With all the Russian election hacking scandals in the news during and after the 2016 Presidential election, curiosity consumed me to architect and run an experiment to see if I could monitor changes in the threat landscape in either Moscow, Russia or Washington D.C. during the 2018 U.S. midterm elections. I have worked in four […]… Read More
The post Adventures of Cyber Security Monitoring During 2018 U.S. Midterm Elections appeared first on The State of Security.
Every security professional and every privacy professional understands that supply chain security is as important as in-house security. (If you don’t understand this, stop and read Maria Korolov’s January 25, 2019 article in CSO, What is a supply chain attack? Why you should be wary of third-party providers.) So how do you marshal the resources […]… Read More
The post Supply Chain Security – Sex Appeal, Pain Avoidance and Allies appeared first on The State of Security.
Today’s increasingly connected world, with access to mobile devices and cloud scale computing, is leading to disruption in business models and processes. To succeed, you have no option but to continuously deliver new value to customers at the increasing speed that they demand. Mark Andreessen, the founder of Netscape, said a few years back that […]… Read More
The post The Top Tactics to Be Successful at Secure DevOps appeared first on The State of Security.
In 2017, The State of Security published its most recent list of essential bug bounty frameworks. Numerous organizations and government entities have launched their own vulnerability reward programs (VRPs) since then. With that in mind, I think it’s time for an updated list. Here are 14 essential bug bounty programs for 2019. Apple Website: Invite-only […]… Read More
The post 14 Essential Bug Bounty Programs of 2019 appeared first on The State of Security.
Technology has advanced to a state where clients now expect a constant stream of updates for their software and applications. To fulfill this demand, developers commonly turn to what’s known as a CI/CD pipeline. As noted by Synopsys, this practice embraces two important software development concepts of today’s streamlined world: Continuous Integration (CI): The effort […]… Read More
The post Why Security Is Needed to Keep the CI/CD Pipeline Flowing Smoothly appeared first on The State of Security.
Most people do not regard their cybersecurity and privacy documentation as a proactive security measure. On the contrary, many oftentimes view documentation as a passive effort that offers little protection to a company, generally an afterthought that must be addressed to appease compliance efforts. Where documentation may get some much-needed attention is through Ohio’s recent […]… Read More
The post Cybersecurity Documentation: The Best Defense Is a Good Offense appeared first on The State of Security.
A few weeks ago, I woke up one morning to discover that Android had 34 software updates waiting for me. This was followed by my laptop wanting to reboot after installing the latest patches from Microsoft, my tablet needing a reboot after its latest firmware update, and my server screaming for me to put “yum” […]… Read More
The post 3 Tips for Enterprise Patch Management appeared first on The State of Security.
A few weeks ago, I woke up one morning to discover that Android had 34 software updates waiting for me. This was followed by my laptop wanting to reboot after installing the latest patches from Microsoft, my tablet needing a reboot after its latest firmware update, and my server screaming for me to put “yum” […]… Read More
The post 3 Tips for Enterprise Patch Management appeared first on The State of Security.
In the last few years, organizations have been subject to extortion through ransomware. Now, hackers are bypassing the nasty business of trying to get people to give them cryptocurrency to simply hijacking your processor to mine for cryptocurrency. As a result, the methods employed are growing in sophistication and creativity, including using internet memes to […]… Read More
The post Malware: Three Industry Problems and How to Solve Them appeared first on The State of Security.
In May 2017, the Equifax data breach compromised critical credit and identity data for 56 percent of American adults, 15 million UK citizens and 20,000 Canadians. The Ponemon Institute estimates that the total cost to Equifax could approach $600M in direct expenses and fines. That doesn’t include the cost of the security upgrades required to […]… Read More
The post Regulatory Fines, Prison Time Render “Check Box” Security Indefensible appeared first on The State of Security.
