Details of a Virtual Box 0-day privilege escalation bug were disclosed on GitHub earlier this week. This was the work of independent Russian security researcher Sergey Zelenyuk, who revealed the vulnerability without any vendor coordination as a form of protest against the current state of security research and bug bounty programs.

Tripwire Data Collector has been providing industrial organizations with visibility into their operational technology (OT) environments since its release in mid-2018.

Most of the industry agrees: malware is on the rise. My news feed rarely manages a week without an incident making the headlines. Here are some of the most recent events I’ve seen...

May 25, 2018 was the deadline for GDPR compliance. The media was abuzz. Businesses were rushing to update their privacy policy page. Companies were emailing newsletter subscribers to approve updated privacy policies. Everybody seemed to be paying attention to this new law, which appeared to be the beginning of a new dawn in data privacy. Or was it?

The definition of “operational risk” is variable but it generally covers the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. I, however, want to re-examine this general definition, so that the definition of operational risk takes into account all the cybersecurity-related risks that are currently plaguing organizations today. With the current definition, one cannot quantify internal processes and people.

One of the biggest concerns of any cybersecurity analyst is whether or not they will be able to stop an attack before it can do any damage. That said, making sense of the flood of alerts is, in itself, a time-consuming task. As networks become more complex and malicious attacks become more advanced, it can become difficult to hit your incident response targets. With the right network security tools, however, your organization very quickly can detect, prioritize and remediate threats.