Blog

Blog

VERT Threat Alert: March 2018 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s March 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-769 on Wednesday, March 14th. In-The-Wild & Disclosed CVEs CVE-2018-0808 This publicly disclosed CVE could lead to a successful denial of service against ASP.NET Core web applications due to...
Blog

What’s at Stake with NIST 800-171 and How to Ensure You’re Compliant

Over the past three years, The National Institute of Standards and Technology defined 800-171 security requirements. These requirements were designed to protect Controlled Unclassified Information in Nonfederal information systems, as well as organizations. When the DFAR (Defense Federal Acquisition Regulations) came out, most believed this mandate would finally create protection between...
Blog

The Current State of Connected Cars: Can we be Secure?

As certain as the changing of the seasons, the drive toward autonomous cars is gaining pace. Changes in the car industry clearly demonstrate that the way we use our vehicles is evolving. In an increasingly connected world, our cars are becoming an important part of our lifestyle. But a question mark keeps hanging over the process. Are we, and the...
Blog

Insider Enterprise Threats: Human Behavior

This article is part 3 of 3 in the “Insider Enterprise Threats” series, outlining effective policies and practices for combating insider cyber security threats (human behavior) to the modern enterprise. Over the course of this series, we’ve broadly examined the dangerous but highly-overlooked cybersecurity threat of malicious insiders. As...
Blog

How Foundational Prevention Fills in the Gaps of Threat Detection

Digital threat detection isn't as easy as it was more than a decade ago. The threat landscape no longer evolves slowly in pace with signature-based malware. It moves quickly and thereby complements the rate at which new software flaws are discovered and computer criminals exploit those weaknesses to compromise vulnerable systems. At the same time,...
Blog

Yahoo Agrees to $80 Million Settlement Over Data Breaches

Yahoo has agreed to pay $80 million to settle a federal securities class action lawsuit following the massive data breaches that compromised the personal information of three billion users. The suit was filed by several shareholders in January 2017, alleging the web services provider intentionally misled them about its cybersecurity practices, in...
Blog

Security Concerns and Risks Related To Bitcoin

Bitcoin is so far the most successful cryptocurrency. Nevertheless, just like other cryptocurrencies, Bitcoin has seen prices drop dramatically for the past few months. Price volatility remains one of the most significant challenges facing all cryptocurrencies, as they try to navigate a tricky ecosystem towards being recognized as a world currency....
Blog

Android P promises new security and privacy features

Android P, the next generation of Google's operating system, may not be due for release until sometime later this year - but that doesn't mean we don't already know some of the features it has in store for us. That's because the Android P is now available as a developer preview. That means this first preview of Android P is intended for developers...
Blog

Security Considerations for Cloud Migration

Cloud computing has revolutionized the way businesses operate, and it is growing exponentially. The main advantages provided by this technology include cost optimization where there is no need for a capital expenditure upfront anymore and costs being further reduced by using economies of scale where a large number of organizations are sharing...
Blog

Video Game Developer Gave Customers $5 Voucher after Data Breach

A video game developer gave customers a $5.00 discount off their next purchase after discovering a data breach that affected two of its online stores. Nippon Ichi Software, a Japanese developer and publisher of video games, claims in an email sent out to customers that it identified the breach on 26 February. The incident involved the addition of a ...
Blog

Point-of-Sale Breach Confirmed at Some Applebee's Locations

It's confirmed that some locations of the Applebee's restaurant chain suffered a point-of-sale (POS) breach involving customers' payment card data. On 2 March, RMH Franchise Holdings (RMH) issued a notice of data incident on its website. The statement explains how RMH, a franchisee of Applebee's...
Blog

Insider Enterprise Threats: Focusing on the Technology

This article is part 2 of 3 in the “Insider Enterprise Threats” series, outlining effective policies and practices for combating insider cyber security threats to the modern enterprise. In the first part of this series, we examined the seriously-overlooked threat posed by malicious insiders – employees, contractors, and more – and discussed user...
Blog

New Study Shows 20% of Public AWS S3 Buckets are Writable

Data exposure reports have reached a dizzying pace in the past few months, and the security community has been focused on the risk from multiple angles. Now, a new study from HTTPCS gives us new insight into rates of vulnerable S3 configurations. HTTPCS scanned s3.amazonaws.com addresses looking for storage “buckets” and logged data on those that...