News Flash: Your DNS might be broken, and you don’t even know it. But wait? How could I not know my DNS is broken? Well, the answer lies in the history of the DNS standards and what has become the cobbling together of features within authoritative and recursive DNS server software. It all started going […]… Read More
The post Don’t Let DNS Flag Day Become Your DNS Doomsday appeared first on The State of Security.
News Flash: Your DNS might be broken, and you don’t even know it. But wait? How could I not know my DNS is broken? Well, the answer lies in the history of the DNS standards and what has become the cobbling together of features within authoritative and recursive DNS server software. It all started going […]… Read More
The post Don’t Let DNS Flag Day Become Your DNS Doomsday appeared first on The State of Security.
When evaluating enterprise security tools for their effectiveness, it can be challenging to find the right model for best calculating your “Return on Security Investment” (ROSI). Just a few years ago, the potential cost attributed to a security breach was likely to be primarily related in the assessed financial cost into a business’ reputation, with […]… Read More
The post How Do You Measure Your Investment in Security? appeared first on The State of Security.
As a business owner, you’re no stranger to the myriad moving parts that keep the day-to-day business going. In all the bustle, it can be easy to overlook important tasks such as creating a privacy policy because you’re unsure where to start or which elements to include. Earlier this year, the EU’s GDPR—the General Data […]… Read More
The post 5 Key Components Every Company Should Have in Their Privacy Policy appeared first on The State of Security.
Holiday shopping is in full force—Tis the season to be shopping, some would say. Unfortunately, during seasonal times such as Thanksgiving, Christmas and New Year’s Eve, while we are preparing to spend time with family and friends, we must be vigilant when shopping and doing holiday business online. Malicious cyber actors know that e-commerce increases […]… Read More
The post Tis the Season to be a Prudent Shopper appeared first on The State of Security.
‘Tis the season to be shopping, as some might say. Holiday seasons are very good for retail businesses, with increased traffic in both online and brick-and-mortar stores. Unfortunately, business is good for cybercriminals during these busing shopping times, too – and, as a result, retailers need to ensure that their physical and cyber resources are […]… Read More
The post ‘Tis the Season to be a Prudent Retailer appeared first on The State of Security.
What is the Risk Management Framework? The Risk Management Framework (RMF) is most commonly associated with the NIST SP 800-37 guide “Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach,” which has been available for FISMA compliance since 2004. This was the result of a Joint Task Force […]… Read More
The post How to Apply the Risk Management Framework (RMF) appeared first on The State of Security.
What is the Risk Management Framework? The Risk Management Framework (RMF) is most commonly associated with the NIST SP 800-37 guide “Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach,” which has been available for FISMA compliance since 2004. This was the result of a Joint Task Force […]… Read More
The post How to Apply the Risk Management Framework (RMF) appeared first on The State of Security.
Cybersecurity is a manpower constrained market – therefore, the opportunities for artificial intelligence (AI) automation are vast. Frequently, AI is used to make certain defensive aspects of cyber security more wide reaching and effective. Combating spam and detecting malware are prime examples. On the opposite side, there are many incentives to use AI when attempting […]… Read More
The post Artificial Intelligence and Cybersecurity: Attacking and Defending appeared first on The State of Security.
Cybersecurity is a manpower constrained market – therefore, the opportunities for artificial intelligence (AI) automation are vast. Frequently, AI is used to make certain defensive aspects of cyber security more wide reaching and effective. Combating spam and detecting malware are prime examples. On the opposite side, there are many incentives to use AI when attempting […]… Read More
The post Artificial Intelligence and Cybersecurity: Attacking and Defending appeared first on The State of Security.
I’m a red teamer,.I do work similar to pentesting and use many of the same tools. This year, I’ve added several tools to my toolbox. I’ll introduce them to you below. I hope you find them valuable, as well. DoubleTap (by @4lex) I <heart> password spraying attacks where you guess a few common passwords against […]… Read More
The post Pentest Toolbox Additions 2018 appeared first on The State of Security.
I’m a red teamer,.I do work similar to pentesting and use many of the same tools. This year, I’ve added several tools to my toolbox. I’ll introduce them to you below. I hope you find them valuable, as well. DoubleTap (by @4lex) I <heart> password spraying attacks where you guess a few common passwords against […]… Read More
The post Pentest Toolbox Additions 2018 appeared first on The State of Security.
