Category Archives: Featured Articles

The State of Security: Don’t Let DNS Flag Day Become Your DNS Doomsday

News Flash: Your DNS might be broken, and you don’t even know it. But wait? How could I not know my DNS is broken? Well, the answer lies in the history of the DNS standards and what has become the cobbling together of features within authoritative and recursive DNS server software. It all started going […]… Read More

The post Don’t Let DNS Flag Day Become Your DNS Doomsday appeared first on The State of Security.



The State of Security

Don’t Let DNS Flag Day Become Your DNS Doomsday

News Flash: Your DNS might be broken, and you don’t even know it. But wait? How could I not know my DNS is broken? Well, the answer lies in the history of the DNS standards and what has become the cobbling together of features within authoritative and recursive DNS server software. It all started going […]… Read More

The post Don’t Let DNS Flag Day Become Your DNS Doomsday appeared first on The State of Security.

How Do You Measure Your Investment in Security?

When evaluating enterprise security tools for their effectiveness, it can be challenging to find the right model for best calculating your “Return on Security Investment” (ROSI). Just a few years ago, the potential cost attributed to a security breach was likely to be primarily related in the assessed financial cost into a business’ reputation, with […]… Read More

The post How Do You Measure Your Investment in Security? appeared first on The State of Security.

5 Key Components Every Company Should Have in Their Privacy Policy

As a business owner, you’re no stranger to the myriad moving parts that keep the day-to-day business going. In all the bustle, it can be easy to overlook important tasks such as creating a privacy policy because you’re unsure where to start or which elements to include. Earlier this year, the EU’s GDPR—the General Data […]… Read More

The post 5 Key Components Every Company Should Have in Their Privacy Policy appeared first on The State of Security.

Tis the Season to be a Prudent Shopper

Holiday shopping is in full force—Tis the season to be shopping, some would say. Unfortunately, during seasonal times such as Thanksgiving, Christmas and New Year’s Eve, while we are preparing to spend time with family and friends, we must be vigilant when shopping and doing holiday business online. Malicious cyber actors know that e-commerce increases […]… Read More

The post Tis the Season to be a Prudent Shopper appeared first on The State of Security.

‘Tis the Season to be a Prudent Retailer

‘Tis the season to be shopping, as some might say. Holiday seasons are very good for retail businesses, with increased traffic in both online and brick-and-mortar stores. Unfortunately, business is good for cybercriminals during these busing shopping times, too – and, as a result, retailers need to ensure that their physical and cyber resources are […]… Read More

The post ‘Tis the Season to be a Prudent Retailer appeared first on The State of Security.

How to Apply the Risk Management Framework (RMF)

What is the Risk Management Framework? The Risk Management Framework (RMF) is most commonly associated with the NIST SP 800-37 guide “Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach,” which has been available for FISMA compliance since 2004. This was the result of a Joint Task Force […]… Read More

The post How to Apply the Risk Management Framework (RMF) appeared first on The State of Security.

The State of Security: How to Apply the Risk Management Framework (RMF)

What is the Risk Management Framework? The Risk Management Framework (RMF) is most commonly associated with the NIST SP 800-37 guide “Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach,” which has been available for FISMA compliance since 2004. This was the result of a Joint Task Force […]… Read More

The post How to Apply the Risk Management Framework (RMF) appeared first on The State of Security.



The State of Security

Artificial Intelligence and Cybersecurity: Attacking and Defending

Cybersecurity is a manpower constrained market – therefore, the opportunities for artificial intelligence (AI) automation are vast. Frequently, AI is used to make certain defensive aspects of cyber security more wide reaching and effective. Combating spam and detecting malware are prime examples. On the opposite side, there are many incentives to use AI when attempting […]… Read More

The post Artificial Intelligence and Cybersecurity: Attacking and Defending appeared first on The State of Security.

The State of Security: Artificial Intelligence and Cybersecurity: Attacking and Defending

Cybersecurity is a manpower constrained market – therefore, the opportunities for artificial intelligence (AI) automation are vast. Frequently, AI is used to make certain defensive aspects of cyber security more wide reaching and effective. Combating spam and detecting malware are prime examples. On the opposite side, there are many incentives to use AI when attempting […]… Read More

The post Artificial Intelligence and Cybersecurity: Attacking and Defending appeared first on The State of Security.



The State of Security

Pentest Toolbox Additions 2018

I’m a red teamer,.I do work similar to pentesting and use many of the same tools. This year, I’ve added several tools to my toolbox. I’ll introduce them to you below. I hope you find them valuable, as well. DoubleTap (by @4lex) I <heart> password spraying attacks where you guess a few common passwords against […]… Read More

The post Pentest Toolbox Additions 2018 appeared first on The State of Security.

The State of Security: Pentest Toolbox Additions 2018

I’m a red teamer,.I do work similar to pentesting and use many of the same tools. This year, I’ve added several tools to my toolbox. I’ll introduce them to you below. I hope you find them valuable, as well. DoubleTap (by @4lex) I <heart> password spraying attacks where you guess a few common passwords against […]… Read More

The post Pentest Toolbox Additions 2018 appeared first on The State of Security.



