TechCrunch reports that a security researcher stumbled across an exposed server on the internet containing databases with a total of more than 419 million records related to Facebook users. According to TechCrunch's reporting, each database record contains a user's unique Facebook account ID (from which it's possible to determine a user name) and...

Tripwire's August 2019 Patch Priority Index (PPI) brings together important security vulnerabilities from Microsoft and Adobe. First on the Patch Priority Index are patches for Microsoft's Browser and Scripting Engine. These patches resolve 12 vulnerabilities including fixes for memory corruption, information disclosure and security feature bypass...

What if your job was to break things repeatedly in order to make them work better? Sounds like the dream of every curious six-year old, but it's actually an emerging software engineering trend based in the transition from devops to devsecops. It's designed to test systematic limitations with the goal of improving security and performance under any...

Just as you would map a hike or climb by creating waypoints you plan to hit each day, you must plan your vulnerability management process by creating similar goals. We call these goals Maturity Levels, from ML0 to ML5, as we defined them in the last blog. You have your asset inventory from an open-source tool, asset tracking database or maybe your...

Even though the healthcare industry has been slower to adopt Internet of Things technologies than other industries, the Internet of Medical Things (IoMT) is destined to transform how we keep people safe and healthy, especially as the demand for lowering healthcare costs increases. The Internet of Medical Things refers to the connected system of...

The IoT Threat LandscapeAs technology continues to pervade modern-day society, security and trust have become significant concerns. This is particularly due to the plethora of cyber attacks that target organizations, governments and society. The traditional approach to address such challenges has been to conduct cybersecurity risk assessments that...

Today’s VERT Alert addresses Microsoft’s August 2019 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-845 on Wednesday, August 14th. In-The-Wild & Disclosed CVEs Microsoft has indicated that none of the vulnerabilities being patched this month have been used in-the-wild nor have they been...

Tripwire's July 2019 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft and Oracle. First on the list for July are patches for Microsoft's Browser and Scripting Engine. These patches resolve 11 vulnerabilities including fixes for Memory Corruption weaknesses. Next on the list are patches for Microsoft Excel and...

Apple announced that it will be expanding the scope of its bug bounty program and increasing its maximum possible reward payout to $1 million. Ivan Krstić, Apple’s head of security engineering, made the announcement during a presentation on iOS and macOS security at Black Hat USA 2019. He revealed that Apple's bug bounty program will begin...

About a decade ago, organizations were hesitant to adopt cloud solutions, with many citing security concerns. Fast forward to 2019, and 81% of organizations have a multi-cloud strategy, spurred on by the desire for increased flexibility, usage-based spending and desire to respond to market opportunity with greater agility. In fact, organizations are...

The recent Tripwire blog ‘7 Habits of highly effective Vulnerability Management’ by Tim Erlin was a great read with some sage advice on the always relevant security topic of VM. I noticed, however, that although the seven points themselves were all Tim’s own, the title snappily paraphrased Steven Covey’s classic management book. This made me think....

American multinational conglomerate holding company AT&T has announced the launch of its public bug bounty program on HackerOne. Revealed on 6 August, the new program will award security researchers who submit reports on eligible vulnerabilities that affect AT&T's websites, mobile apps, devices and exposed APIs. In-scope flaws include weaknesses...

As someone who has worked for their entire career in the Managed Network Services space, if I had to pick out, over the past five years, two of the most impactful shifts in managing technology, it would be a shift from traditional, in-house servers to solutions where 3rd parties build “clouds” to provide similar business functions as well as the...

It’s that time of year again where Black Hat and DEF CON are fast approaching and everyone interested in security will descend upon Las Vegas. While Craig Young will be there with his sold out Introduction to IoT Pentesting with Linux, I will be keeping my 2008 promise to myself and avoiding Vegas like the plague. I am, however, happy to announce...

On 16 July 2019, UK’s National Cyber Security Centre (NCSC) released the second annual report of the Active Cyber Defence (ACD) program. The report seeks to show the effects that the program has on the security of the UK public sector and the wider UK cyber ecosystem.The Active Cyber Defence ProgramNCSC was set up in 2016 to be the single...

The subject of the cyber security talent shortage has been over-reported to the extent that no one wants to talk about it anymore. Even more than that, the only solution that really ever gets mentioned is developing more university cyber programs. But that solution is dead wrong—or at least it misses the crux of the issue completely. Before I go any...

Wouldn’t it be an easier life if we didn’t have to worry about the exploitation of vulnerabilities in solutions and software on which we have spent good time and resources? A world where correctly configured systems configured were left alone to perform their functions until they became redundant and/or needed replacing? It is a beautiful dream. Sadly...

A multi-cloud network is a cloud network that consists of more than one cloud services provider. A straightforward type of multi-cloud network involves multiple infrastructure as a service (IaaS) vendors. Can you use AWS and Azure together? For example, you could have some of your cloud network’s servers and physical network provided by Amazon Web...

Too many small and medium-sized businesses (SMBs) are under the belief that purchasing “This One Product” or “This One Managed Service” will provide all the security their network requires. If this were true, large corporations with huge IT budgets would never have data breaches! Before you start buying expensive new technology to protect your...

It may be possible to democratize security by making it more accessible to average companies through community resources. We have an idea or two but we would appreciate your thoughts. At the 2019 RSA conference, Matt Chiodi, Chief Security Officer of Palo Alto Networks stated: “… small organizations are using on average between 15 and 20 tools,...