Tripwire Guest Authors – Page 66

How the 24-Hour News Cycle Became the Latest Information Security Adversary

Posted on January 26, 2017 by Tripwire Guest Authors

Indicators of compromise (IoC), infection, malware, hack, breach… these words all have different meanings to information security professionals that are largely unknown by the general public. Unfamiliar with the different potential risks of various events, the general consensus, even among some reporting organizations, is to assume the worst. Take, for example, the recent news on […]… Read More

The post How the 24-Hour News Cycle Became the Latest Information Security Adversary appeared first on The State of Security.

Continue reading How the 24-Hour News Cycle Became the Latest Information Security Adversary→

Proactive vs. Reactive Compliance Management

Posted on January 26, 2017 by Tripwire Guest Authors

Much of my time spent working is focused on performing technology assessments against some kind of baseline. Most of the time, these are specific government or industry standards like HIPAA, NIST, ISO and PCI. But when some of my clients reach out to me about evaluating their environment in light of these standards, it’s often […]… Read More

The post Proactive vs. Reactive Compliance Management appeared first on The State of Security.

Continue reading Proactive vs. Reactive Compliance Management→

Digging for Security Bugs in Python Code

Posted on January 25, 2017 by Tripwire Guest Authors

Python is a great development language for so many reasons. Its developers enjoy huge library support. Do you want to deploy a simple web server or implement a RESTful API? There are modules for that. Capture, analyze, and visualize network traffic flow? There are simple and free modules for all of that, too. Developers using […]… Read More

The post Digging for Security Bugs in Python Code appeared first on The State of Security.

Continue reading Digging for Security Bugs in Python Code→

DNS Evil Lurking Around Every Corner

Posted on January 24, 2017 by Tripwire Guest Authors

Today, I came across a blog post that once again showcases the importance of properly managing DNS through its entire lifecycle. The article entitled “Respect My Authority – Hijacking Broken Nameservers to Compromise Your Target” (sic) was written by Matthew Bryant (@IAmMandatory). It can be found here. It’s a bit of long read but serves […]… Read More

The post DNS Evil Lurking Around Every Corner appeared first on The State of Security.

Continue reading DNS Evil Lurking Around Every Corner→

The Gap of Cyber Security, Digital Forensic and Infosec Professionals

Posted on January 24, 2017 by Tripwire Guest Authors

One of the biggest complaints from company owners I hear from time and time again is as follows: “We need candidates that have experience to hit the ground running.” On the flip side, candidates often issue the following complaint: “We need to have and/or gain experience to get jobs.” The industry can see this and […]… Read More

The post The Gap of Cyber Security, Digital Forensic and Infosec Professionals appeared first on The State of Security.

Continue reading The Gap of Cyber Security, Digital Forensic and Infosec Professionals→

Consumer Carelessness Leaves Sensitive Data in Returned Devices

Posted on January 23, 2017 by Tripwire Guest Authors

My boyfriend works a demanding day job at a major Canadian big box furniture and appliance retailing chain. Knowing that I write about information security for a living, he had an interesting story to tell me: “An LG Smart TV was returned to us by the customer, and it had their credit card credentials in […]… Read More

The post Consumer Carelessness Leaves Sensitive Data in Returned Devices appeared first on The State of Security.

Continue reading Consumer Carelessness Leaves Sensitive Data in Returned Devices→

Assessing Cyber Security Risk: You Can’t Secure It If…

Posted on January 19, 2017 by Tripwire Guest Authors

In the course of working with our clients to improve their security posture, I have come across several common factors that often limit a business’s ability to assess and mitigate cyber security risk. Last month, we looked at a few of these themes and some real-world examples of how they apply. Let’s now take a […]… Read More

The post Assessing Cyber Security Risk: You Can’t Secure It If… appeared first on The State of Security.

Continue reading Assessing Cyber Security Risk: You Can’t Secure It If…→

BSidesSF Preview: DNS Attacks, A History and Overview

Posted on January 19, 2017 by Tripwire Guest Authors

In modern times, it is possible for an attacker to persistently and repeatedly hijack a victim’s bank account at most major US banks through the victim visiting a web page. This is done without browser exploits or any visible warning. For a criminal, these attacks are cheap and highly successful. The attack that I am […]… Read More

The post BSidesSF Preview: DNS Attacks, A History and Overview appeared first on The State of Security.

Continue reading BSidesSF Preview: DNS Attacks, A History and Overview→

Sherlock Holmes for the InfoSec Crowd: 5 Steps to Becoming a Security Awareness Mastermind

Posted on January 17, 2017 by Tripwire Guest Authors

The ever-fickle world of pop culture has seen a resurgence of interest in Sherlock Holmes in the last five years. Fresh re-imaginings of the detective residing at 221B Baker Street have come both to the big screen and small to varying degrees of critical acclaim. Robert Downey Jr.’s version premiered in 2009, while Benedict Cumberbatch’s […]… Read More

The post Sherlock Holmes for the InfoSec Crowd: 5 Steps to Becoming a Security Awareness Mastermind appeared first on The State of Security.

Continue reading Sherlock Holmes for the InfoSec Crowd: 5 Steps to Becoming a Security Awareness Mastermind→