The State of Security

The State of Security: Intel Releases Draft Federal Privacy Bill

One strange story to emerge as part of the recent midterm elections was Intel’s release of a piece of federal legislation. This story got somewhat buried amid all the talk of migrant caravans, healthcare reform and the Democrats gaining control of the house. However, it is worth reflecting on why, exactly, a company devoted to […]… Read More

The post Intel Releases Draft Federal Privacy Bill appeared first on The State of Security.



The State of Security

Intel Releases Draft Federal Privacy Bill

One strange story to emerge as part of the recent midterm elections was Intel’s release of a piece of federal legislation. This story got somewhat buried amid all the talk of migrant caravans, healthcare reform and the Democrats gaining control of the house. However, it is worth reflecting on why, exactly, a company devoted to […]… Read More

The post Intel Releases Draft Federal Privacy Bill appeared first on The State of Security.

Malicious Chrome extension which sloppily spied on academics believed to originate from North Korea

Computer users are being reminded once again to take care over the browser extensions they install after security experts discovered a hacking campaign that has been targeting academic institutions since at least May 2018.

The post Malicious Chrome extension which sloppily spied on academics believed to originate from North Korea appeared first on The State of Security.

California IoT Security Law: A Nearsighted, Toothless Guard Dog or a Wolf in Sheep’s Clothing?

With three new sections added to the California Civil Code, California became the first U.S. state with a cybersecurity law specifically for internet-connected devices on September 28, 2018. The new Security of Connected Devices law will take effect on January 1, 2020. The Basics The new law requires manufacturers of connected devices to equip the […]… Read More

The post California IoT Security Law: A Nearsighted, Toothless Guard Dog or a Wolf in Sheep’s Clothing? appeared first on The State of Security.

Cybercrime: There Is No End in Sight

Whoever said “crime doesn’t pay” hasn’t been following the growth of cybercrime across the globe. A thriving underground economy has evolved over the past decade to become a massive industry. Estimates in the Web of Profit research paper show cybercriminal revenues worldwide of at least $1.5 trillion – equal to the GDP of Russia. If […]… Read More

The post Cybercrime: There Is No End in Sight appeared first on The State of Security.

The Challenges of Managing Third-Party Vendor Security Risk

It’s no longer enough to secure your own company’s infrastructure; you now must also evaluate the risk of third-party vendors and plan and monitor for breaches there, too. Data breaches are reported in the news all the time, and more than 60 percent of them are linked to a third-party. When you’re a business owner, […]… Read More

The post The Challenges of Managing Third-Party Vendor Security Risk appeared first on The State of Security.

Paris Call: A Missed Call or a Great Opportunity?

Recently, the inventor of the web, Tim Berners-Lee, has launched a global campaign to save the web from the destructive effects of abuse and discrimination, political manipulation, and other threats that plague the online world. In a talk at the opening of the Web Summit in Lisbon, he called on governments, companies and individuals to […]… Read More

The post Paris Call: A Missed Call or a Great Opportunity? appeared first on The State of Security.

5 Reasons Why Your Business Needs Penetration Testing

Nowadays, high-profile security breaches continue to dominate the media headlines. This trend places an increasing number of businesses at risk. They are growing in amount and complexity while malicious hackers are actively developing new and more sophisticated forms of attacks every single day. Having anti-virus software and a firewall, as well as assuming that your […]… Read More

The post 5 Reasons Why Your Business Needs Penetration Testing appeared first on The State of Security.

5 Digital Threats to Watch Out for on Black Friday

The end of November is a busy time in the United States. On Thanksgiving, friends and family gather together to give thanks for good food, good company and good fortune. Once they’ve put away the leftovers, many Americans don their coats, head to the malls and wait in line all night. For what? Black Friday, […]… Read More

The post 5 Digital Threats to Watch Out for on Black Friday appeared first on The State of Security.

The State of Security: Countering Espionage: An Enterprise Risk Management View

I am neither a political scientist nor a historian. However, I am conscious of some certain past events in human history which had political impacts and also influenced the course of history as we know it. Some say such events occurred on the basis of social, political and historical backgrounds and factors, whilst others pointed […]… Read More

The post Countering Espionage: An Enterprise Risk Management View appeared first on The State of Security.



The State of Security

Countering Espionage: An Enterprise Risk Management View

I am neither a political scientist nor a historian. However, I am conscious of some certain past events in human history which had political impacts and also influenced the course of history as we know it. Some say such events occurred on the basis of social, political and historical backgrounds and factors, whilst others pointed […]… Read More

The post Countering Espionage: An Enterprise Risk Management View appeared first on The State of Security.

Quantum Computing to Protect Data: Will You Wait and See or Be an Early Adopter?

Time to dispel with a myth: quantum computing is still just a theory. It’s not. If you don’t believe us, read here. And because it’s past the theoretical stage, commercialization is not far away, even as there is also an open source push for the technology. Over 100 applications can run on quantum computers. and […]… Read More

The post Quantum Computing to Protect Data: Will You Wait and See or Be an Early Adopter? appeared first on The State of Security.

