Blog

Blog

VERT Vuln School - SQL Injection 102

In continuing our VERT Vuln School series on SQL Injection vulnerabilities, we’re going to take a look at how attackers can leverage this vulnerability to steal and exfilitrate data. Once we views bob’s account balance page, we notice that there’s another input-field that might be of interest, the...
Blog

Please Do Not Google That For Me

I was reading an article in one of my favorite security magazines, and the author mentioned a phrase and included the parenthetical thought “(Google that)”. At first, this seemed comical but a short paragraph later, the author repeated the technique, advising the reader to “Google that” with respect to another thought. This phrase doesn't just pop...
Blog

Cyber Insurance Premiums are on the Rise, Report Finds

A new report reveals that cyber insurance premiums are on the rise in response to a growing number of high-profile hacks and breaches. According to Timetric's Insight Report: The Future of Cyber Risk Insurance, insurers are raising the deductibles on existing companies' information security policies, whereas others are limiting the amount of...
Blog

Core SIEM Use Cases to Consider for Your Environment

If you are reading this article, you are probably aware that Security Incident and Event Management solutions, or SIEMs, are powerful systems that allow IT professionals to gather and analyze activity in a company’s infrastructure through the collection and correlation of logs. Though SIEM solutions have a significant amount of built-in content in...
Blog

Secure Computation and The Right to Privacy

In December 1890, Samuel Warren and Louis Brandeis, concerned about privacy implications of the new “instantaneous camera,” penned The Right to Privacy, where they argue for protecting “all persons, whatsoever their position or station, from having matters which they may properly prefer to keep private, made public against their will.” 125 years...
Blog

5 Tips for National Cyber Security Awareness Month

As a regular reader of Tripwire, you are aware that October is National Cyber Security Awareness Month. If you are a business owner, you are aware that every month is Cyber Security Awareness Month. To stretch the point one step further, as an employee, did you know that you are a valuable member of your organization’s Cyber Security Awareness team?...
Blog

Remote DoS Vulnerability Patched in Huawei 4G USB Modem

Chinese networking telecommunications equipment and services company Huawei has patched a vulnerability in its MBB (Mobile Broadband) product E3272s that if exploited could lead to denial-of-service attacks and remote arbitrary code execution. According to a security bulletin released by the company, "An attacker could send a malicious packet to...
Blog

Understanding External Security Threats

Cyber security is now a board-level risk across the entire spread of industry. However, it is a broad subject with a large number of unknowns, and some might say there's no real way to ever discover or quantify those unknowns. Unfortunately, this can result in cyber security being poorly understood and boards vulnerable to being misled by ‘snake-oil...
Blog

3 Tips on How to Create a Cyber Security Culture at Work

This October marks another iteration of National Cyber Security Awareness Month (NCSAM), a program designed to engage both the public and private sectors on good security practices via activities that encourage awareness and resiliency in the event of a national cyber incident. Sponsored by the Department of Homeland Security (DHS) in cooperation...
Blog

Building a Model for Endpoint Security Maturity

In today's world, our notion of endpoints has evolved from something with a user and a keyboard to something with exploitable vulnerabilities. This conceptualization therefore covers network connections beyond laptops, personal computers and mobile devices. Indeed, vulnerabilities arising from Internet of Things (IoT) appliances; automobiles, such...
Blog

VERT Vuln School – SQL Injection 101

SQL injection is arguably the most severe problem web applications face. OWASP, an online community devoted to web application security, consistently classifies injection vulnerabilities as number one on their OWASP Top 10 Project. SQL injection vulnerabilities are a favorite amongst a number of “hactivist” groups whose aim is to cause disruption in...
Blog

Managing Cyber Risks and Budgets

According to the 2015 Information Security Breaches Survey, 44 percent of both large and small organizations increased their security expenditure in 2015 compared with 53 percent and 27 percent in 2014, respectively. Despite the increase in expenditure, however, 90 percent of large organizations and 74 percent of small organizations reported that...
Blog

15 Million T-Mobile Customers' Information Exposed in Experian Hack

Hackers have compromised the personal information of 15 million T-Mobile customers after successfully infiltrating one of Experian's servers. John Legere, CEO of T-Mobile, has published a letter about the incident: "We have been notified by Experian, a vendor that processes our credit applications, that they have experienced a data breach. The...
Blog

Homo Sapiens and the Human Equation of Ethics

I recall engaging into a conversation with a fellow security professional this year on the subject of where the CISO role should reside and to whom they should report.My opponent’s opinion was very much contrary to my own, vocalising the value of the CISO having full alignment with the main board and the company executive.I, on the other hand, feel...