Blog

Blog

Kitty malware gets its claws into Drupal websites to mine Monero

Websites running vulnerable versions of the Drupal content management system are being targeted by the latest incarnation of the Kitty malware family. Security researchers at Incapsula report that Kitty is attempting to hijack servers using the highly critical Drupalgeddon 2.0 remote code execution exploit (CVE-2018-7600), which was made public at...
Blog

Phishers Leveraging GDPR-Themed Scam Emails to Steal Users' Information

Phishers are using scam emails that leverage the European Union's General Data Protection Regulation (GDPR) as a theme in an attempt to steal users' information, a security firm found. Researchers at managed threat detection solutions provider RedScan came across one such phishing message that appeared to originate from Airbnb. The scam email, which...
Blog

The FBI’s 10 Most-Wanted Black-Hat Hackers – #7 and #6

The FBI's 10 most-wanted black-hat hackers countdown continues this week with No. 7 and No. 6: the co-conspirators Bjorn Daniel Sundin and Shaileshkumar “Sam” P. Jain. On 26 May 2010, the U.S. District Court of Northern Illinois indicted Sundin, Jain and a third suspect for one count of conspiracy to commit computer fraud, one count of computer fraud...
Blog

Man Pleads Guilty to Sicking Army of Spambots on Twitch

A 20-year-old man has pleaded guilty to targeting more than a thousand members of streaming video platform Twitch with an army of spambots. On 1 May, Brandan Lukas Apple confessed to a charge of "mischief in relation to computer data" before a Port Coquitlam provincial court judge. The court responded by handing down a four-month conditional...
Blog

Integrity Management: What It Is and How It Can Protect Your Data

In a previous article, I noted that organizations are witnessing a surge in integrity-based attacks targeting their networks. Enterprises can defend themselves against these types of threats by turning to the National Institute of Standards and Technology (NIST) Cybersecurity Framework. They can then pair the risk-based approach with NIST SP 800-53...
Blog

Women in Information Security: Jen Fox

Last time, I got to speak with Leanne Williams. As a pen testing professional, she knows there’s a lot more to penetration testing than pointing a network vulnerability scanner at an IP address. This time I had the pleasure of chatting with Jen Fox. She’s all about cybersecurity in the very challenging compliance space. Kim Crawley: Tell me a bit...
Blog

Lending Website Cites GDPR Concerns as Reason Why It Shut Down

A lending website ceased all operations over concerns with the European Union's General Data Protection Regulation (GDPR). Chris Beach, the founder of Streetlend.com, decided to shut down the service after five years of operation due to uncertainty and risk created by the GDPR. He explained in a message posted to the site that the penalties...
Blog

Security Controls: The Key to Ensuring 'Security in the Cloud'

Organizations face a number of security challenges when migrating to the cloud from on-premise data centers. Their work isn't done once they've completed the move, either. At that stage, enterprises must decide on the best approach to fulfill their end of the Shared Responsibility Model and ensure "security in the cloud" with respect to protecting...
Blog

Canadian Government Unveils New Data Breach Regulations

The government of Canada has unveiled new regulations that specify how organizations must report and respond to a data breach. The Canadian Parliament in Ottawa, Canada. (Source: Wikipedia) On 18 April, the Governor General of Canada released the Breach of Security Safeguards Regulations (SOR/2018-64...
Blog

Why We Believe Georgia's S.B. 315 Bill Will Increase Cybersecurity Risk

In 2017, an independent security researcher discovered that a vulnerability had been exploited in the Kennesaw State University Election Center. The researcher responsibly reported the breach to authorities. In response, the Georgia Attorney General’s office requested that a bill be drafted to criminalize any unauthorized access to any computer or...
Blog

Women in Information Security: Leanne Williams

Last week, I had the pleasure of talking to Tripwire’s own marketing specialist, Cindy Valladares. Marketing fits a valuable and overlooked need in the cybersecurity field. Cindy’s creative talent for bringing out the best in people helps Tripwire shine in this industry. This time, I got to chat with pen testing whiz Leanne Williams. Enjoy! Kim...
Blog

Medical Device Security Standards

Medical devices can be vulnerable to security breaches in the same way as any other networked computing device. This may potentially affect its safety and effectiveness. The FDA (Food and Drug Administration) has issued final guidelines for manufacturers to consider cybersecurity risks as part of their medical device design and development. Its...
Blog

Overcoming DevOps Implementation Challenges

Most organizations have already adopted or are moving towards adopting a DevOps model into their work culture for improved productivity and workflow. In simple terms, DevOps is an application delivery methodology that encourages collaboration and communication between the developers and operations teams across all phases of the Software Development...
Blog

Blockchain and GDPR: Between a Block and a Hard Place

Blockchain and other emerging distributed ledger technologies offer the promise of increased security, transparency and resilience based on the use of distributed, immutable records. At the same time, the European Union General Data Protection Regulation (GDPR), which takes effect May 25, 2018, governs the use and protection of personal data...
Blog

FedRAMP and Federal Cloud Security

FedRAMP, or the Federal Risk and Authorization Management Program, is a standardized approach to security assessment, authorization, and monitoring for cloud applications. It was created by the U.S. General Services Administration in response to growing government usage of the cloud, which has obvious benefits at many levels of operation and...