Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

ICS Security in a Nutshell: Common Challenges and How Tripwire Can Help Overcome Them

Industrial control systems (ICS) first proliferated at a time when cybersecurity didn’t weigh heavily on organizations’ minds. Since then, there have been two significant developments in the industry. First, cybersecurity has become a mission-critical concern for businesses everywhere. Second, there’s been a shift to new network technologies that improve data collection, efficiency and time-to-market.

8 Steps for a Successful DevOps Transition

Organizations stand to gain a lot from transitioning to a DevOps software development model. Switching to DevOps leads to quicker problem solving, increased employee engagement, and more time for innovation. That’s assuming a transition is successful, however. Enterprises can run into various problems along the way, including inadequately measured risk, which could spell trouble down the road. Fortunately, none of these problems are inevitable if you approach the DevOps transition methodically.

2 Strategies to Tighten Your Cloud Security

Creating a thorough and effective security program is difficult enough when your data is stored on-premises. But most organizations and agencies straddle hybridized on-prem and cloud environments—or they’re cloud-native entirely. This complicates the role of cybersecurity teams who now need tools that can traverse multiple environments without missing a beat.

Cybersecurity: Protecting All the Endpoints

Network security is an issue that is increasingly important as businesses and even households shift more workflow processes and key tasks to the network and into the cloud. While some users may find it a challenge to protect even a single digital device, keeping an entire network secure can be a tall order for even the most tech-savvy users.

Electronics Retailer Confirms Breach Attempt of 5.9M Payment Cards

A consumer electronics retailer has confirmed a data breach attempt to compromise the details of 5.9 million payment cards. On 13 June, Dixons Carphone released a notice disclosing its investigation into an instance of unauthorized data access. The company came across the suspicious activity while reviewing its systems and data. Subsequently, it contacted security experts to help determine what happened.

What Is Integrity Management?

If you’ve been in information security for a while, you’ve likely had some experience with file integrity monitoring (FIM). It’s a capability with a long history, going back to the original open-source Tripwire tool for monitoring file hashes. And FIM has staying power. It’s still around, and there are still new deployments. There aren’t a lot of security controls that continue to be valuable over such a long time frame.

Why You Need to Master the Basics - A Three Step Campaign

When I was growing up, my father enrolled me in martial arts at an early age. I liked everything about it. I liked the friends I made, I liked the sense of achievement getting the next belt, I liked breaking boards ,but more than anything, I liked to fight. Furthermore, I liked to win.

Study: DevOps Servers In The Wild Highlight Infrastructure Security Needs

A mature DevOps practice involves applying multiple tools at different steps of the delivery pipeline, and a new study from IntSights focuses on these tools that may be open to attack on the Internet. Each new tool added to your process can expand your attack surface area – and, in many cases, new development and delivery tools are being used without oversight from a security team.

Integrity Management: What It Is and How It Can Protect Your Data

In a previous article, I noted that organizations are witnessing a surge in integrity-based attacks targeting their networks. Enterprises can defend themselves against these types of threats by turning to the National Institute of Standards and Technology (NIST) Cybersecurity Framework. They can then pair the risk-based approach with NIST SP 800-53 and other security control catalogs that enable integrity management.

Thousands of compromised websites spreading malware via fake updates

Malicious hackers have been exploiting thousands of legitimate websites since at least December 2017 in a sophisticated campaign that has disguised malware as fake software updates. Security researchers at MalwareBytes report that they have uncovered evidence of thousands of compromised websites running popular content management systems (CMS) such as SquareSpace, WordPress and Joomla.