With 2017 coming to a close, we wanted to give our readers an overview of some of the most interesting, educational, and standout blogs from the year to help fill the time between Christmas and the New Year.
My favourite State of Security blogs from 2017
Pentest Toolbox Additions 2017
It´s becoming a yearly tradition, but one our readers and I love! Carrie Roberts takes us through some of the tools she has found useful in the past year. The blog covers tools such as the Domain Password Audit Tool (DPAT), Powermeta by Beau Bullock, and much much!
Read all about Carrie Roberts pentesting toolbox additions here.
How a Smart Coffee Machine Infected a PLC Monitoring System with Ransomware
Back in June, a chemical engineer on Reddit received an alert when a programmable logic controllers (PLC) monitoring system started acting up. Here’s the tale of how a ransomware infection spread from a factory’s smart coffee machine to its PLC monitoring system.
To read this news story from David Bisson, click here.
Could Containers Save The Day? 10 Things to Consider when Securing Docker
We’re all aware of the Equifax breach that affected 143 million customer records. Equifax reported that Apache Struts vulnerability CVE-2017-5638 was used by the attackers. Equifax was not running its vulnerable struts application in a container. But what if it had been? Containers are more secure, so this whole situation could have been avoided, right?
Read all about how containers could have potentially saved the day for Equifax in this brilliant blog from Ben Layer.
VERT Threat Alert: Return of Bleichenbacher’s Oracle Threat (ROBOT)
On December 12th this year, a team of researchers including Tripwire VERT’s Craig Young announced that TLS stacks from at least 8 different vendors are vulnerable to a well-known 19-year-old protocol flaw called ROBOT.
To learn more about this classic Bleichenbacher attack on RSA, read this blog from Craig Young.
Inmates hid self-built PCs in the ceiling and connected them to prison network
This fascinating story by Graham Cluley left our readers flabbergasted! Ohio Inspector General’s Office published a report revealing that two prison inmates were able to hide their own self-built PCs in the ceiling of a training room *and* connect them to the Marion Correctional Institution’s network.
Read the story on how the two inmates built their PCs and how staff eventually found out about this ingenious plan.
NIST SP 800-171 Deadline at End of 2017 – Is Your Organization Ready?
The deadline to comply or to report delays in compliance with the NIST Special Publication 800-171 has been set for 12/31/17. David Henderson breaks down the key elements of the special publication by focusing on the background of the program, who is impacted, and what the requirements are.
If you are not sure if you are affected, read this informative piece on NIST SP 800-171.
Blockchain 101: How This Emerging Technology Works
The big craze in 2017 has certainly been around cypto-currenccy. We´ve seen a huge rise in the value of Bitcoin, but how many people know about the algorithm and data structure behind it, blockchain?
Bev Robb dives in to the topic of blockchain and talks about if it can be good for security moving forward.
12 Indispensable DevOps Tools for 2017
DevOps is revolutionizing the way enterprises deliver apps to the market. It blends software development and information technology operations, or the processes and services used by IT staff, as well as their internal and external clients to fulfill their business duties.
David Bisson takes 12 indispensable tools from the DevOps world and creates this fantastic list. Enjoy!
There Is No Cyber Talent Crunch; You’re Just Hiring Wrong
The skills-gap. Is there one or not? We see so many conflicting reports, but it´s never clear to why or if there is actually a HUGE skills-gap in the information security community at all. Robert Walker of PCPursuit takes his own personal experiences and puts together an extremely thought-provoking blog on the issue.
Take a look at what Robert thinks are the driving forces behind the “cyber talent crunch” here.
10 Must-Read Books for Information Security Professionals
With Christmas out of the way, I suspect some of you got vouchers for your favorite online book store. To help you make a decision on which book to purchase, you have to read this article! We asked some folks within the information security industry to share their favorite books that changed the way they think about information security.
Here’s what they had to say.
I hope you enjoyed reading through that list of blogs, and we look forward to you stopping by in 2018!
To stay up to date with with all the latest news, please sign-up to our daily security news digest here.
Happy New Year!