If you’ve been online recently, you may have read the news about hackers demanding a ransom from Dublin’s tram system. Visitors to the Luas website were greeted by the hackers’ message threatening to publish the stolen information unless they were paid one Bitcoin (approximately 3,300 Euros or US $3,800). While the message itself appeared to […]… Read More
The post Web Hosting Security Best Practices appeared first on The State of Security.
Security researchers are warning of a new wave of phishing emails which are using an unusual disguise in their attempt to both bypass scanners at email gateways and dupe unsuspecting users.
The post Passwords at risk for users who fall for voicemail phishing emails appeared first on The State of Security.
When he issued Executive Order 13800 (EO 13800) on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, President Trump’s goal was to highlight that security and public accountability of government officials are foundational pillars while emphasizing the importance of reducing cybersecurity risks to the Nation. In accordance with the Executive Order, effective cybersecurity requires […]… Read More
The post Federal Cybersecurity Posture “Untenable,” According to OMB Risk Report appeared first on The State of Security.
Most people have at least heard of the partial shutdown plaguing the U.S. federal government. Now over three weeks old, the stoppage owes its existence to a conflict over border security funding. President Donald Trump wants $5.7 billion to build a new wall along the U.S. Mexican border, while Democrats say they will not fulfill […]… Read More
The post How the Federal Shutdown Could Do Long-Term Digital Security Damage appeared first on The State of Security.
The Internet of Things (IoT) broadly refers to devices and equipment that are readable, recognizable, locatable, addressable and/or controllable via the internet. This includes everything from edge computing devices to home appliances, from wearable technology to cars. IoT represents the melding of the physical world and the digital worked, as sensors are not costly and wireless access is […]… Read More
The post The Imperative to Address Security Concerns of the Rapidly Evolving Internet of Things appeared first on The State of Security.
With the majority of people using smartphones these days, texting is all but a given when trying to communicate with your friends or family. But what about your doctor? A recent study determined that 96 percent of physicians use text messaging for coordinating patient care. This can raise eyebrows and red flags. Anyone with a […]… Read More
The post What You Need to Know About Secure Mobile Messaging in Healthcare appeared first on The State of Security.
Many organizations migrate to the cloud because of increased efficiency, data space, scalability, speed and other benefits. But cloud computing comes with its own security threats. To address these challenges, companies should create a hybrid cloud environment, confirm that their cloud security solution offers 24/7 monitoring and multi-layered defenses as well as implement security measures […]… Read More
The post The Top 5 Vendor-Neutral Cloud Security Certifications of 2019 appeared first on The State of Security.
A large number of Reddit users are being told that they will have to reset their passwords in order to regain access to their accounts following what the site is calling a "security concern."
The lockout has occurred as Reddit's security team investigates what appears to have been an attempt to log into many users' accounts through a credential-stuffing attack.
The post Reddit users locked out of accounts after “security concern” appeared first on The State of Security.
This article covers the main techniques cybercriminals use at the initial stage of attacks against enterprise networks. There are several dangerous phases of cyberattacks targeting the corporate segment. The first one encountered by businesses boils down to getting initial access into their systems. The malefactor’s goal at this point is to deposit some malicious code […]… Read More
The post How Cybercriminals Are Getting Initial Access into Your System appeared first on The State of Security.
In a previous post, Tripwire asked contributors what their most memorable event of 2018 was. As a follow-up, guest author Bob Covello expands on his thoughts about two-factor authentication (2FA). We in the infosec community have made enormous progress towards getting multi-factor authentication the recognition it deserves. All the respected folks in the community have […]… Read More
The post Opinion: Back to the Start for 2FA Adoption? appeared first on The State of Security.
Maybe you have nightmares about accidentally posting AWS console credentials on Github? Some CISOs undoubtedly have dreams where they must explain to the board that the company has just set the record for the world’s largest data breach. As a developer of security products, I spend many early mornings thinking about how hacking and data […]… Read More
The post What Keeps You Up At Night? appeared first on The State of Security.