Securitymost recent

The State of Security:

Moving to the Cloud: Motivations Behind the Migration

Consider how many times a day you check your mobile phone, smartwatch, smart TV, and/or other connected devices. How normal does it seem to be reaching out to an external source, not actually sure where this information is stored, or even coming from, but that it’s there, accessible and ready to be taken in? Organizations […]… 

The State of Security:

CMMC: The Logical End of ISO 27001, SOC 2 & HITRUST Certifications

In the not-too-distant future, I can clearly see how ISO 27001, SOC 2 and HITRUST certifications could become a diminished, legacy activity, viewed as a rarity left over from marketing efforts to distinguish an organization’s security posture from its competition. Absurd? Unrealistic? Actually, it is a very pragmatic understanding of what is coming with the […]… 

The State of Security:

Data Privacy Event Disclosed by Sunrise Community Health

Sunrise Community Health disclosed a data privacy event that might have affected some patients’ personal and medical information. In the fall of 2019, Sunrise Community Health (“Sunshine”) learned of a data privacy incident through which an unauthorized party gained access to some of its employees’ email accounts. The community health center subsequently launched an investigation […]… 

The State of Security:

Staying Safe when Shopping this Holiday Season: Bricks and Clicks Edition

The shopping season is upon us, and like it or not there are lots of individuals who would love to replace your happiness with their sadness. Thus, at this festive time of the year, it is imperative to give some thought and prep time to you and your family’s shopping habits and the security that […]… 

The State of Security:

Major data center provider hit by ransomware attack, claims report

CyrusOne, a major provider of enterprise data center services, is reported to have suffered a ransomware attack.

The post Major data center provider hit by ransomware attack, claims report appeared first on The State of Security.

The State of Security:

PSA: Beware of Exposing Ports in Docker

Docker is an awesome technology, and it’s prevalent in nearly every software developer’s workflow. It is useful for creating identical environments and sharing them between development, testing, production, and others. It’s a great way to ship a reliable software environment between systems or even to customers. However, like with any technology, one must know how […]… 

The State of Security:

ZeroCleare Malware Targeting Energy, Industrial Sectors in Middle East

Researchers have detected a new malware family called “ZeroCleare” that’s targeting the energy and industrial sectors in the Middle East. IBM X-Force Incident Response and Intelligence Services (IRIS) launched an investigation into ZeroCleare and learned that the malware had executed a destructive attack that affected energy and industrial organizations in the Middle East. In its […]… 

The State of Security:

Tripwire Patch Priority Index for November 2019

Tripwire’s November 2019 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Oracle, Linux Kernel and Adobe. Exploit Alert: Metasploit First, on the patch priority list, this month are vulnerabilities that have been recently added to Metasploit. Two vulnerabilities, identified by CVE-2019-11539 and CVE-2019-11510 that affect the Pulse Connect Secure product have been added […]… 

The State of Security:

Universal Network-level Call Blocking: What You Need to Know

Many of the current telephone scams use caller ID spoofing to mask the identity of the caller. A few of those telephone scams spoof caller IDs that don’t match the North American standard for legitimate numbers. These blatantly obvious spoofed caller IDs are the target of the Canadian Radio-television and Telecommunications Commission (CRTC). Last year, […]… 

The State of Security:

Verizon’s 2019 Payment Security Report – Not Just for PCI

If you are responsible for cybersecurity or data protection in your organization, stop what you are doing and read this report. Actually, first, go patch your servers and applications and then read this report. Much like Verizon’s Data Breach Investigations Report (DBIR), the Payment Security Report (PSR) is a must-read for security professionals. While it […]… 

The State of Security:

Smith & Wesson Online Store Affected by Magecart Attack

The online store for American gun manufacturer Smith & Wesson fell victim to a Magecart attack that’s designed to steal customers’ payment data. Willem de Groot of Sanguine Security learned that a particular Magecart group had been impersonating his employer and abusing his name as a contact to register domain names. While investigating this group, […]… 

The State of Security:

Climbing the Vulnerability Management Mountain: Reaching Maturity Level 2

The path is starting to get steeper now as we climb to ML2. It is time to start defining a vulnerability management program with objectives and goals. This program is expected to grow and evolve over time as the organization grows and evolves. Document the requirements Start by documenting what is in place now and […]… 

Mozilla Security Blog:

Help Test Firefox’s built-in HTML Sanitizer to protect against UXSS bugs

Help Test Firefox’s built-in HTML Sanitizer to protect against UXSS bugs I recently gave a talk at OWASP Global AppSec in Amsterdam and summarized the presentation in a blog post about how to achieve “critical”-rated code execution vulnerabilities in Firefox … Continue reading


The State of Security:

Security for Cloud Services: IaaS Deep Dive

In this, the final post in my series on considerations for managing your security with cloud services, we will be looking at Infrastructure as a Service (IaaS). If you haven’t yet read the previous blog entries about SaaS and PaaS, it’s worth going back to read these first, as much of the thinking associated with […]… 

The State of Security:

Five “W’s” for Vulnerability Management

As we wind down 2019, it is a great time to think about your vulnerability management plans for the coming year. The five W’s can help guide our efforts as we resolve to improve our digital security for the coming new year. What Is Vulnerability Management? Vulnerability assessments are useful for detecting security issues within […]…