Blog

Blog

Delaying PCI 3.1: Time to Dance the Compliance and Security Waltz

The recent announcement from the Payment Card Industry Security Standards Council (PCI SSC) that it will be moving the PCI 3.1 deadline to June 2018 – giving an extra 24 months – caught my attention and reminded me of the ongoing dance between compliance and security. From a compliance and operational standpoint, the new deadline gives organizations...
Blog

Snapchat Responds to Leak of Payroll Data Following Phishing Attack

The popular video messaging application Snapchat has responded to a partial leak of its former and current employees' payroll information following a recent phishing attack. On Monday, Team Snapchat published a statement on their company's blog: "We’re a company that takes privacy and security seriously," the statement begins. "So it’s with real...
Blog

A Timeline of the Apple-FBI iPhone Controversy (UPDATED: 3/29/16)

Apple has been making headlines recently for its refusal to comply with a court order requiring it to help federal authorities unlock a mass shooter's iPhone. This story dates back to the late spring of 2015. The timeline below summarizes how this controversy has played out thus far. June 8, 2015 The Information Technology Industry Council (ITI)...
Blog

The World of Unknowns and the First Responder

When it comes to known unknowns, there is one fact you can be sure of, which is based on the conundrum of “Am I being, or have I been hacked?” – with the knowing component here representing the high probability that the answer is in the affirmative. However, when reflecting on the unknown element, this may well result in a number of unknown answers...
Blog

UX in the Security World

The cyber security industry is growing faster than ever as companies increase their level of monitoring and analysis to protect themselves from breaches and data loss. The imperative for security professionals to be fast and accurate in recognizing and remediating security threats makes the user experience in security products absolutely critical. ...
Blog

U.S. ICS-CERT Confirms 'Cyber Intrusions' Behind Ukraine Power Outages

The United States Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has confirmed that 'cyber intrusions' caused a series of Ukraine power outages late last year. In a statement published on Thursday, the team provides an overview of what it learned from an investigation into an incident that occurred on December 23, 2015. ...
Blog

Some Tips For Dealing With Phone Scammers

Have you recently received any of the popular scam phone calls from someone claiming to be from Microsoft offering to fix your computer? Or the IRS scam call, alerting you that you owe taxes and that you must pay immediately? Or a representative from a utility company, threatening to shut off your electricity if you don’t immediately pay with a pre...
Blog

Invisible Porn-Clicking Trojans Invade Android's Google Play Store

If malware on your Android phone doesn't steal any of your information, doesn't spy upon your activities, doesn't infect any of your files, and remains invisible... can we still consider it a bad thing? I think the answer is yes, but some security measures appear to turn a blind eye to a Trojan that security researchers at ESET have dubbed "Porn...
Blog

DDoS Group Claims Responsibility for Xbox Live Outages

A distributed denial-of-service (DDoS) group has claimed responsibility for a series of global outages to Xbox Live, Microsoft's online gaming network for the Xbox console. Recently, members of the group, which calls itself the New World Hackers, sat down with Newsweek to explain the motivation behind its alleged attacks. “Well, didn’t even take as...
Blog

Endpoint Protection Warrants a Proactive Approach

Endpoints are more important than ever in today's connected world. As business increases, most organizations find it necessary to connect a variety of new devices to their networks to keep up with the demands of competing in a global economy. Each of these endpoint nodes may be devices with which employees interact on an ongoing basis, but they...
Blog

Access Control in 2016 - What you Need to Know

Access control is one of those topics that often means different things to different people. In its most basic form, it is simply the “restriction of access to a resource." Unfortunately, as you drill down into what that actually means for your organization, things usually get muddy. For some people, it is simply selectively granting user access to...
Blog

GDPR – The Good, the Bad and the Ugly

Unless you’ve been living out in the remotest frontier of some Data Protection Wild West, you will no doubt be aware that a ‘supervisory authority’ Sheriff will soon be riding into town, clutching a lengthy new scroll of law and order in the form of the General Data Protection Regulation (GDPR). ICYMI or simply passed over it as not particularly...
Blog

How Can we Remember all Those Passwords?

Despite the existence of a number of advanced authentication mechanisms, such as Single Sign-On (SSO), different types of Biometrics, multi-factor authentication, etc., the use of passwords is still the most popular means of authenticating users. The need to generate, and hopefully to remember these passwords, has become even more demanding due to...
Blog

BSidesSF 2016 Preview: Sweet Security

Securing the Internet of Things (IoT) has become increasingly difficult. Devices are often shipped with out-of-date operating systems and unmaintained code, which is littered with vulnerabilities. To add to the frustration, traditional security tools cannot be installed on many of these devices. For many users, especially home and SMBs, there are...
Blog

Tripwire at RSA Conference 2016: Cyberwar @ the Endpoint

Celebrating its 25th anniversary this year, the RSA Conference creates invaluable opportunities for attendees to connect with top security leaders, discover innovative technologies and deliberate the industry’s most pressing issues. With over 30,000 attendees, this annual event continues to help drive the information security agenda worldwide, and...
Blog

GitHarvester: Finding Data on GitHub

Even if you are not a developer, you should be familiar with GitHub. If you are not familiar, then consider this blog post your introduction. GitHub is a large cloud-based software repository that uses the git protocol. Creating a GitHub account is painless and free for anyone who is interested. You don’t even need to supply a valid email address to...
Blog

DevSecOps: The Marriage of SecOps and DevOps

IT and software development, departments that have historically had a somewhat contentious relationship, are on a collision course – and at the center of this convergence is security. The rapid adoption of public cloud infrastructure is enabling new levels of cost efficiency, business agility and development capability for organizations of all sizes...
Blog

Why is Change Detection so Important?

It’s the new byword in federal cyber security: “Act as though your network is already compromised.” But what does it mean? DHS’s big cybersecurity programs focus on solutions that either catch the bad guys at the perimeter (Einstein), or harden individual assets to make compromise more difficult (CDM investments in asset management, vulnerability...