Blog

Blog

MITRE ATT&CK April 2019 Update

MITRE has released an April 2019 update to its ATT&CK framework. It’s been a year since the last major update featuring a new tactic. There are a number of changes for this year: the most major being the addition of a 12th Tactic, Impact, which contains 14 new Techniques. There are also seven new Techniques under existing Tactics, as well as a...
Blog

A Changing Threat Landscape: Inside Verizon’s 2019 DBIR

Verizon Enterprise has once again released its annual Data Breach Investigations Report (DBIR). The publication doesn’t disappoint in providing crucial insight into today’s digital threats. On the one hand, Verizon’s 2019 report captures how many forces in the threat landscape have remained the same since its previous report. The study observed how...
Blog

Highlights from the Verizon DBIR 2019

Every year, the Verizon Data Breach Investigations Report comes out, and there’s a mad scramble to inspect and interpret the data. The report is data-rich, as always, and already contains a bunch of analysis, so there are really only a few options for adding value to the conversation. Industry commentators can choose to disagree with the analysis,...
Blog

With Great Freedom Comes Great Cloud Responsibility

Modern digital and cloud technology underpins the shift that enables businesses to implement new processes, scale quickly and serve customers in a whole new way. Historically, organisations would invest in their own IT infrastructure to support their business objectives, and the IT department's role would be focused on keeping the "lights on." To...
Blog

Online Tutoring Program Reveals Customer Data Breach

An online tutoring program has revealed that it suffered a data breach in which an unauthorized individual might have compromised customers' information. The Hacker News received a copy of a notice sent out by Wyzant to its customers informing them about the data breach. According to this letter, the...
Blog

What Is DevOps Maturity, and How Does It Relate to DevOps Security?

By now, many organizations have turned to DevOps as part of their ongoing digital transformations. This process has not been the same for any two companies. Indeed, organizations have embraced DevOps at their own place, and they’ve invested varying levels of time and budget into their nascent deployments. Such variety has helped shape organizations’...
Blog

Women and Nonbinary People in Information Security: Tricia Howard

Last time, I got to speak with social engineering expert Jenny Radcliffe. This time, I got to speak with cybersecurity-minded client manager Tricia Howard. I got to learn even more about social engineering from her plus quite a bit about the importance of user education. Kim Crawley: Please tell me a bit about yourself and what you do. Tricia...
Blog

Fraudsters Targeting Consumers with One-Ring Phone Scams

Fraudsters are targeting consumers with one-ring phone scams that exploit people's curiosity so as to trick them into paying exorbitant fees. According to the U.S. Federal Communications Commission (FCC), this scam oftentimes begins when a fraudster contacts an unsuspecting consumer using a one-ring...
Blog

Cyber Security + Compliance Controls: What Does It All Mean, Rick?

I'm sure you have all seen the Rickie Fowler commercial where the interviewer rants about all of the confusing financial terms involved with getting a mortgage. If not, you can find it below: https://www.youtube.com/watch?v=Q1YqNTWOldY Confusion in Cyber Security Throughout my career, I have worked with hundreds of organizations. Regardless of the...
Blog

Unprotected Database Exposed 13.7M Users' Employment Information

An unprotected database made it possible for anyone on the web to view the personal and employment information of 13.7 million users. Security researcher and GDI Foundation member Sanyam Jain discovered the database and determined that it belonged to Ladders, a New York-based job recruitment site which specializes in high-end jobs. Jain then shared...
Blog

The Infamous Password

Passwords may not be the favourite piece of your workday, however, I have a theory – if I could share with you the value of a password and the reality of how simple they can be to create; then passwords may not be the monster you avoid. When you get the "your password expires in 5 days" notice, instead of feeling anxious or aggravated, let’s...
Blog

Mitigating Risks in Cloud Migration

Companies are moving to incorporate the cloud into their computing infrastructure at a phenomenal rate. This is, without question, a very positive move. It permits companies to scale processing resources up and down in response to changing demands, giving companies the operational equivalent of unlimited resources while paying only for the resources...
Blog

Tripwire Patch Priority Index for April 2019

Tripwire's April 2019 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Adobe, and Oracle. First on the patch priority list this month are patches for Microsoft's Browser and Scripting Engine. These patches resolve 13 vulnerabilities, including fixes for Memory Corruption, Browser Tampering, and Information...
Blog

Women and Nonbinary People in Information Security: Jenny Radcliffe

Last week, I spoke with bug bounty triager and Ubuntu fan Sophia Sanles-Luksetich. This week, I had the honor of speaking with social engineering specialist Jenny Radcliffe. Contrary to what a lot of Nigerian Princes would tell you, in my opinion social engineering is one of the most misunderstood areas of cybersecurity. Kim Crawley: Please tell...
Blog

Fraudster Posed as Jason Statham to Prey Upon Star-Struck Users

A digital fraudster posed as English actor and film producer Jason Statham to prey upon and steal money from star-struck users. A woman who asked not to be named said the scam began when someone posing as Statham contacted her while she was on a Facebook page dedicated to the actor. She thought it was nice that the actor had seemingly embraced ...
Blog

What Can League of Legends Teach Us About Cybersecurity?

The League of Legends game and human psychology are two things we don’t often associate with cybersecurity – but as an avid gamer, I encountered and observed many parallels between the tactics used to win games like League of Legends and the mentality that guides human behavior in general. Thus, when I began teaching security awareness and being a...
Blog

How Does Tripwire Map to the NIST SI-07 Control?

Keeping sensitive data and assets safe is the goal of regulatory cybersecurity frameworks like NIST (National Institute of Standards and Technology). But for government agency security professionals, staying compliant can feel like a Sisyphean task due to the complexity of applying the controls themselves. It’s especially difficult to attempt to...