One strange story to emerge as part of the recent midterm elections was Intel’s release of a piece of federal legislation. This story got somewhat buried amid all the talk of migrant caravans, healthcare reform and the Democrats gaining control of the house. However, it is worth reflecting on why, exactly, a company devoted to […]… Read More
The post Intel Releases Draft Federal Privacy Bill appeared first on The State of Security.
One strange story to emerge as part of the recent midterm elections was Intel’s release of a piece of federal legislation. This story got somewhat buried amid all the talk of migrant caravans, healthcare reform and the Democrats gaining control of the house. However, it is worth reflecting on why, exactly, a company devoted to […]… Read More
The post Intel Releases Draft Federal Privacy Bill appeared first on The State of Security.
Computer users are being reminded once again to take care over the browser extensions they install after security experts discovered a hacking campaign that has been targeting academic institutions since at least May 2018.
The post Malicious Chrome extension which sloppily spied on academics believed to originate from North Korea appeared first on The State of Security.
With three new sections added to the California Civil Code, California became the first U.S. state with a cybersecurity law specifically for internet-connected devices on September 28, 2018. The new Security of Connected Devices law will take effect on January 1, 2020. The Basics The new law requires manufacturers of connected devices to equip the […]… Read More
The post California IoT Security Law: A Nearsighted, Toothless Guard Dog or a Wolf in Sheep’s Clothing? appeared first on The State of Security.
Authorities in the United States have charged two people in connection with a series of notorious ransomware attacks.
The post US charges Iranian hackers for SamSam ransomware attacks appeared first on The State of Security.
Whoever said “crime doesn’t pay” hasn’t been following the growth of cybercrime across the globe. A thriving underground economy has evolved over the past decade to become a massive industry. Estimates in the Web of Profit research paper show cybercriminal revenues worldwide of at least $1.5 trillion – equal to the GDP of Russia. If […]… Read More
The post Cybercrime: There Is No End in Sight appeared first on The State of Security.
It’s no longer enough to secure your own company’s infrastructure; you now must also evaluate the risk of third-party vendors and plan and monitor for breaches there, too. Data breaches are reported in the news all the time, and more than 60 percent of them are linked to a third-party. When you’re a business owner, […]… Read More
The post The Challenges of Managing Third-Party Vendor Security Risk appeared first on The State of Security.
Recently, the inventor of the web, Tim Berners-Lee, has launched a global campaign to save the web from the destructive effects of abuse and discrimination, political manipulation, and other threats that plague the online world. In a talk at the opening of the Web Summit in Lisbon, he called on governments, companies and individuals to […]… Read More
The post Paris Call: A Missed Call or a Great Opportunity? appeared first on The State of Security.
Prosecutors believe 21-year-old Manhattan resident Nicholas Truglia targeted the cellphones of the rich in SIM-swapping attacks.
The post SIM swap! Man charged after million dollar cryptocurrency theft appeared first on The State of Security.
Nowadays, high-profile security breaches continue to dominate the media headlines. This trend places an increasing number of businesses at risk. They are growing in amount and complexity while malicious hackers are actively developing new and more sophisticated forms of attacks every single day. Having anti-virus software and a firewall, as well as assuming that your […]… Read More
The post 5 Reasons Why Your Business Needs Penetration Testing appeared first on The State of Security.
The end of November is a busy time in the United States. On Thanksgiving, friends and family gather together to give thanks for good food, good company and good fortune. Once they’ve put away the leftovers, many Americans don their coats, head to the malls and wait in line all night. For what? Black Friday, […]… Read More
The post 5 Digital Threats to Watch Out for on Black Friday appeared first on The State of Security.
I am neither a political scientist nor a historian. However, I am conscious of some certain past events in human history which had political impacts and also influenced the course of history as we know it. Some say such events occurred on the basis of social, political and historical backgrounds and factors, whilst others pointed […]… Read More
The post Countering Espionage: An Enterprise Risk Management View appeared first on The State of Security.
I am neither a political scientist nor a historian. However, I am conscious of some certain past events in human history which had political impacts and also influenced the course of history as we know it. Some say such events occurred on the basis of social, political and historical backgrounds and factors, whilst others pointed […]… Read More
The post Countering Espionage: An Enterprise Risk Management View appeared first on The State of Security.
