As part of this two-part series, let’s now look to another exhibit demonstrating of how people act as the first, last and best data and privacy defense. Exhibit B: Potentially Unwanted Leaks If you have some technical literacy, you may have heard of potentially unwanted programs (“PUPs”). It’s all that glop and gloop – malware, viruses, trojans,...

Someone compromised a Google Chrome extension with malicious code designed to snoop on users' account credentials and cryptocurrency private keys. On 4 September, a security researcher who goes by the name "SerHack" tweeted out a warning about version 3.39.4 of the Chrome extension for MEGA.nz, a cloud storage and file sharing service. https:/...

Have you ever wondered how much your patient health record could garner on the black market? Whereas a cybercriminal only needs to shell out a mere dollar for your social security number, your electronic health record (EHR) is likely to sell for something closer to the tune of $50. This is according to research firm Cybersecurity Ventures, who also...

Good security engineers are hard to come by. What is a company to do? Not all companies can afford outrageous salaries to acquire one, much less a full team of security professionals. Even if those few companies can afford it today, how do they retain them? The answer to this is not simple and is realistically beyond the scope of one simple article...

In this third installment of #TripwireBookClub, we look at “Gray Hat Python,” written by Justin Seitz and published by No Starch Press. I had the opportunity to briefly meet Justin at CanSecWest the year this book was published, which only increased my interest in the book and ensured my preorder. I read it back then (2009), and now, nine years...

Container security is not a unitary action but a multifaceted process. It involves securing the build environment using secure code control and other strategies. The procedure also necessitates securing containers’ contents via code analysis and unit tests. At some point, organizations need to develop a plan to secure their containers in production...

Local authorities are currently investigating a data breach at a Chinese hotel group that could have exposed customers' personal information. Huazhu Hotels Group headquarters (Source: Wikipedia) According to the Xinhua state news agency, Shanghai police launched an investigation into a data security...

In the healthcare industry, data sets are growing rapidly, both in volume and complexity, as the sources and types of data keep on multiplying. As of now, 30 percent of the world's information is assessed to be medical services data, and in the U.S., many hospitals collect over 100 data points per patient per day. This healthcare data keeps on being...

Instagram announced its plan to support third-party authenticator apps as part of an improved two-factor authentication (2FA) feature. On 28 August, Instagram co-founder and CTO Mike Krieger unveiled the photo- and video-sharing social networking service's upcoming support for third-party authenticator apps. Users will be able to select ...

It is a well-known fact that legacy equipment shall continue to play a crucial role in the continuity and stability of critical infrastructure, especially in industrial control systems. A recent Center for Digital Government survey found that 70% of respondent agencies depend on legacy infrastructure for their operations. Another recent report from...

ABBYY, the developer of optical character recognition and text-scanning software, left a server containing 142GB of a customer's scanned documents exposed for anyone on the internet to access, no password required. The AWS-hosted MongoDB server, accidentally left configured for public access, contained some 203,896 properly OCR'd contracts, non...

Back in the good old days, we used to have to order physical servers to run our applications. When servers became too expensive, we found efficiency in virtualization. Why have one box running one server when I could have 10 or more on a single box? Who would have thought I could simply push a button and have a server ready in minutes as opposed to...

Eight companies including Tripwire have been selected by the National Cybersecurity Center of Excellence (NCCoE) to collaborate on the Energy Sector Asset Management Project. The NCCoE is a part of the National Institute of Standards and Technology. These companies are working together to build a reference design and an example solution that can be...

If you are like most infosec professionals, each day brings new and interesting challenges. However, like most jobs, there are valleys that we fall into along the course of our professional development. How long can you stare at your SIEM tool before you start to experience some mild tunnel vision, or worse, severe burnout? Neither of these are...

The Fortnite team announced it will reward users who enable two-factor authentication (2FA) on their accounts with a free emote. On 23 August, the makers of the popular online video game revealed an incentive to help users boost their account security: in exchange for enabling 2FA on their accounts, gamers would receive the Boogiedown emote for free...

Thanks to the advent of technology, the number of mobile phone users are increasing day by day. You'll be shocked to hear that by 2019, this number will cross the 5 billion mark! While mobile phones may have made our life easier, they have also opened up domains for many cybercriminals who are adapting and using new methods to profit from this...

It's not great when any organisation loses a laptop, but if the contents of the computer's hard drive have been fully encrypted and a strong password has been used it's hardly the end of the world. After all, the chances of a criminal being able to access any sensitive information on the mislaid or stolen device is remote - and the cost should be...

The Healthcare industry by its very nature is populated with some amazing people who are devoted to those in need of physical and mental care. Given this noble cause, it was perfectly understandable for them to ask “Why would someone attack us?” when WannaCry hit their sector. In my opinion, the WannaCry compromise was the crescendo of almost a...

A computer criminal claims to have stolen the personal data and account information of 20,000 British pharmacy chain customers. On 21 August, certain customers of UK health and beauty retailer Superdrug received an email warning them about the "possible disclosure of [their] personal data." It wasn't long before that notice began making the rounds...

Earlier this year, the City of Atlanta suffered a ransomware attack on the city’s computer systems. The attack affected more than one-third of Atlanta's 424 essential programs, close to 30 percent of which were “mission critical” functions. While most of the visible damage has been remedied, the effects of the attack will be felt for a long time....