Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

September 2019

11 Respected Providers of IT Security Training

We at The State of Security are committed to helping aspiring information security professionals reach their full potential. Towards that end, we compiled a list of the top 10 highest paying jobs in the industry. We even highlighted the U.S. cities that tend to reward security personnel with the best salaries, amenities and other benefits. Knowing which job title you’d like and where you’d like to live goes a long way towards advancing one’s infosec career.

Cyber Threats to Medical Imaging Systems and How to Address Them

Healthcare continues to see staggering growth in breaches to patient health information. In the first half of 2019 alone, 32 million health records were breached, compared to 15 million records in the entire year of 2018. However, this trend of growing cyber breaches in healthcare is likely to persist due to the following characteristics of the healthcare industry...

WordPress sites hacked through defunct Rich Reviews plugin

An estimated 16,000 websites are believed to be running a vulnerable and no-longer-maintained WordPress plugin that can be exploited to display pop-up ads and redirect visitors to webpages containing porn, scams, and–worst of all–malware designed to infect users’ computers. Researchers at WordFence went public about how hackers are exploiting a zero-day vulnerability in a third-party WordPress plugin called Rich Reviews to inject malvertising code into vulnerable WordPress sites.

Why Cybersecurity Pros Need to Be Good Storytellers

Like storytelling, data visualization can be used to provide a narrative about your organization’s cybersecurity posture. Cybersecurity is never a single thing; it is an amalgamation of an often growing list of issues that never seem to end. So in order to make some sense of what it means for the health of your organization, I am combining several metrics to define a singular one—cybersecurity posture—in a visual manner.

Best Practices for Using Tripwire Enterprise in Dynamic Environments - Part 1

Just a few years ago, most IT environments were made up of deployed servers on which personnel installed applications, oftentimes as many as that one system could handle. They then remained and ran that way for years. In the meantime, the IT team maintained the system and updated the applications as needed. Sometimes there were test versions of those systems, but this wasn’t often. Even then, the OS often didn’t match the production version of the same system.

The Top 10 Highest Paying Jobs in Information Security - Part 2

Information security is an exciting and rapidly growing field for individuals who are interested in protecting users and their data. In an effort to map out the industry as a possible career choice, we recently conducted research into the top 10 infosec jobs based on overall pay grade. We now continue with the second part of our two-part series.

How Will the CMMC Impact My Business and How Can We Prepare? Part 2 of 3

In part one of this series, I addressed what DoD contractors could be doing to prepare for the CMMC security level rating. In part two of the series, I want to discuss our customers’ concerns about the possible impacts of having their company’s security rating made public. According to the CMMC FAQ, all companies conducting business with the DoD must be certified (not just those who handle CUI), and the level of certification for each company will be made public.

Building a Foundation for "Smart" Steel Factories with Fog Computing, the Cloud and Cybersecurity

Digital technologies have been transforming our world for the past few decades. For instance, the Internet of Things (IoT) and cloud computing have induced an evolution in the way we as society live our everyday lives as well as how many enterprises conduct business. This evolution has started to enter the industrial realm, most notably the Industrial Internet of Things (IIoT) and Industry 4.0 and how these forces have driven other innovative ideas such as smart factories.

A Guide on 5 Common LinkedIn Scams

The fact that scammers haunt Facebook and Twitter is not surprising. Even so, digital criminals don’t stop with just those two platforms. They’re also known to stalk users on LinkedIn where connections carry greater professional gravity. Fortunately, users can stay alert of such activity by familiarizing themselves with the most common types of LinkedIn scams. Here are five ruses, in particular, that should be on their radar.

CookieMiner malware targets Macs, steals passwords and SMS messages, mines for cryptocurrency

Security researchers at Palo Alto Networks have discovered a new malware threat that targets Macs in what appears to be a sophisticated attempt to raid cryptocurrency wallets. The malware, which researchers have dubbed CookieMiner, has a variety of weapons in its armory that could make it particularly worrisome for cryptocurrency investors.

Concerns and Challenges for Effective Cloud Security

In July 2019, Capital One made news headlines not for achieving another milestone but because it had been breached. Capital One was using AWS cloud services, as many businesses are doing nowadays. The problem stemmed (in part) because Capital One had a misconfigured open-source Web Application Firewall (WAF) hosted in the cloud with Amazon Web Services (AWS).

The Top 10 Highest Paying Jobs in Information Security - Part 1

Given a surge in digital threats like ransomware, it is no surprise that the field of information security is booming. Cybersecurity Ventures estimates that there will be 3.5 million job openings across the industry by 2021. Around that same time, the digital economy research firm forecasted that global digital security spending would exceed one trillion dollars.