Time to dispel with a myth: quantum computing is still just a theory. It’s not. If you don’t believe us, read here. And because it’s past the theoretical stage, commercialization is not far away, even as there is also an open source push for the technology. Over 100 applications can run on quantum computers. and […]… Read More
The post Quantum Computing to Protect Data: Will You Wait and See or Be an Early Adopter? appeared first on The State of Security.
As noted previously—and as we all know—an organization cannot be secure until the entire workforce is engaged in reducing cyber risks. Each member of the group has the power to harm or to help, since each one has access to information systems, handles sensitive data and makes decisions every day which maintain, erode or strengthen […]… Read More
The post Cybersecurity Is (Still) Everyone’s Job appeared first on The State of Security.
Flaws in code lines, file system and data input methods make up the core security vulnerability of any application. This is what we address through secure coding practices. Secure coding guidelines stand out as the last battling army before the enemy line of security risks and threats. Basically, secure coding practices will make developers more […]… Read More
The post The Art and Science of Secure Coding: Key Practices that Stand Out appeared first on The State of Security.
November 2, 2018, marked the 30-year anniversary of the Morris Worm. It seems the more things change, the more things stay the same. It’s a bit ironic that as more and more devices get connected to the Internet (~20 billion+ today versus ~60,000 in 1988), we are still susceptible to malware. What we probably didn’t […]… Read More
The post Carpet (IT) to Concrete (OT) – The Evolution of Internet-Based Malware appeared first on The State of Security.
Be organized and efficient. It’s a simple rule of life that makes things run a whole lot smoother. This is something especially important when running your vulnerability management program. There are only so many hours in a day, rather, there are only so many hours in a down cycle where the business will let you […]… Read More
The post Is Your Vulnerability Management Program Efficient and Successful? appeared first on The State of Security.
In 1998, Congress unanimously passed the Digital Millennium Copyright Act (“DMCA”) to implement two international copyright treaties. Among other provisions, the DMCA addresses the use of technical measures (digital rights management or DRM) that control access to copyrighted works. The new provisions impose fines and criminal penalties for: circumventing DRM (Sec. 1201(a)(1)(A)), whether or not […]… Read More
The post The Right to Repair Your Electronics Just Got Stronger appeared first on The State of Security.
Last time, I had the opportunity to talk with software tester Claire Reckless. Testing an application’s security and functionality is a vital cybersecurity role that people often don’t think about. This time, I had the honor of speaking with Chrissy Morgan. Chrissy is a protector of the protectors by day and a crazy scientist by […]… Read More
The post Women in Information Security: Chrissy Morgan appeared first on The State of Security.
According to Gartner, threat intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications and actionable intelligence. When security research teams or government agencies release threat intelligence reports, some of the more tactical actionable intelligence is in the indicators. These indicators include (but are not limited to) IP addresses, domain names, file names or file hashes. […]… Read More
The post Hash Hunting: Why File Hashes are Still Important appeared first on The State of Security.
We are familiar with the problem of ransomware – malicious software that seeks to encrypt user data and demand a ransom in return for the decryption key. There are several defensive measures that help work against crypto-malware. Backups work, in theory, but are not always available or are partial. We need to realize that ransomware […]… Read More
The post Unearthing Ransomware Characteristics Using Classification Taxonomy appeared first on The State of Security.
In Part 1 of this series, I walked through the background of the NERC CIP version 5 controls and outlined what needs to be monitored for NERC CIP software requirements. In this second half of the series, we’ll take what we’ve learned and explore approaches for meeting the requirements while considering security value. NERC CIP […]… Read More
The post Software Monitoring for NERC CIP Compliance: Part 2 appeared first on The State of Security.
Tripwire Data Collector has been providing industrial organizations with visibility into their operational technology (OT) environments since its release in mid-2018. Data can be gathered and monitored via multiple avenues – not only native industrial protocols, such as EtherNet/IP CIP and Modbus TCP, but also integrations with management applications like Rockwell’s FactoryTalk AssetCentre, MDT AutoSave […]… Read More
The post Tripwire Data Collector Increases Operational Technology Visibility With Enhanced Web Scripting Capability appeared first on The State of Security.
Most of the industry agrees: malware is on the rise. My news feed rarely manages a week without an incident making the headlines. Here are some of the most recent events I’ve seen: Online retailer Newegg suffered a data breach at the hands of the same threat actor that’s responsible for recently infiltrating Ticketmaster and […]… Read More
The post Turning Malware Trends into Proactive Behaviors appeared first on The State of Security.