Blog

Blog

Foundational Controls for Integrity Assurance - Part II

As I noted in my previous article, companies should use foundational controls to assure integrity of their software and critical data – doing so can help prevent many data breaches and security incidents from occurring in the first place. That's not all that integrity driven by foundational controls can accomplish. Here are two more benefits...
Blog

Crypto-Miner Named the "Most Wanted" Malware for December 2017

A JavaScript-based cryptocurrency miner earned the top spot in a list of the "most wanted" malware for December 2017. For its final Global Threat Index of 2017, Check Point observed Coinhive supplant Roughted, a large-scale malvertising campaign, as the most prevalent form of malware. This Monero-miner made waves back in October 2017 when it...
Blog

How Management Can Help Prevent Insider-Caused Data Breaches

In 2017, some of the world’s most devastating cyber attacks were seen. Insider threats continue to be the primary reason for such high profile data breaches year over year. With the rise of malware as a service, insiders are now more than capable of sabotaging a company's operations or stealing data to sell on the darknet. Without the right support...
Blog

Smart Contracts 101: How This Emerging Technology Works

You can’t turn around today without running into a story about blockchain technology and smart contracts. In fact, one creative beverage company saw their stock climb 289 percent when they added the term "Blockchain" to their company name even though they have nothing to do with blockchain technology. Blockchain technology is one form of a secure,...
Blog

Hospital Shut Down Its Computer Network Following Ransomware Attack

A hospital shut down its network after a ransomware attack restricted authorized personnel access to some of its computer systems. On 12 January, Hancock Regional Hospital confirmed in a statement that it had suffered a ransomware attack. As quoted by FOX59: Hancock Regional Hospital has been the victim of a criminal act by an unknown party that...
Blog

A CISO's Guide to Minimizing Healthcare Risk

There are many actionable items and methods a CISO can use to minimize risk in the healthcare industry. After all, there are all kinds of tools, project management resources, and resource management solutions that can help keep businesses in order and safe. However, there just a few areas in which action should be taken. As simple as it might sound,...
Blog

4 Security Controls Keeping Up with the Evolution of IT Environments

In corporate IT environments everywhere, we are seeing widespread adoption of three basic themes: use of public cloud, adoption of DevOps, and containerization in application development. When it comes to the cloud, most organizations' futures look like they will consist of hybrid setups: environments combining physical servers, virtualization, and...
Blog

AdultSwine Malware Displays Porn Ads within Child-Themed Android Apps

AdultSwine malware displays pornographic ads within affected child-themed game apps that were once available for download on Google's Play Store. Researchers at Check Point detected AdultSwine hidden within 60 game apps, including some with children as their target audience. All of those affected apps were available for download on Google's Play...
Blog

WhatsApp flaw could allow anyone to sneak into your private group chat

WhatsApp likes to brag about its end-to-end encryption, but researchers from Germany's Ruhr University Bochum have discovered a flaw that could allow unwanted eyes to spy upon your private group chats. In a technical research paper that explores the end-to-end security of three different secure messaging apps capable of allowing "private" group...
Blog

Real Life Examples of Phishing at its "Phinest"

There are several technical methods of stealing passwords via malware or software vulnerabilities, and one of the most difficult to defend against occurs when users disclose their credentials unknowingly. Yes, I am referring to phishing. Specifically, phishing that tricks users into accessing a fake website and entering their credentials. We often...
Blog

Survey: Most Security Pros Aim to Patch Vulnerabilities within 30 Days

High-profile cybersecurity incidents continue to result from the simple mistake of leaving a known vulnerability unpatched. To understand how organizations are keeping up with vulnerabilities, Tripwire partnered with Dimensional Research to survey 406 IT security professionals about their patching processes. Findings revealed that the majority (78...
Blog

How to Budget for Digital Security in 2018

Based on the past year, one thing that is certain to be on every company’s mind is security. Among the various concerns associated with security, perhaps the most important is how much it costs to effectively secure your company data in the age of large-scale cyberattacks and breaches. According to Accenture’s 2017 “Cost of Cybercrime” report, the...
Blog

The Top 17 Information Security Conferences of 2018

You can now read the 2019 edition here! With 2017 now in the rear-view mirror, the security industry is turning its attention to 2018. The new year will no doubt present its fair share of challenging digital security threats. So too will it present numerous opportunities for infosec professionals to discuss shared difficulties at conferences and...
Blog

VERT Threat Alert: January 2018 Patch Tuesday Analysis

Today’s VERT Alert addresses the remainder of the Microsoft January 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-760 on Wednesday, January 10th. In-The-Wild & Disclosed CVEs CVE-2018-0802 A malicious file could cause code execution due to Microsoft Office Equation Editor’s failure...
Blog

AWS GuardDuty and the Cloud Management Assessor

Recently at its re:Invent 2017 conference, Amazon announced an interesting new security offering called GuardDuty. GuardDuty uses threat intelligence, machine learning and anomaly detection to deliver agentless security findings across a variety of AWS services. This blog will discuss a bit about GuardDuty and show one example of how to gather...
Blog

December 2017: The Month in Ransomware

Ransomware activity was on a fairly high level till mid-December but slowed down by the end of the month, perhaps due to threat actors’ holiday spree. Some of the newsmaking events included the onset of the first-ever blackmail virus targeting network-attached storage devices, the breach of California's voter database, and arrests of CTB-Locker and...
Blog

hiQ v. LinkedIn – Who Controls Your Publicly Available Data?

The internet is vast and full of data that is publicly available to anyone with the time, or technology, to mine for insights. You can find everything from years of NYC taxi cab data and Uber information to more obscure datasets about every Jeopardy question in history or every single Iowan liquor store receipt since 2014. The volume of data availability is staggering, and it's poised to only grow...