How Will the CMMC Impact My Business and How Can We Prepare? Part 1 of 3

In June of this year, my colleague Tom Taylor wrote about the DoD’s announcement to instate the Cyber Security Maturity Model Certification (CMMC) and elaborated on the fact that, with the CMMC, the DoD appears to be addressing our customers’ core compliance pain points: Since its announcement in May, the DoD kicked-off a “listening tour” to solicit feedback from the Defense Industrial Base sector, according to the CMMC website.

GDPR One Year Anniversary: The Civil Society Organizations' View

GDPR is a landmark in privacy jurisdiction. Through its 99 articles, it sets a framework for both businesses and individuals on their rights and responsibilities when it comes to protecting privacy. The most important element in my opinion is that privacy functions a fundamental human right and needs to be protected.

How to Foil the 6 Stages of a Network Intrusion

The cost of a breach is on the rise. A recent report from IBM revealed that the average cost of a data breach had risen 12 percent over the past five years to $3.92 million per incident on average. Additionally, this publication uncovered that data breaches originating from malicious digital attacks were both the most common and the most expensive types of security incidents.

Toyota Parts Supplier Loses $37 Million in Email Scam

Toyota Boshoku, a seating and interiors supplier for Toyota cars, has revealed that it was tricked into moving a large amount of money into a bank account controlled by scammers. In a statement published on its global website, Toyota Boshoku Corporation said that its European subsidiary was duped into transferring approximately four billion yen (over US $37 million) out of the business and into a bank account controlled by criminals on 14 August.

10 of the Most Significant Ransomware Attacks of All Time

For years, ransomware actors have developed new families and attack campaigns in increasing frequency and numbers. Such activity peaked in 2017 but then fell in tandem with cryptocurrency miners’ rise. This development was short-lived, however. Between Q4 2018 and Q1 2019, Malwarebytes observed a 195 percent increase in ransomware detections involving business targets. The rate was even greater compared to Q1 2018 at 500 percent.

Integrating Security to DevOps: Fundamental Principles Are Crucial!

Changing consumer demands posed a serious challenge to the IT industry; it pushed firms to brainstorm about quick product delivery. This demand eventually gave rise to the demand for collaboration between Development (Dev) and Operations (Ops) teams, welcoming the DevOps trend. As a result, everything started progressing well with increased development, enhanced collaboration, advanced testing, high productivity and minimized time to market.

Don't Trade Convenience for Security: Protect the Providence of your Work

I recently volunteered as an AV tech at a science communication conference in Portland, OR. There, I handled the computers of a large number of presenters, all scientists and communicators who were passionate about their topic and occasionally laissez-faire about their system security. As exacting as they were with the science, I found many didn’t actually see a point to the security policies their institutions had, or they had actively circumvented them. A short survey heard reasoning like.

Don't Let Your Analysts Become the Latest Victims of Burnout!

Working as a cybersecurity analyst is incredibly challenging. It’s one of the only roles in IT that requires 24/7/365 availability. The constant stressors of the job can overload security analysts, which ultimately leads to burnout—affecting every factor of the job from performance to talent retention.

Hundreds of millions of Facebook users' phone numbers found lying around on the internet

TechCrunch reports that a security researcher stumbled across an exposed server on the internet containing databases with a total of more than 419 million records related to Facebook users. According to TechCrunch’s reporting, each database record contains a user’s unique Facebook account ID (from which it’s possible to determine a user name) and phone numbers attached to the account.

Survey Reveals Kubernetes Usage Skyrocketing, but Security Concerns Remain

Containers have become a popular technology for enterprises that need to create agile, scalable and reliable applications. As they’re moving containerized workloads into production, many are adopting Kubernetes for container orchestration. While containerization enables DevOps to deploy software fast and efficiently, it also creates new security challenges, especially for those who’ve accelerated their implementation of this complex technology.

How Global Processing Services Uses Tripwire to Achieve & Maintain Policy Compliance

Global Processing Services (GPS) uses Tripwire to solve its biggest security challenge year after year – meeting PCI compliance. Chief Information Security Officer Alex Radford shares how Tripwire solutions help the organization monitor and remediate changes to effectively achieve and maintain policy compliance.

Strong Customer Authentication: A Vehicle for PCI-DSS Compliance

Payment services that operate electronically should adopt technologies that guarantees the safe authentication of the user and reduces, to the maximum extent possible, the risk of fraud. In order to achieve this, the European Union in 2007 passed the Payment Services Directive (PSD). The aim of this legislation is to regulate payment services and payment service providers throughout the European Union (EU) and European Economic Area (EEA).