it. I liked the friends I made, I liked the sense of achievement getting the next belt, I liked breaking boards, but more than anything, I liked to fight. Furthermore, I liked to win. The first school I enrolled in, it wasn’t long until I was promoted to yellow belt. It was your typical “pay to...
Blog

Mozilla Rolls Out Two-Step Verification for Firefox Accounts

Mozilla announced the rollout of two-step verification (2SV) as an optional security feature for all Firefox user accounts. The engineers at Mozilla Foundation designed the feature without support for SMS-based codes. They likely did so for the same reasons as Twitter when it moved away from this form of verification in December 2017. Criminals...
Blog

Preventing 'Unexpected Change Syndrome' with Change Management

According to the Mayo Clinic, plaque in your arteries and inflammation are usually to blame for coronary artery disease. Left unchecked, plaque buildup narrows arteries, decreasing blood flow to your heart and eventually causing chest pain (angina) and other symptoms. Because this develops over decades, you might not notice a problem until you have a...
Blog

Women in Information Security: Veronica Schmitt

Last time, I got to speak with Leila Powell. She went from astrophysics to an exciting career as a security data scientist. This time, I have the pleasure of speaking with Veronica Schmitt of DFIRLABS, otherwise known as @M4lw4r3z_G1rl. She enjoys reverse engineering code, and she considers herself to be a cyborg! Kim Crawley: Please tell me about...
Blog

PCI DSS Version 3.2.1 Published by PCI Security Standards Council

The Payment Card Industry Security Standards Council (PCI SSC) published a minor revision to version 3.2 of its Data Security Standard (PCI DSS). On 17 May, PCI SSC published PCI DSS version 3.2.1. The purpose of the update was to clarify organizations' use of the Standard and when they would need to upgrade their use of common cryptographic...
Blog

3 Key Challenges To Being PCI 3.2 Compliant and How To Resolve Them

The latest revision to PCI DSS, PCI 3.2, provides specific security guidance on the handling, processing, transmitting and storing of credit card data. PCI 3.2 presents an opportunity for retail, healthcare, finance and hospitality organizations to minimize the theft, exposure and leakage of their customer’s personal and financial credit information...
Blog

5 Common DevOps Transition Mistakes to Avoid

When transitioning to a DevOps model, organizations must remember that people are essential to a successful switchover. It's people who must learn new workflows, collaboration techniques, and tools during the move. This process will cause at least some disruption over a period as long as two years. Needless to say, they will need patience and ample...
Blog

Jumpstarting Your Cyberdefense Machine with CIS Controls V7

Amidst the volatility, uncertainty and noise of the cybersecurity field, few best practice frameworks have emerged as consistently reliable and useful as the Center for Internet Security (CIS) Security Controls. Recently updated as version 7.0, the CIS Controls represent the most important security controls that an organization must implement to...
Blog

Federal Jury Convicts Operator of "Scan4You" Counter Antivirus Service

A federal jury convicted one of the digital criminals responsible for operating the notorious "Scan4You" counter antivirus (CAV) service. On 16 May, the Department of Justice released a press release announcing a Virginia federal jury's conviction of Ruslans Bondars, 37, on one count of conspiracy to commit wire fraud, one count of conspiracy to...
Blog

Ransomware-as-a-Service (RaaS): How It Works

Ransomware isn’t a new threat to the cyber world. Its origins go back many years now. Over time, this threat has become only more vicious and harmful. While people were trying to deal with this cyber threat, cybercriminals moved one step further by offering ransomware-as-a-service (RaaS). Under this service, cybercriminals provide a compact...
Blog

Tripwire Patch Priority Index for April 2018

BULLETIN CVE Scripting Engine CVE-2018-1019, CVE-2018-0980, CVE-2018-0995, CVE-2018-0994, CVE-2018-0993, CVE-2018-0990, CVE-2018-0979, CVE-2018-1000, CVE-2018-0989, CVE-2018-0987, CVE-2018-0981, CVE-2018-1001, CVE-2018-0988, CVE-2018-0996 Browser CVE-2018-0870, CVE-2018-1018, CVE-2018-1020, CVE-2018-0997, CVE...
Blog

Signal Patches Code Injection Bug that Enabled Remote Code Execution

Signal patched a code injection vulnerability that by some means of exploitation enabled attackers to achieve remote code execution. The security team for the encrypted communications app, a program which has been available for both Android and iOS since November 2015, published a fix for the bug just hours after first being contacted by a group of...