Today’s VERT Alert addresses 13 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-656 on Wednesday, February 10th. Ease of Use (published exploits) to Risk Table Automated Exploit ...

Tripwire studied confidence vs. knowledge of financial services IT security pros on seven key security controls necessary to detect a data breach. For many controls IT pros believed they had the information necessary to detect a breach quickly but provided contradictory information about the specific data. ...

This is the conclusion to a three-part series of building a successful vulnerability management program. The first installment focused on Stage One, the vulnerability scanning progress. Without a foundation of people and process, the remaining stages are prone to failure. The second installment focused on Stage Two and Three, using a vulnerability...

There’s an old principle in tabletop RPG (Role Playing Games) circles that goes something like this: If you find yourself in the company of a halfling and an ill-tempered dragon, remember that you do not have to outrun the dragon; you simply have to outrun the halfling. In the context of security and specifically password creation, this principle...

Online security trends continue to evolve. This year, online extortion will become more prevalent. We also expect that at least one consumer-grade IoT smart device failure will be lethal. Ransomware will make further inroads, since the majority go unreported. China will drive mobile malware growth to 20M, and cybercrime legislation will take a...

Yahoo Mail! has patched a stored cross-site scripting (XSS) vulnerability and awarded a researcher $10,000 for finding the flaw. Discovered by Finnish researcher Jouko Pynnonen, the bug allowed an attacker to embed malicious Javascript code into a specially crafted email. The code would automatically execute whenever the message was viewed,...

I don’t know if you have noticed, but when it comes to incident response, the methodology applied by organisations can vary from the downright chaotic, to a well-disciplined, well-oiled machine. However, from what I have observed over the preceding five years of my professional life, the general approach seems to be ad-hoc and has suffered from a...

Computer crime is on the rise around the world. Every day, nefarious actors develop increasingly more sophisticated forms of malware for their attacks. Additionally, as reported by the United Kingdom's National Crime Agency (NCA) back in December, the average age of online criminals has dropped to 17 years old, suggesting that teenagers are more...

An enterprise vulnerability management program can reach its full potential when it is built on well-established foundational goals that address the information needs of all stakeholders, its output is tied back to the goals of the enterprise, and there is a reduction in the overall risk of the organization. Such vulnerability management technology...

As cyber threats grow in scope and potential impact, the complexity of enterprise digital data protection grows to astonishing proportions. Last year, a Fortune 500 survey revealed that cyber security is the second biggest concern for CEOs, who keep looking for new solutions to keep their data safe and their clients happy. The enterprise data is...

UPDATED 01/07/2016 to include RSA Conference USA. (Please see below.) In Part II of our 2015 Infosec Wishlist series, a number of security experts expressed their desire for the security community to renew its focus on collaboration, communication and unity in the New Year. To accomplish this goal, folks in information security will need to...

Have you discovered a security gap? Have you found a possible solution? Have you received funding for it? If you answered 'yes' to all of the above, you're half way to successfully implementing a new control. Here are some other (often overlooked) actions you should consider to ensure the success of your project:1. Be sure the solution solves your...

This is the second part of a two part blog post on the factors that can help you decide whether an agent or agentless solution will be the best fit for your organization. Part 1 provided advice from a security perspective. In part 2, I offer advice that considers the implementation and ongoing operations management. Let’s look at operational...

A recent article by The Financial Times argues that boards should be looking to employ younger directors to tackle the cyber security “problem." Meanwhile, the EU has unveiled the proposed Network and Information Security Directive. Think about the psychology here, really… The more we raise the bar and levels of expectations, given the volume of...

President Xi Jinping believes that the People's Republic of China should have the right to decide what to block and censor on the web. In his opening speech for the second World Internet Conference, which opened in Wuzhen, Zhejiang province on Wednesday, the Chinese president invoked national sovereignty, a principle enshrined in the Charter of the...

It is my privilege to have joined Tripwire as the company's Vice President of Sales for Europe, Middle East, and Africa (EMEA) earlier this Autumn. At this time, I would like to explain why ongoing developments in the security world influenced my decision to come aboard. So, let's jump right in. Why did I join Tripwire? First of all, EMEA – my area of...

If your doctor walks into the exam room for your annual physical and listens to your heart, takes a quick look at your throat, and then gives a clean bill of health without asking many questions, a quick interaction might make you feel good if you’re not worried about your health. However, if you haven’t been feeling well, or if you are at risk for...

The Internet of Things (IoT) is one of the most significant trends in technology today. A melding of innovations in the fields of computing and communication, IoT and its "smart" devices are poised to revolutionize not only user-machine interaction but also the way in which machines engage with one another. Already we are beginning to see the...

The NERC Critical Infrastructure Protection standards are the most effective tools for securing the electrical supply today. If you think that's a controversial statement, let me explain why I make it. Cybersecurity in the context of the electrical supply is synonymous with reliability. The cyber-risks to electric utilities are ultimately risks to...

A transformative event is occurring where countless industrial devices, both old and new, are beginning to use Internet Protocol communication technologies. We refer to these collections of IP-enabled industrial devices and associated networks as the Industrial Internet of Things (IIoT). The Industrial IoT is at the very core of disruptive visions,...