Thanks to the advent of technology, the number of mobile phone users are increasing day by day. You'll be shocked to hear that by 2019, this number will cross the 5 billion mark! While mobile phones may have made our life easier, they have also opened up domains for many cybercriminals who are adapting and using new methods to profit from this...

The Healthcare industry by its very nature is populated with some amazing people who are devoted to those in need of physical and mental care. Given this noble cause, it was perfectly understandable for them to ask “Why would someone attack us?” when WannaCry hit their sector. In my opinion, the WannaCry compromise was the crescendo of almost a decade...

If you have followed our work for any amount of time, you will note that we are fans of certain information security technologies such as encryption, AI and machine learning as well as blockchain. But you will also note we are very specific, cautious and surgical about their use. Encryption is a must-have but does little for you if your underlying...

Hackers planted malware on an automated teller machine (ATM) server belonging to an Indian bank as part of a criminal scheme which saw the theft of nearly 944 million rupees (US $13.5 million) in a co-ordinated attack across 28 countries last weekend. India's Cosmos Bank, based in the western city of Pune, suffered an attack which saw hackers use...

Today’s VERT Alert addresses Microsoft’s August 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-792 on Wednesday, August 15th. In-The-Wild & Disclosed CVEs CVE-2018-8373 A vulnerability exists within the scripting engine in Internet Explorer. An attacker exploiting this vulnerability...

The U.S. Department of Defense (DoD) and HackerOne together announced the creation of a new bug bounty program called "Hack the Marine Corps." On 12 August, DoD kicked off its new vulnerability disclosure initiative at DEF CON 26 in Las Vegas, Nevada with a live hacking session. For the launch event,...

Researchers demonstrated the feasibility of taking over a enterprise network and abusing that access to exfiltrate data using just a fax number. On 12 August, Yaniv Balmas and Eyal Itkin of Check Point's malware research team presented their findings on fax security at DEF CON 26 in Las Vegas. They wanted to see if it was possible to attack an all...

ICS security is concerned with securing and safeguarding industrial control systems, keeping processes and machinery running smoothly, and ensuring that the information and data shown on the control room dashboards and screens are accurate. Like every system that is networked to the Internet, ICS must be properly secured. The problem is that ICS...

The Internet of Things (IoT) is one of the greatest forces driving technology today. According to Statista, the number of IoT devices is expected to reach 1.2 billion by the end of 2018. That number will grow to over 20 billion by 2020, per Gartner’s estimates, with more than 65 percent of enterprises deploying IoT products at that time. Such growth...

Poor security measures have reportedly put the personal details of Comcast Xfinity customers at risk, a researcher has revealed. According to a BuzzFeed News report, security researcher Ryan Stevenson found a vulnerability in the high-speed ISP's online customer portal that could allow unauthorised parties to determine the partial home address of...

The Center for Internet Security’s Critical Security Controls (“the CIS Controls”) are incredibly useful in helping organizations defend themselves against digital threats. By adopting the first five controls alone, it’s possible for companies to prevent 85 percent of attacks. Adopting all 20 controls can prevent as much as 97 percent of attacks....

In early August, I will be leading a couple of sessions at the Community College Cyber Summit about cyber security fundamentals. I've also been spending time working with my amazing colleagues thinking about DevOps. Spending so much time going back and forth from "back to basics" and "the future of development" had me thinking that securing DevOps...

It’s hardly a controversial statement to say that DevOps is changing the way that organizations build and deploy applications. There’s plenty of material, stories, whitepapers and whole companies that demonstrate this trend. There are, however, a couple of things that make a discussion about security and DevOps important. First, while there are a...

Compliance with version 3.2 of the Payment Card Industry Data Security Standard (PCI DSS) is a must for organizations that handle, process, transmit and store payment card data. But compliance isn’t always easy to establish or maintain. Indeed, there are certain challenges along the way that can make organizations’ compliance with PCI DSS 3.2...

Tripwire's July 2018 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft and Adobe. First on the patch priority list this month are patches for Microsoft's Internet Explorer, Edge and Scripting Engine. These patches resolve 22 vulnerabilities, including fixes for security feature bypass, information disclosure, and...

The instant a device is connected to the internet, it gets scanned and interrogated for open ports, software versions, and default passwords. Who conducts these scans and why? When you connect to the internet, what kind of attacks will you immediately see? The days of mass exploitation are upon us and encouraged, in part, by the rise of the Internet...

Zero-day attacks have businesses and consumers alike worried about how to protect data. If we don’t know what a threat looks like, can we really protect ourselves against it? For some time, security tools have been developed with the objective of helping organizations defend against the unknown, but the reality of zero-day attacks (the fact that...

In the age of DevOps, application security is an increasing concern for organizations. But attention on application-specific security bugs is comparatively low. We have extensive online security scanners for testing online threats, but they are not so effective for detecting security vulnerabilities that are application-specific in Python, Node.js...

Cybersecurity is generally considered to be a highly reactive field where professionals struggle to keep up with new and emerging threats. As the profession works to become more human-centered and proactive, I have attempted to design a new modeling process that is highly pertinent to these emerging priorities. It combines the existing conceptual,...

Organizations face numerous primary threats and security concerns when it comes to their container environments. Those issues extend into their build environment, an area which organizations need to protect because it’s usually the least secure aspect of their container infrastructure. They also extend into other areas, including inside the...