Blog

Blog

Survey: Most Security Pros Aim to Patch Vulnerabilities within 30 Days

High-profile cybersecurity incidents continue to result from the simple mistake of leaving a known vulnerability unpatched. To understand how organizations are keeping up with vulnerabilities, Tripwire partnered with Dimensional Research to survey 406 IT security professionals about their patching processes. Findings revealed that the majority (78...
Blog

How to Budget for Digital Security in 2018

Based on the past year, one thing that is certain to be on every company’s mind is security. Among the various concerns associated with security, perhaps the most important is how much it costs to effectively secure your company data in the age of large-scale cyberattacks and breaches. According to Accenture’s 2017 “Cost of Cybercrime” report, the...
Blog

The Top 17 Information Security Conferences of 2018

You can now read the 2019 edition here! With 2017 now in the rear-view mirror, the security industry is turning its attention to 2018. The new year will no doubt present its fair share of challenging digital security threats. So too will it present numerous opportunities for infosec professionals to discuss shared difficulties at conferences and...
Blog

VERT Threat Alert: January 2018 Patch Tuesday Analysis

Today’s VERT Alert addresses the remainder of the Microsoft January 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-760 on Wednesday, January 10th. In-The-Wild & Disclosed CVEs CVE-2018-0802 A malicious file could cause code execution due to Microsoft Office Equation Editor’s failure...
Blog

AWS GuardDuty and the Cloud Management Assessor

Recently at its re:Invent 2017 conference, Amazon announced an interesting new security offering called GuardDuty. GuardDuty uses threat intelligence, machine learning and anomaly detection to deliver agentless security findings across a variety of AWS services. This blog will discuss a bit about GuardDuty and show one example of how to gather custom...
Blog

December 2017: The Month in Ransomware

Ransomware activity was on a fairly high level till mid-December but slowed down by the end of the month, perhaps due to threat actors’ holiday spree. Some of the newsmaking events included the onset of the first-ever blackmail virus targeting network-attached storage devices, the breach of California's voter database, and arrests of CTB-Locker and...
Blog

hiQ v. LinkedIn – Who Controls Your Publicly Available Data?

The internet is vast and full of data that is publicly available to anyone with the time, or technology, to mine for insights. You can find everything from years of NYC taxi cab data and Uber information to more obscure datasets about every Jeopardy question in history or every single Iowan liquor store receipt since 2014. The volume of data availability is staggering, and it's poised to only grow...
Blog

VERT Threat Alert: CPU Vulnerabilities - Meltdown and Spectre

Vulnerability Description Meltdown and Spectre are hardware design vulnerabilities in CPUs utilizing speculative execution. While the defect exists in the hardware, mitigations in operating systems are possible and are currently available. CPU hardware implementations are vulnerable to side-channel attacks referred to as Meltdown and Spectre. The...
Blog

VERT Threat Alert: January 2018 Security Updates

Today’s VERT Alert addresses the Microsoft January 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-759 on Friday, January 5th. We are not yet certain if this release contains all January updates or if Tuesday will see a second set of updates released. In-The-Wild & Disclosed CVEs ...
Blog

Spectre and Meltdown: What you need to know

If this first week is any indication, 2018 could mark a significant paradigm shift in trusted computing and open source hardware. Chip makers have been very effective in making enhancements to greatly improve application performance, but the revelation of Spectre and Meltdown makes it clear that more attention needs to be paid to hardware level...
Blog

HIPAA – A Guide to Compliancy

HIPAA compliance makes sense if you understand all the rules, but unfortunately, only a few have the time, resources and training invested. Most healthcare professionals understand the importance of PHI, and their intentions would never be to purposely place this information at risk. The challenge is that these professionals earn their living by providing the services that they spent eight years...
Blog

Word Crimes Part 3 – Developing Cybersecurity Vision, Mission & Strategy Statements

As we introduced in part 1 and part 2 of this “word crimes” series, cybersecurity terminology is important, especially when representing our profession. In this final installment, we have broadened the scope as it relates to business terminology. It is vitally important for cybersecurity professionals, including current and future leaders, to understand the nuances between common business...
Blog

School District to Spend $314K on Rebuilding Servers after Malware Attack

A school district in North Carolina intends to spend $314,000 on rebuilding more than a dozen servers affected by a malware attack. On 27 December 2017, the board for Rockingham County School District held an emergency meeting and voted 7-1 to approve a 12-month, $314,000 service contract with Georgia-based technology solutions provider ProLogic ITS...
Blog

It’s 2018, Secure Your Budgets with Secure Configurations!

Happy 2018, everyone! With the start of a new year, everyone makes resolutions that they may or may not be able to keep. One of the most common New Year’s resolutions (and arguably the most difficult to keep) is to exercise, get healthy, and/or lose weight. This is a common thread in businesses, as well, as we see many organizations make the resolution to trim the fat, cut budgets, and do more...
Blog

Foundational Controls for Integrity Assurance - Part I

Among organizations today, there's not enough focus on where digital security matters, that is, setting up the challenge/risk. Let’s come right out and say it: if you haven’t been hacked yet, you soon will be. This is not a surprise to you. You know this. We know this. Other companies know this. And yet, we saw WannaCry spread to hundreds of...