Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Google Cloud Platform (GCP) includes a powerful resource hierarchy that establishes who owns a specific resource, and through which you can apply access controls and organizational policies. But understanding the GCP resource hierarchy can be hard. For example, what does a GCP Organization “look” like? What networks exist within it? Do specific resources violate established security policies? To which service accounts and groups visualizing do you have access?

On 16 July 2019, UK’s National Cyber Security Centre (NCSC) released the second annual report of the Active Cyber Defence (ACD) program. The report seeks to show the effects that the program has on the security of the UK public sector and the wider UK cyber ecosystem.

As a vendor, Tripwire gets asked a lot of questions from customers and potential clients about how developments in the wider world might affect digital security. One of those forces that’s on everyone’s mind is Brexit. Representatives from some of our potential customers as well as our existing clients are asking us what to focus on and what to do. Specifically, they’re wondering how Brexit will affect their digital security efforts in general.

Here is a short communication tip that may help you in your daily interactions. How often have you “resent” an E-Mail? How often have you told a person that you will “send an invite”? You may be wondering why I am bringing this up in a post usually reserved for cybersecurity. Am I just being overly pedantic? Am I just a rigid grammarian? One could easily assert that (and my friends do so all the time, so feel free to jump on that bandwagon).

The elderly population in the U.S has been on a steady incline for the past few decades. With more seniors living longer new challenges arise. Unfortunately, many seniors become vulnerable to different types of abuse, neglect, and exploitation as they age. The National Council on Aging estimates that financial fraud and abuse against seniors costs older Americans up to $36.5 billion each year.

Paul is a front- & backend developer with a passion in security, who creates designs occasionally. After starting out with WordPress plugin vulnerabilities, he joined the bug bounty world and now also a white hat hacker in the Detectify Crowdsource community. As he has acquired his knowledge through community resources himself and wants to make the internet a safer place, he shares his know-how to give something back and in this case tips on WordPress plugin security.

The subject of the cyber security talent shortage has been over-reported to the extent that no one wants to talk about it anymore. Even more than that, the only solution that really ever gets mentioned is developing more university cyber programs. But that solution is dead wrong—or at least it misses the crux of the issue completely.

On July 11, 2019, the National Governors Association released a new publication on the topic of cyber disruption response plans across America. The report examines state cyber disruption response plans, providing recommendations for state officials who want to create or review their own response plans.

Welcome back to the next edition of “Hacking WordPress”. Find Part 1 if you missed it. Let me start with a PSA message. It is illegal to hack, log in to, penetrate, take over or even hack, a system or network of systems without the explicit permission of the owner. Criminal hacking is illegal and punishable under Federal Law. I am describing methods to learn more about WordPress so you can protect your sites better.

The recently discovered BlueKeep RDP vulnerability reminds us yet again (as if needed to be reminded) that monitoring RDP is not a luxury but an absolute necessity. Many organizations still expose RDP ports to the Internet, making it a prime target for attacks. But even when RDP is only available internally it can still pose a threat – especially for large networks.