Blog

Blog

Tripwire Patch Priority Index for February 2018

Tripwire's February 2018 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft, Adobe and Oracle. BULLETIN CVE Adobe Flash APSB18-03 CVE-2018-4878, CVE-2018-4877 Microsoft Browser CVE-2018-0763, CVE-2018-0839, CVE-2018-0771 Microsoft Scripting Engine CVE-2018-0840, CVE...
Blog

Data Integrity: The Next Big Challenge

Many of us in the cybersecurity world have followed this general mantra: protect the data, protect the data, protect the data. It’s a good mantra to follow, and ultimately that is what we are all trying to do. But there are different ways to protect data. The obvious method is to make sure it doesn’t get ripped off, but as we have noted in previous...
Blog

Why Cyber Security is the New Health and Safety

Many people view the Health and Safety at Work Act 1974 as unnecessary and burdensome, but its introduction has had a dramatic impact on reducing accidents in the workplace, particularly within industrial settings. Today, it controls the safety of equipment used on process plants, the time professional drivers may spend behind the wheel, and even...
Blog

RedDrop Malware Records Audio and Exfiltrates It to Cloud Storage Services

A new family of mobile malware called RedDrop exfiltrates victims' sensitive data including ambient audio recordings and sends it to cloud storage services. Wandera, a mobile security firm which spotted weaknesses in the CBS Sports app and mobile site back in 2016, uncovered the malware when a user clicked on an ad for the Chinese search engine...
Blog

Business Email Compromise: The Secret Billion Dollar Threat

BEC, or Business Email Compromise, is a contemporary twist on a staple scam. Often in the shadow of the more extravagant, media-friendly super-hacks or ransomware compromises, BEC is leading the line on both the number of attack victims and the direct losses encountered by businesses. Although not as en vogue as other ‘nouveau’ cybersecurity threats...
Blog

A Guide to PCI DSS Merchant Levels and Penetration Testing

To distinguish the size of merchant companies and appropriately determine the level of testing required, the founding credit card companies created four different brackets ranging from Tier 1 to 4. Each tier is based on the number of transactions processed per year by the merchant and also dictates the testing a merchant must undertake. While...
Blog

Hybrid Cloud Security: 5 Key Considerations

Everyone in Silicon Valley and the tech industry, in general, is talking about “The Cloud.” “The Cloud” is something that’s not only trendy but also very useful for business. Why deal with the burden of running your own datacenters when companies like Amazon, Google and Microsoft offer third-party cloud services that will be less expensive for your...
Blog

RaaS Keeps Victims Guessing by Not Using Special File Extension

A relatively new ransomware-as-a-service (RaaS) platform keeps victims guessing by not using a special file extension with the files it encrypts. On 22 February, security researchers began seeing reports from users claiming that Data Keeper ransomware had affected their computers. Victims found out about the infections by coming across the "!!! ####...
Blog

Fileless Malware: What It Is and How to Stop It

What would you say if I told you that now a hacker doesn’t even have to trick you into installing malicious files on your computer in order to steal sensitive data? Let’s take a look at how this form of (non-) malware works and, more importantly, how to protect yourself against it. How does this fileless malware attack occur? The big picture...
Blog

Insider Enterprise Threats: User Activity Monitoring

This article is part 1 of 3 in the “Insider Enterprise Threats” series, outlining effective policies and practices for combating insider cyber security threats to the modern enterprise. Insider cyber security threats are much more prevalent than most of us realize. IBM estimates that 60 percent of all cyberattacks are perpetrated by those with...
Blog

New Report Offers Better Cybersecurity Definitions

The Council of Economic Advisers recently released a report that examines the cost of malicious cyber activity to the U.S. economy. The report cites many of the usual findings from the Verizon DBIR and Ponemon reports—nothing new to those of us who live and breathe cybersecurity. However, the report caught my eye because it offers some very...
Blog

What Is RFID Skimming?

Security breaches are increasingly affecting organizations across various domains as they heavily rely on technologies to reduce the operational costs and improve the work efficiency. The United States is the world leader in data breach incidents. According to a report shared by the Identity Theft Resource Center in 2017, the security breach...
Blog

LA Times homicide website throttles cryptojacking attack

Whoever hacked the LA Times' interactive county murder map probably hoped to make a killing mining cryptocurrency - but swift action from a security researcher has put paid to their plans. Security researcher Troy Mursch, whose blog has focused on cryptomining threats in recent months, raised the alarm on Twitter, after discovering that an Amazon...
Blog

Smart Contracts May Be Smart, But Are They Contracts?

With distributed ledger technology (such as blockchain), there is growing interest in automating routine commercial transactions. But how will these smart contracts be interpreted under existing commercial contract laws? Although there is no federal contracts law for private commercial transactions in the United States, there is a widely adopted...
Blog

How to Secure Your Outlook Emails and Microsoft Accounts

Living in today’s society, it is almost impossible to meet someone without an email account. For almost everything you do online, you need to have an email ID whether for work, education, or socially. Many of us hold multiple accounts, each for a different purpose; however, you need to protect yourself. If you are using Outlook as your email...
Blog

The Role of the CISO in Preventing Data Breaches

In these times of unabated data breaches, the typical Chief Information Security Officer (CISO) must feel like a moving target in a shooting gallery. It’s not a matter of whether an attack and possible breach will occur, it’s a matter of when. Being a CISO is a fascinating and important job. Often, though, it’s a thankless one. Unfortunately for...
Blog

US DOE Introduces New Cybersecurity Office to Protect Energy Sector

The U.S. Department of Energy (DOE) has announced the establishment of a new cybersecurity office to help protect and prepare the energy sector, including the oil and gas industry. Named the Office of Cybersecurity, Energy Security, and Emergency Response, or CESER, the new office received nearly $96 million in funding for the 2019 fiscal year....