Blog

Blog

MailChimp Fixes Privacy Issue that Leaked Respondents' Email Addresses

MailChimp has plugged a privacy issue that leaked users' email addresses when they responded to websites' newsletter campaigns. Self-proclaimed mobile enthusiast Terence Eden discovered what he calls an "annoying privacy violation" while viewing the referral logs for his website. Those logs help document "Referer Headers" (misspelling intended),...
Blog

Less than 10% of Gmail users have enabled two-factor authentication

Internet users are doomed. I don't mean you or me; the fact that we're reading this article on Tripwire's The State of Security blog means we at least have a passing interest in protecting ourselves online. No, I mean those folks who, like us, use the internet but don't take the steps necessary to put in place the most rudimentary defenses to...
Blog

Integrity: The New "I" in PCI Compliance

The retail industry saw more than its fair share of data breaches in 2017, with security incidents impacting at American supermarket chain Whole Foods Market and clothing companies Brooks Brothers, The Buckle, and Forever 21, to name a few. At least some of those events likely resulted from retailers' poor data breach preparation. Consider the fact...
Blog

The State of IoT (In)Security

The state of Internet of Things (IoT) security today is clear: it’s terrible. IoT devices are everywhere – from Fitbits and Amazon Alexas to smart appliances and intelligent home security systems, they’ve already permeated our consumer lives. Outside of the consumer space, however, IoT is even more prevalent. IoT devices control electrical grid...
Blog

Do Your On-Premises Security Controls Extend into the Cloud?

There’s a Russian proverb “overyai, no proveryai.” (Trust, but verify.) You trust your IT department to keep your systems up and running and configured in a secure manner. But, do you verify those configurations? Often, in the rush to get things done quickly, some things slip through the cracks. And most often, security seems to be what ends up...
Blog

Mega Millions Winner "Giving Back" Twitter Campaign Looks Like a Scam

A Mega Millions lottery jackpot winner's "giving back" campaign on Twitter looks and sounds an awful lot like a scam. Numerous Twitter profiles have been popping up claiming to be operated by Shane Missler, a 20-year-old resident of Florida who won the $451 million Mega Millions lottery jackpot in January. Many of those new accounts use their...
Blog

Foundational Controls for Integrity Assurance - Part II

As I noted in my previous article, companies should use foundational controls to assure integrity of their software and critical data – doing so can help prevent many data breaches and security incidents from occurring in the first place. That's not all that integrity driven by foundational controls can accomplish. Here are two more benefits...
Blog

Crypto-Miner Named the "Most Wanted" Malware for December 2017

A JavaScript-based cryptocurrency miner earned the top spot in a list of the "most wanted" malware for December 2017. For its final Global Threat Index of 2017, Check Point observed Coinhive supplant Roughted, a large-scale malvertising campaign, as the most prevalent form of malware. This Monero-miner made waves back in October 2017 when it...
Blog

How Management Can Help Prevent Insider-Caused Data Breaches

In 2017, some of the world’s most devastating cyber attacks were seen. Insider threats continue to be the primary reason for such high profile data breaches year over year. With the rise of malware as a service, insiders are now more than capable of sabotaging a company's operations or stealing data to sell on the darknet. Without the right support...
Blog

Smart Contracts 101: How This Emerging Technology Works

You can’t turn around today without running into a story about blockchain technology and smart contracts. In fact, one creative beverage company saw their stock climb 289 percent when they added the term "Blockchain" to their company name even though they have nothing to do with blockchain technology. Blockchain technology is one form of a secure,...
Blog

Hospital Shut Down Its Computer Network Following Ransomware Attack

A hospital shut down its network after a ransomware attack restricted authorized personnel access to some of its computer systems. On 12 January, Hancock Regional Hospital confirmed in a statement that it had suffered a ransomware attack. As quoted by FOX59: Hancock Regional Hospital has been the victim of a criminal act by an unknown party that...
Blog

A CISO's Guide to Minimizing Healthcare Risk

There are many actionable items and methods a CISO can use to minimize risk in the healthcare industry. After all, there are all kinds of tools, project management resources, and resource management solutions that can help keep businesses in order and safe. However, there just a few areas in which action should be taken. As simple as it might sound,...
Blog

4 Security Controls Keeping Up with the Evolution of IT Environments

In corporate IT environments everywhere, we are seeing widespread adoption of three basic themes: use of public cloud, adoption of DevOps, and containerization in application development. When it comes to the cloud, most organizations' futures look like they will consist of hybrid setups: environments combining physical servers, virtualization, and...
Blog

AdultSwine Malware Displays Porn Ads within Child-Themed Android Apps

AdultSwine malware displays pornographic ads within affected child-themed game apps that were once available for download on Google's Play Store. Researchers at Check Point detected AdultSwine hidden within 60 game apps, including some with children as their target audience. All of those affected apps were available for download on Google's Play...
Blog

WhatsApp flaw could allow anyone to sneak into your private group chat

WhatsApp likes to brag about its end-to-end encryption, but researchers from Germany's Ruhr University Bochum have discovered a flaw that could allow unwanted eyes to spy upon your private group chats. In a technical research paper that explores the end-to-end security of three different secure messaging apps capable of allowing "private" group...
Blog

Real Life Examples of Phishing at its "Phinest"

There are several technical methods of stealing passwords via malware or software vulnerabilities, and one of the most difficult to defend against occurs when users disclose their credentials unknowingly. Yes, I am referring to phishing. Specifically, phishing that tricks users into accessing a fake website and entering their credentials. We often...
Blog

Survey: Most Security Pros Aim to Patch Vulnerabilities within 30 Days

High-profile cybersecurity incidents continue to result from the simple mistake of leaving a known vulnerability unpatched. To understand how organizations are keeping up with vulnerabilities, Tripwire partnered with Dimensional Research to survey 406 IT security professionals about their patching processes. Findings revealed that the majority (78...