Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

Companies That Request PII From Vendors Must Protect It

In my line of work, it is often a requirement to provide our customers with background information on the employees who will be performing on-site professional services. This is not in itself an issue, but how the customer receives and handles that information can be. Tripwire best practice is for HR to provide an attestation of all requested background checks to our clients rather than providing detailed background reports or having the client run a background check on our employees.

What Does Integrity Monitoring Have To Do With Security Anyway?

After spending several decades in this industry, I have seen growth in many different security products and in many different areas. All the while, I’ve questioned whether specific technologies were offering real value or were just over-marketed to create more revenue opportunities for investors. As we have seen repeatedly, categories of security products blossom in many different ways. So many vendors, so much technology. Where do we go from here?

EVERTEC Case Study: An Example of How to Spice up Customer Service Levels This Holiday Season

This holiday season kicked off a couple weeks ago, with Black Friday and Cyber Monday showing a 14% increase in early holiday purchases from the same period during 2018, according to a report by Bank of America Merrill Lynch Global Research. With holiday sales projections showing similar numbers until the end of the year, there has never been a more vital time to ensure that consumer transactions are completing as expected.

What is SQL Injection Attack? What are its Types?

SQL injection is a popular method amongst hackers that can cause major problems within an organization. Through SQL injection, an attacker can easily bypass various security measures like authentication. In this article, we will take a closer look at how you can prevent it. What is SQL injection attack? Even though they have been around for a while, SQL injections still pose a serious danger to web applications.

Should cities pay a ransomware demand?

UPDATE: In a “ripped from the headlines” moment, we have real world confirmation of the growing risk discussed in this article. Breaking news over the weekend revealed that both the city of New Orleans and New Jersey's largest hospital network are in the midst of dealing with serious ransomware attacks. When you hear about data breaches and cyberattacks in the news, it's usually in connection with a large company and has affected users across the globe.

Reduce Time To Remediate Threats: Lessons from a major US retailer

2019 has become another record-breaking year in eCommerce. This unprecedented growth has a dark side - since an overwhelming 71% of security incidents are financially motivated, digital retailers are becoming even more attractive targets for cyber attacks and fraud. As we near 2020, digital retailers will have to work hard to protect their digital assets. Here are a few factors that will make this task harder than ever.

It's All About the Baselines: Security Edition

I am all about the baselines. I’ve made an entire career out of them. But if you were to ask a random person on the street what that means, the reaction would be: “Who the heck are you, and why are you asking me random weird questions.” So it would be better if you found someone in the tech industry at least.

Social Engineering the Silver Screen: Home Alone Edition

I have wanted to do a series like this for some time. I frequently watch movies and point out social engineering and OSINT techniques or inaccuracies as well as OPSEC blunders. These blunders, in addition to the matrix style waterfall screens, are equally bad as the “hacking” you see in movies.

What is a Zero-day (0-day)?

A zero-day (0-day) is an unpatched security vulnerability that is unknown to the software, hardware or firmware developer, and the exploit attackers use to take advantage of the security hole. In general, zero-day refers to two things: Zero day gets its name from the number of days that a patch has existed for the flaw: zero. Zero-day threats represent significant cybersecurity risk because they are unknown to the party who is responsible for patching the flaw and may already be being exploited.