Blog

Blog

Researchers Can Earn up to $15K in Netflix's New Public Bug Bounty Program

Netflix has launched a public bug bounty program through which security researchers can receive rewards of up to $15,000. Announced on 21 March, the streaming service's new vulnerability responsible disclosure framework will award researchers upwards of thousands of dollars for reporting weaknesses discovered in Netflix's primary targets. In-scope...
Blog

Tripwire Patch Priority Index for March 2018

BULLETIN CVE Browser CVE-2018-0942, CVE-2018-0929, CVE-2018-0927, CVE-2018-0932, CVE-2018-0879 Scripting Engine CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0934, CVE-2018-0933, CVE-2018-0936, CVE-2018-0937, CVE-2018-0930, CVE-2018-0931, CVE-2018-0939, CVE-2018-0891, CVE-2018-0876, CVE-2018-0889, CVE...
Blog

The Ransomware Threat to ICS Security

Industrial control systems (referred to as ICS) have faced an ever-growing volume of threats over the past few years. From 2015 to 2016, IBM Managed Security Services reported a 110 percent increase in ICS cybersecurity attacks. The US accounted for most of these incidents, given it has the most Internet-connected ICS networks on the planet, but the...
Blog

Preventing Azure Storage Breaches

In my previous post, I took deep dive into AWS S3 permissions to outline the myriad of ways someone could expose their AWS S3 buckets and objects to everyone on the Internet. As I discussed there, the complexity of the S3 permission system is very powerful and provides users with a lot of flexibility; however, it also makes it very easy to...
Blog

Securing Your SME in an Online World

On average, UK businesses lose around £30 billion every year as a result of cyber crime. Unfortunately, the risks are only getting greater and more prominent. Now is the time for you to act. Here are four vital tips for securing your SME in an online world. Identify All Threats “Cyber Risk Reviews must consider your IT in your facilities such as...
Blog

How to Test for a DNS Leak with Legitimate Results

DNS or the Domain Name System is the connection between a device and the internet. It essentially works as the directory for the internet. The web address entered by a user is sent to the DNS server, which converts it into the IP address format. For instance, you enter a URL (www.example.com); your browser will then send the request to DNS server...
Blog

The FBI's 10 Most-Wanted Black-Hat Hackers – #10

Hackers all have different intentions. Some work to making computer networks more secure, while others develop malware and exploit software vulnerabilities. Of the latter group, there is a special subclass of criminals: those who make the FBI’s Cyber’s Most Wanted list. These individuals give a whole new meaning to black-hat hacking. The nature of...
Blog

5 PKI Trends to Expect in the Next Year

Public Key Infrastructure (PKI) is the glue that holds the internet together. As the internet has developed into a multi-faceted ecosystem with every single ‘thing’ now considered an internet-connected endpoint, PKI has also had to develop quickly in order to meet the demands of the market. Back in the early 2000s, there weren’t many regulations out...
Blog

SIEM Implementation Strategies

A SIEM or Security Information and Event Management is only as good as its logs. People can think of logs as the fuel for the engine. Without logs (log management), the SIEM will never be useful. Selecting the right types of logs to ingest in your SIEM is a complex undertaking. On one hand, it is easy to say “Log it all!” but you will inevitably...
Blog

VERT Threat Alert: March 2018 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s March 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-769 on Wednesday, March 14th. In-The-Wild & Disclosed CVEs CVE-2018-0808 This publicly disclosed CVE could lead to a successful denial of service against ASP.NET Core web applications due to...