Women and non-males are in various important cybersecurity roles. They're writing secure code, they're researching malware, they're educating end users, they're studying in school, and sometimes they're in important government positions like my last subject, Heather Butler. Gwen Betts' job is a bit different. She approached me on Twitter, telling me...

News travels fast in the information security community, and the combination of politics, cloud and cybersecurity make for a rapidly moving headline. You’ve no doubt read about the disclosure of 198 million records by a political data analytics firm by now. This isn’t a case of malicious hacking, but of misconfiguration. These records were simply...

Cyberattacks in the healthcare industry have been on the rise, the latest being the WannaCry attack that affected 20 percent of NHS facilities in the UK. A study (PDF) by the Ponemon Institute in 2016 revealed that healthcare organizations have experienced approximately one cyberattack every month. Healthcare organizations are a lucrative target...

Cyber crime is no longer the province of the computer super-geek. In fact, it can almost be said to have gone mainstream with exploit lists, downloadable network tools and scripts – even hacking IT support – all available online at bargain prices. As with any threat to our homes and businesses, knowing the nature of the threat we face helps us to...

Don’t think security impacts sales? Think again. A secure web environment ensures the protection of customer data, but it also makes for a fast and optimized website that drives conversions. An unsecured web environment will be slow, frequently unresponsive, and even dangerous. Opening your first online store is an exciting milestone, and security...

Today’s VERT Alert addresses the Microsoft June 2017 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-729 on Wednesday, June 14th. In-The-Wild & Disclosed CVEs CVE-2017-8543 According to Microsoft’s Security Guidance, they are aware of in-the-wild exploitation against CVE-2017-8543, a code...

Part of Ukraine's capital, Kiev, lost power on December 17-18, 2016, due to a digital attack. The operation, which occurred nearly one year after BlackEnergy targeted western Ukrainian power company Prykarpattyaoblenergo with KillDisk malware, pushed networks and Supervisory Control and Data Acquisition (SCADA) systems at utility Ukrenergo "outside...

I saw yet another security talent shortage article this weekend and thought: it’s just another sad cyb song wrecking my brain. New college graduates and people in career transitions who are struggling to land an entry-level role email me almost daily asking some variation of this question: If there is such a shortage, why are companies refusing to...

A digital security strategy embodies every organization's efforts to protect its industrial control systems (ICS) against intentional and accidental security threats. Lots of different factors shape this plan. As I discussed in a previous article, organizations should conduct regular industrial digital security assessments to identify what frameworks...

Back in June, Robert Hansen posted an interesting write-up[1] on his Smartphone Exec blog about outsourced web development that was returned with multiple embedded PHP backdoors. While this betrayal of trust by a freelance web developer shouldn’t have been surprising, it was, and it prompted Tripwire’s Vulnerability and Exposure Research Team (VERT)...

May 2017 shaped up to be the busiest ransomware month to date. The bare statistics speak for themselves: a total of 79 new strains came out and 38 existing ones received updates. Extortion-based cybercrime is obviously more prolific and ubiquitous than ever. Last month, the world confronted the unprecedented WannaCry ransomware epidemic employing NSA...

In the first part of this article, we discussed the popularity, average number and ratio of attacks on web applications. Let's now focus on some examples and sources. Examples of Attacks An example of detecting a Path Traversal attack The attacker intended to go to the root directory of the server and access the /etc/passwd file, which contains a...

Many businesses live in fear of having their systems hacked. After all, who wants their customers' data to spill out onto the internet or have their confidential plans and intellectual property stolen by online criminals? But more and more organizations like Google, Facebook, and Amazon are actually welcoming attempts to test their security in the...

News of the Google Docs phishing scam is not the first time that shared cloud-based resources have hit the headlines for all the wrong reasons. Many popular collaboration and IT management tools, such as Teamviewer and Slack, have had their time in the spotlight for compromises and breaches. The truth is these systems unwittingly provide an easy...

Public web applications are an attractive target for hackers. Attacks on web applications open up wide opportunities, including access to internal resources of the company, sensitive information, disruption of the application, and circumvention of business logic. Virtually any attack can bring financial benefits to the attacker and losses, both...

Understandably, a few eyebrows raise up when I suggest today’s cybersecurity challenges started nearly 370 years ago, some 300 years before the invention of ENIAC (the world’s first digital computer). But I stand by this observation because of the unintended clash of two systems: the nation-state and the Internet. Many of the institutions, social...

Cybersecurity isn't just for guys! It's crucial to highlight the important work that women and non-males are doing in the information security field. Previously I spoke with Thais, a Brazillian woman in Germany who's doing some intriguing malware research. This time, I've had the honor of speaking to Kelly Shortridge. She went from high finance to...

A hacker compromised more than 600,000 users' accounts when they stole a database operated by the font sharing site DaFont. In early May 2017, the currently unnamed hacker stole a site database containing 699,464 usernames, email addresses, and hashed passwords after hearing of other attacks launched against it. As they told ZDNet in an interview: ...

The summer of 2016 was a tumultuous ride for those of us in the security community. Less than a year ago, nobody had ever heard of The Shadow Brokers or Anna-Senpai but the same month (August 2016), these two – as yet unidentified persons or groups – made it clear that we are in the midst of a massive paradigm shift regarding threats to our society....

According to a recent survey, about 1 in 10 PC users (9.8 percent) in the US ran unpatched Windows operating systems in the first quarter of 2017 – up from 6.8 percent the previous year. The findings come from Flexera Software’s latest Personal Software Inspector Country Report, which aims to highlight the state of security among PC users in the US...