Our story begins when Xu Jiaqiang, 29, decided to resign from his employer. Xu began working as a developer for a United States company in November 2010. During that time, he enjoyed access to the company's proprietary software, a clustered file system which enhanced computer performance by coordinating tasks across multiple servers. The developer...

In today’s world, where technology is becoming an ever greater part of our everyday lives, it appears we aren’t quite keeping up with it. Believe it or not, we still tend to underestimate the importance of cyber security, as a recent survey by Soha System’s Third Party Advisory Group has shown. According to the survey, less than two percent of IT...

On Thursday, June 23, the United Kingdom will hold a referendum that will decide whether Britain will remain a member of the European Union. In the lead-up to this important vote, many are wondering how Britain's exit, or "Brexit," would affect the United Kingdom's national information security posture. Some are worried, for instance, that if...

A hacker has put up a dataset containing the personal details and driver's license information of 290,000 U.S. citizens for sale on the dark web. Softpedia reports that the hacker, who goes by the name "NSA," stole the information after breaching several organizations based in Louisiana. Once inside of the organizations' networks, NSA exfiltrated...

In a previous article, we discussed building a deeper understanding of distributed denial-of-service (DDoS) attacks, what they do, who’s behind them, and what they all come down to. To follow, here’s how to prepare your website for DDoS attack. According to the results of a study conducted by Kaspersky Lab and B2B International, a DDoS attack can...

Tattoos are a complex form of art in modern society. First of all, they are expressive. People can incorporate certain words and symbols into a tattoo so that its design communicates something personal about their lives. In that sense, tattoos are also free speech, a legal right which is protected under the U.S. Constitution. The fact that people...

Global financial services firm Morgan Stanley has agreed to pay a $1 million penalty for failure to safeguard customer data, the U.S. Securities and Exchange Commission (SEC) said on Wednesday. According to a statement by the SEC, the Wall Street bank violated a federal regulation – known as the “Safeguards Rule” – by failing to adopt federally...

Think of a classic item in your life. Perhaps it is a song that defines your generation. Or maybe it is a life event that holds special meaning for you. We all have them. They are part of what makes life wonderful. Why do classics matter in a security blog? With the recent revelation that the LinkedIn breach was far worse than originally reported,...

Given today's evolving threat landscape, it's understandable that organizations want to take a proactive approach against threats, create an environment of continuous compliance, and have responsive IT operations processes. Organizations want to reduce risk exposure and the attack surface, detect and respond to advanced threats, and drive down...

There is some promising news regarding the state of cyber security among financial services organizations. As an industry, risk-averse financial services companies are investing more in cyber security, with a security spending increase of 14 percent. This heightened focus on security might explain why organizations working in financial services...

Very quietly, in 2011, the US Department of Homeland Services published a paper entitled "Enabling Distributed Security in Cyberspace," a paper that was then way ahead of its time. The paper "explores the idea of a healthy, resilient – and fundamentally more secure – cyber ecosystem of the future, in which cyber participants, including cyber devices...

Information security is more than just checking a box. It also includes security awareness, a feature I discussed in my previous article on endpoint detection and response (EDR) which is just as important as the tools, technologies and other solutions an organization uses to strengthen its digital security. To make a difference, security awareness...

Here at Tripwire, one of the responsibilities of VERT (Vulnerability and Exposure Research Team) is the monthly publication of our Patch Priority Index (PPI). Equal parts science and art, the PPI is released by VERT researchers who deal with vulnerabilities resolved by these patches on a daily basis. When this process first began, it prompted a very...

There is a lot security professionals disagree on when it comes to Identity & Access Management (IAM). One thing most would agree on though is that IAM means many things to many people, and has been shaped more by vendor product boundaries over the years than by overarching architectures, processes and governance. The basic term “Identity Management...

The healthcare landscape has many challenges – security being at the forefront. Ransomware attacks grow increasingly rampant with each day and healthcare is the perfect target due to hospitals relying on antiquated technology that alerts them only after the infection occurs. Cybercriminals are always on the forefront and looking at innovative ways...

Technology infrastructure (TI) at banks involves a dizzying array of things – from employee laptops and desktops, software applications, and hosting networks to networking and cabling linking offices around the world, Internet of Things (IoT) devices, sophisticated enterprise tools, data centers... and so on. Just as a country needs its critical...

Researchers have determined that those who stole approximately $81 million from the Bangladesh Bank most likely did so by hacking into SWIFT's client software. SWIFT, or the Society for Worldwide Interbank Financial Telecommunications, provides banks and other organizations with secure messaging services. According to its 2015 traffic, more than 11...

WhatsApp is an instant messaging service with well over one billion global users. To put it into perspective, one in seven people on the planet actively use this popular messaging app to send some 30 billion texts, voice messages and videos every single day. In 2014, WhatsApp was acquired by Facebook for $19.3 billion. It is now the most powerful...

A former Reuters journalist has been sentenced to two years in prison for helping to hack a multimedia corporation. Last October, a California jury found Matthew Keys, 28, guilty of one count of conspiracy to make changes to a corporate website, one count of transmitting malicious code, and one count of attempting to transmit malicious code for an...

There are roughly 200 requirements and sub-requirements in NERC CIP, and to satisfy each one requires performance-based compliance evidence that produces the comprehensive documentation that proves each requirement and sub-requirement was met for all activities that fall under it. That by itself is no mean feat. Of those 200 requirements, baseline...