Cybersecurity Is (Still) Everyone’s Job

As noted previously—and as we all know—an organization cannot be secure until the entire workforce is engaged in reducing cyber risks. Each member of the group has the power to harm or to help, since each one has access to information systems, handles sensitive data and makes decisions every day which maintain, erode or strengthen […]… Read More

The post Cybersecurity Is (Still) Everyone’s Job appeared first on The State of Security.

The Art and Science of Secure Coding: Key Practices that Stand Out

Flaws in code lines, file system and data input methods make up the core security vulnerability of any application. This is what we address through secure coding practices. Secure coding guidelines stand out as the last battling army before the enemy line of security risks and threats. Basically, secure coding practices will make developers more […]… Read More

The post The Art and Science of Secure Coding: Key Practices that Stand Out appeared first on The State of Security.

Carpet (IT) to Concrete (OT) – The Evolution of Internet-Based Malware

November 2, 2018, marked the 30-year anniversary of the Morris Worm. It seems the more things change, the more things stay the same. It’s a bit ironic that as more and more devices get connected to the Internet (~20 billion+ today versus ~60,000 in 1988), we are still susceptible to malware. What we probably didn’t […]… Read More

The post Carpet (IT) to Concrete (OT) – The Evolution of Internet-Based Malware appeared first on The State of Security.

Is Your Vulnerability Management Program Efficient and Successful?

Be organized and efficient. It’s a simple rule of life that makes things run a whole lot smoother. This is something especially important when running your vulnerability management program. There are only so many hours in a day, rather, there are only so many hours in a down cycle where the business will let you […]… Read More

The post Is Your Vulnerability Management Program Efficient and Successful? appeared first on The State of Security.

The Right to Repair Your Electronics Just Got Stronger

In 1998, Congress unanimously passed the Digital Millennium Copyright Act (“DMCA”) to implement two international copyright treaties. Among other provisions, the DMCA addresses the use of technical measures (digital rights management or DRM) that control access to copyrighted works. The new provisions impose fines and criminal penalties for: circumventing DRM (Sec. 1201(a)(1)(A)), whether or not […]… Read More

The post The Right to Repair Your Electronics Just Got Stronger appeared first on The State of Security.

Women in Information Security: Chrissy Morgan

Last time, I had the opportunity to talk with software tester Claire Reckless. Testing an application’s security and functionality is a vital cybersecurity role that people often don’t think about. This time, I had the honor of speaking with Chrissy Morgan. Chrissy is a protector of the protectors by day and a crazy scientist by […]… Read More

The post Women in Information Security: Chrissy Morgan appeared first on The State of Security.

Hash Hunting: Why File Hashes are Still Important

According to Gartner, threat intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications and actionable intelligence. When security research teams or government agencies release threat intelligence reports, some of the more tactical actionable intelligence is in the indicators. These indicators include (but are not limited to) IP addresses, domain names, file names or file hashes. […]… Read More

The post Hash Hunting: Why File Hashes are Still Important appeared first on The State of Security.

Unearthing Ransomware Characteristics Using Classification Taxonomy

We are familiar with the problem of ransomware – malicious software that seeks to encrypt user data and demand a ransom in return for the decryption key. There are several defensive measures that help work against crypto-malware. Backups work, in theory, but are not always available or are partial. We need to realize that ransomware […]… Read More

The post Unearthing Ransomware Characteristics Using Classification Taxonomy appeared first on The State of Security.

Software Monitoring for NERC CIP Compliance: Part 2

In Part 1 of this series, I walked through the background of the NERC CIP version 5 controls and outlined what needs to be monitored for NERC CIP software requirements. In this second half of the series, we’ll take what we’ve learned and explore approaches for meeting the requirements while considering security value. NERC CIP […]… Read More

The post Software Monitoring for NERC CIP Compliance: Part 2 appeared first on The State of Security.

Tripwire Data Collector Increases Operational Technology Visibility With Enhanced Web Scripting Capability

Tripwire Data Collector has been providing industrial organizations with visibility into their operational technology (OT) environments since its release in mid-2018. Data can be gathered and monitored via multiple avenues – not only native industrial protocols, such as EtherNet/IP CIP and Modbus TCP, but also integrations with management applications like Rockwell’s FactoryTalk AssetCentre, MDT AutoSave […]… Read More

The post Tripwire Data Collector Increases Operational Technology Visibility With Enhanced Web Scripting Capability appeared first on The State of Security.

Turning Malware Trends into Proactive Behaviors

Most of the industry agrees: malware is on the rise. My news feed rarely manages a week without an incident making the headlines. Here are some of the most recent events I’ve seen: Online retailer Newegg suffered a data breach at the hands of the same threat actor that’s responsible for recently infiltrating Ticketmaster and […]… Read More

The post Turning Malware Trends into Proactive Behaviors appeared first on The State of Security.