As is often the case in cybersecurity, just when you think you are writing or talking about the "issue of the day" (most recently ransomware), some other issue comes up that makes you shake your head and wonder why each of us is working so hard to secure our networks when it appears so easy for attackers to steal important data or money. That is...

Well, if you're reading this blog, then I suggest you should! The European Union General Data Protection Regulation (EU GDPR) takes effect on 25th May 2018. But don’t be misled by the title. The EU reference should be treated as an indication of the Regulation's birth place, not some form of virtual boundary restricting its influence. This...

It’s safe to say that cybersecurity is a common issue for all industries. But what is the cybersecurity state of affairs for Industrial Control Systems (ICS), and why should we care? ICS monitor and control industrial and physical infrastructure processes that are crucial for industries like manufacturing, transportation, energy, oil and gas, and...

We sold our house and moved to an apartment in January, waiting for our new home to get built. Cleaning up the house for a move is a big chore, and one of my tasks for a weekend before the sale was cleaning up a big pile of post-it notes left in a box. I chanced upon a post-it note with a 1-888 number that was an AT&T teleconferencing line. I had...

Our story begins when Xu Jiaqiang, 29, decided to resign from his employer. Xu began working as a developer for a United States company in November 2010. During that time, he enjoyed access to the company's proprietary software, a clustered file system which enhanced computer performance by coordinating tasks across multiple servers. The developer...

In today’s world, where technology is becoming an ever greater part of our everyday lives, it appears we aren’t quite keeping up with it. Believe it or not, we still tend to underestimate the importance of cyber security, as a recent survey by Soha System’s Third Party Advisory Group has shown. According to the survey, less than two percent of IT...

On Thursday, June 23, the United Kingdom will hold a referendum that will decide whether Britain will remain a member of the European Union. In the lead-up to this important vote, many are wondering how Britain's exit, or "Brexit," would affect the United Kingdom's national information security posture. Some are worried, for instance, that if...

A hacker has put up a dataset containing the personal details and driver's license information of 290,000 U.S. citizens for sale on the dark web. Softpedia reports that the hacker, who goes by the name "NSA," stole the information after breaching several organizations based in Louisiana. Once inside of the organizations' networks, NSA exfiltrated...

In a previous article, we discussed building a deeper understanding of distributed denial-of-service (DDoS) attacks, what they do, who’s behind them, and what they all come down to. To follow, here’s how to prepare your website for DDoS attack. According to the results of a study conducted by Kaspersky Lab and B2B International, a DDoS attack can...

Tattoos are a complex form of art in modern society. First of all, they are expressive. People can incorporate certain words and symbols into a tattoo so that its design communicates something personal about their lives. In that sense, tattoos are also free speech, a legal right which is protected under the U.S. Constitution. The fact that people...

Global financial services firm Morgan Stanley has agreed to pay a $1 million penalty for failure to safeguard customer data, the U.S. Securities and Exchange Commission (SEC) said on Wednesday. According to a statement by the SEC, the Wall Street bank violated a federal regulation – known as the “Safeguards Rule” – by failing to adopt federally...

Think of a classic item in your life. Perhaps it is a song that defines your generation. Or maybe it is a life event that holds special meaning for you. We all have them. They are part of what makes life wonderful. Why do classics matter in a security blog? With the recent revelation that the LinkedIn breach was far worse than originally reported,...

Given today's evolving threat landscape, it's understandable that organizations want to take a proactive approach against threats, create an environment of continuous compliance, and have responsive IT operations processes. Organizations want to reduce risk exposure and the attack surface, detect and respond to advanced threats, and drive down...

There is some promising news regarding the state of cyber security among financial services organizations. As an industry, risk-averse financial services companies are investing more in cyber security, with a security spending increase of 14 percent. This heightened focus on security might explain why organizations working in financial services...

Very quietly, in 2011, the US Department of Homeland Services published a paper entitled "Enabling Distributed Security in Cyberspace," a paper that was then way ahead of its time. The paper "explores the idea of a healthy, resilient – and fundamentally more secure – cyber ecosystem of the future, in which cyber participants, including cyber devices...

Information security is more than just checking a box. It also includes security awareness, a feature I discussed in my previous article on endpoint detection and response (EDR) which is just as important as the tools, technologies and other solutions an organization uses to strengthen its digital security. To make a difference, security awareness...

Here at Tripwire, one of the responsibilities of VERT (Vulnerability and Exposure Research Team) is the monthly publication of our Patch Priority Index (PPI). Equal parts science and art, the PPI is released by VERT researchers who deal with vulnerabilities resolved by these patches on a daily basis. When this process first began, it prompted a very...

There is a lot security professionals disagree on when it comes to Identity & Access Management (IAM). One thing most would agree on though is that IAM means many things to many people, and has been shaped more by vendor product boundaries over the years than by overarching architectures, processes and governance. The basic term “Identity Management...

The healthcare landscape has many challenges – security being at the forefront. Ransomware attacks grow increasingly rampant with each day and healthcare is the perfect target due to hospitals relying on antiquated technology that alerts them only after the infection occurs. Cybercriminals are always on the forefront and looking at innovative ways...

Technology infrastructure (TI) at banks involves a dizzying array of things – from employee laptops and desktops, software applications, and hosting networks to networking and cabling linking offices around the world, Internet of Things (IoT) devices, sophisticated enterprise tools, data centers... and so on. Just as a country needs its critical...