This summer, my family and I visited a few Arizona ghost towns, and the experience made me wonder what it might have been like to travel across the Old West with all your possessions in tow. What would it feel like to ride through mountains, deserts and territories with only a canvas-covered wagon protecting your valuables? I bet they were keenly...

Microsoft announced its Identity Bounty Program through which security researchers can earn up to $100,000 for an eligible submission. On 17 July, Microsoft Security Response Center (MSRC) unveiled the creation of a new bug bounty program to help it remediate vulnerabilities affecting its Identity services. Phillip Misner, principal security group...

What does a human need to survive? Typically, the first two items are food and water followed by a place live. Most of us take for granted that our water supply is always safe and drinkable. As such a vital resource, one would think that the critical infrastructure that purifies and monitors water must be completely secure at all times....

Today’s VERT Alert addresses Microsoft’s July 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-786 on Wednesday, July 11th. In-The-Wild & Disclosed CVEs CVE-2018-8278 Microsoft Edge is vulnerable to a spoofing vulnerability that could allow an attacker to design a malicious fake...

To create a secure digital profile, organizations need digital integrity. This principle encapsulates two things. First, it upholds the integrity of files that store operating system and application binaries, configuration data, logs and other crucial information. Second, it protects system integrity to make sure applications, endpoints and networks...

So, you recognize that insider threats are a considerable risk inside your company? Just imagine how serious those threats are for a business that designs mobile spyware for helping law enforcement and intelligence agencies spy on "people of interest." NSO Group is a firm that, in its own words, provides "authorized governments with technology that...

Tripwire's June 2018 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft and Adobe. First on the patch priority list this month are patches for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These Adobe Flash patches address type confusion, integer overflow, out-of-bounds read and stack-based buffer...

Last time, I had the pleasure of speaking with Susan Ballestero. She taught me a lot about what it’s like to work in a security operations center. This time, I got the opportunity to speak with Rebecca Herold. She’s been in the cybersecurity field for quite a long time now. She founded SIMBUS, LLC, a thriving information security, privacy and...

Earlier this month, the Wi-Fi Alliance issued a press release announcing the availability of WPA3. Built on top of several existing but not widely deployed technologies, WPA3 makes several vast improvements over the security provided by WPA2. Most notably, WPA3 should close the door on offline dictionary-based password cracking attempts by...

A recent report from the office of the U.S. Department of the Interior’s Inspector General indicates that several hydropower dams are vulnerable to internal threats. Specifically, an evaluation was conducted of five hydropower dams operated by the U.S. Bureau of Reclamation (USBR) and categorized as “critical infrastructure.” The USBR is the second...

In the midst of some of the most interesting times in geopolitical history, Tripwire wanted to see how the infosec community is currently feeling about nation-state attacks. It thus decided to conduct a survey while at Infosecurity Europe 2018 in London. Specifically, Tripwire surveyed 416 attendees to see what the future of nation-state attacks...

Last time, I had the opportunity of speaking with Avi. Avi’s not a woman, but they’re a badass hacker with a natural intuition for cybersecurity that has been put to excellent use. This time, I had the pleasure of speaking with Susan Ballestero. She has unique experience with working in a security operations center and being an information security...

Industrial control systems (ICS) first proliferated at a time when cybersecurity didn’t weigh heavily on organizations’ minds. Since then, there have been two significant developments in the industry. First, cybersecurity has become a mission-critical concern for businesses everywhere. Second, there’s been a shift to new network technologies that...

Network security is an issue that is increasingly important as businesses and even households shift more workflow processes and key tasks to the network and into the cloud. While some users may find it a challenge to protect even a single digital device, keeping an entire network secure can be a tall order for even the most tech-savvy users. From...

Today’s VERT Alert addresses Microsoft’s June 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-782 on Wednesday, June 13th. In-The-Wild & Disclosed CVEs CVE-2018-8267 This code execution vulnerability exists in Internet Explorer’s scripting engine and relates to the handling of objects...

Last time, I got the opportunity to speak with Diana Initiative founder Virginia Robbins, otherwise known as fl3uryz. She deserves all the kudos for her hard work in promoting women in our industry. This time, I had the pleasure of speaking with Avi. They’re not a woman, but they certainly know what it’s like to be a gender minority in tech. Avi has...

With hacking attacks, government surveillance and censorship constantly in the headlines, more and more people are looking for ways to increase their privacy online. One of the simplest and most popular solutions is to use a virtual private network. With a VPN, all your internet traffic is encrypted and tunneled through a third-party server, so it...

Last time, I had a great chat with Anna Westelius. She has a lot of experience with everything from web security to Linux driver development, and I learned a lot from her. This time, I had the pleasure of talking with Virginia Robbins, otherwise known as fl3uryz. Not only is she an expert in malware detection; she also founded The Diana Initiative,...

I’m pleased to announce that next month, I will be offering the two-day training series A Guided Tour of Embedded Software Hacks at Shakacon X as well as at Black Hat USA in August. As a reminder, I will also be back at SecTor with reloaded material for a one-day Brainwashing Embedded Systems advanced class aimed at students who have already...