Blog

Blog

The makers of the Mirai IoT-hijacking botnet are sentenced

Three men who operated and controlled the notorious Mirai botnet have been sentenced to five years of probation. The Mirai botnet notoriously launched a massive distributed denial-of-service (DDoS) attack on DNS service company Dyn in October 2016 and made it impossible for many users to reach popular sites such as Amazon, Reddit, Netflix, Twitter,...
Blog

What is Vulnerability Management Anyway?

Vulnerability management (VM) programs are the meat and potatoes of every comprehensive information security program. They are not optional anymore. In fact, many information security compliance, audit and risk management frameworks require organizations to maintain a vulnerability management program. If you don’t have vulnerability management tools,...
Blog

VERT Threat Alert: September 2018 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s September 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-796 on Wednesday, September 12th. In-The-Wild & Disclosed CVEs CVE-2018-8440 This vulnerability was disclosed on Twitter on August 27th, and a high level analysis was published on...
Blog

Tripwire Patch Priority Index for August 2018

Tripwire's August 2018 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft and Adobe. First on the patch priority list this month are patches for Microsoft's Internet Explorer, Edge, and Scripting Engine. These patches resolve 21 vulnerabilities, including fixes for Remote Code Execution, Elevation of Privilege,...
Blog

Use This NERC CIP v6 Standards Summary to Stay Compliant

Thanks to FERC’s Order 822, the North American Electric Reliability Corporation’s critical infrastructure protection standards, known as NERC CIP, are continually updated. Seven updated standards proposed by NERC for inclusion have now been accepted. April 1st, 2016, was the compliance deadline for the NERC CIP v5 requirements. Most of the newly...
Blog

You: The First, Last and Best Data Protection and Privacy Defense – Part 2

As part of this two-part series, let’s now look to another exhibit demonstrating of how people act as the first, last and best data and privacy defense. Exhibit B: Potentially Unwanted Leaks If you have some technical literacy, you may have heard of potentially unwanted programs (“PUPs”). It’s all that glop and gloop – malware, viruses, trojans,...
Blog

An EHR Systems Check-Up: 3 Use Cases for Updating Cyber Hygiene

Have you ever wondered how much your patient health record could garner on the black market? Whereas a cybercriminal only needs to shell out a mere dollar for your social security number, your electronic health record (EHR) is likely to sell for something closer to the tune of $50. This is according to research firm Cybersecurity Ventures, who also...
Blog

#TripwireBookClub – Gray Hat Python

In this third installment of #TripwireBookClub, we look at “Gray Hat Python,” written by Justin Seitz and published by No Starch Press. I had the opportunity to briefly meet Justin at CanSecWest the year this book was published, which only increased my interest in the book and ensured my preorder. I read it back then (2009), and now, nine years...
Blog

Three Ways to Secure Legacy Infrastructure

It is a well-known fact that legacy equipment shall continue to play a crucial role in the continuity and stability of critical infrastructure, especially in industrial control systems. A recent Center for Digital Government survey found that 70% of respondent agencies depend on legacy infrastructure for their operations. Another recent report from...
Blog

Guide to Securing Your Mobile App against Cyber Attacks

Thanks to the advent of technology, the number of mobile phone users are increasing day by day. You'll be shocked to hear that by 2019, this number will cross the 5 billion mark! While mobile phones may have made our life easier, they have also opened up domains for many cybercriminals who are adapting and using new methods to profit from this...
Blog

Healthcare Industry: 5 Key Areas Security Professionals Should Consider

The Healthcare industry by its very nature is populated with some amazing people who are devoted to those in need of physical and mental care. Given this noble cause, it was perfectly understandable for them to ask “Why would someone attack us?” when WannaCry hit their sector. In my opinion, the WannaCry compromise was the crescendo of almost a decade...
Blog

Hackers steal $13.5 million from Indian bank in global attack

Hackers planted malware on an automated teller machine (ATM) server belonging to an Indian bank as part of a criminal scheme which saw the theft of nearly 944 million rupees (US $13.5 million) in a co-ordinated attack across 28 countries last weekend. India's Cosmos Bank, based in the western city of Pune, suffered an attack which saw hackers use...
Blog

VERT Threat Alert: August 2018 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s August 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-792 on Wednesday, August 15th. In-The-Wild & Disclosed CVEs CVE-2018-8373 A vulnerability exists within the scripting engine in Internet Explorer. An attacker exploiting this vulnerability...
Blog

'Hack the Marine Corps' Bug Bounty Program Announced by DoD

The U.S. Department of Defense (DoD) and HackerOne together announced the creation of a new bug bounty program called "Hack the Marine Corps." On 12 August, DoD kicked off its new vulnerability disclosure initiative at DEF CON 26 in Las Vegas, Nevada with a live hacking session. For the launch event,...
Blog

ICS Security: The European Perspective

ICS security is concerned with securing and safeguarding industrial control systems, keeping processes and machinery running smoothly, and ensuring that the information and data shown on the control room dashboards and screens are accurate. Like every system that is networked to the Internet, ICS must be properly secured. The problem is that ICS...
Blog

Flaw exposed Comcast Xfinity customers' partial home addresses and SSNs

Poor security measures have reportedly put the personal details of Comcast Xfinity customers at risk, a researcher has revealed. According to a BuzzFeed News report, security researcher Ryan Stevenson found a vulnerability in the high-speed ISP's online customer portal that could allow unauthorised parties to determine the partial home address of...
Blog

Two-Thirds of Organizations Don’t Use Hardening Benchmarks to Establish a Secure Baseline, Report Reveals

The Center for Internet Security’s Critical Security Controls (“the CIS Controls”) are incredibly useful in helping organizations defend themselves against digital threats. By adopting the first five controls alone, it’s possible for companies to prevent 85 percent of attacks. Adopting all 20 controls can prevent as much as 97 percent of attacks....