Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

An introduction to penetration testing

The digital world has become a dangerous place. It’s like the Wild West (the movie kind, not the real kind, which was decidedly less wild than it’s portrayed), with outlaws out to do you harm and make off with your precious data. Fortunately, like any good western, there are also honour-bound gun slingers seeking to bring law, order and – most importantly – security to the digital landscape.

What is Ransomware?

Ransomware is a type of malicious software, or malware, designed to deny access to a computer system or data until ransom is paid. Ransomware spreads through phishing emails, malvertising, visiting infected websites or by exploiting vulnerabilities. Ransomware attacks cause downtime, data leaks, intellectual property theft and data breaches. Ransom payment amounts range from a few hundred to hundreds of thousands of dollars. Payable in cryptocurrencies like Bitcoin.

What is an Information Security Policy?

An information security policy (ISP) is a set of rules, policies and procedures designed to ensure all users and networks within an organization meet minimum IT security and data protection security requirements. ISPs should address all data, programs, systems, facilities, infrastructure, users, third-parties and fourth-parties of an organization.

WordPress sites hacked through defunct Rich Reviews plugin

An estimated 16,000 websites are believed to be running a vulnerable and no-longer-maintained WordPress plugin that can be exploited to display pop-up ads and redirect visitors to webpages containing porn, scams, and–worst of all–malware designed to infect users’ computers. Researchers at WordFence went public about how hackers are exploiting a zero-day vulnerability in a third-party WordPress plugin called Rich Reviews to inject malvertising code into vulnerable WordPress sites.

Why Cybersecurity Pros Need to Be Good Storytellers

Like storytelling, data visualization can be used to provide a narrative about your organization’s cybersecurity posture. Cybersecurity is never a single thing; it is an amalgamation of an often growing list of issues that never seem to end. So in order to make some sense of what it means for the health of your organization, I am combining several metrics to define a singular one—cybersecurity posture—in a visual manner.

Featured Post

Protecting Customers by Protecting Your Business

Many small businesses are now aware of the importance of maintaining data security. However, not all companies pay close attention to customer data. Breaches that result in customer information being compromised are among the most expensive to deal with. For example, exposing credit card numbers, addresses, and names of customers could result in significant financial loss, reputation damages, and compliance issues. This means that your company might end up incurring as much as $4 million per incident of this nature.

Undivided we fall: decoupling network segmentation from micro-segmentation in the software defined perimeter

As of today, no laws or regulations, even the latest version of PCI-DSS, HIPAA, and HITECH, do not make network segmentation or micro-segmentation compulsory to comply with the rule. By making network segmentation discretionary -- even when transmitting, processing, or storing regulated data, the number of breaches will continue to rise as companies err on the side of doing less with more.

Best Practices for Using Tripwire Enterprise in Dynamic Environments - Part 1

Just a few years ago, most IT environments were made up of deployed servers on which personnel installed applications, oftentimes as many as that one system could handle. They then remained and ran that way for years. In the meantime, the IT team maintained the system and updated the applications as needed. Sometimes there were test versions of those systems, but this wasn’t often. Even then, the OS often didn’t match the production version of the same system.