Expert(s):
VP of Product Management and Strategy feature_status*/ ?>
Tripwire

Comments Dotted : 33
December 04, 2020

Brazilian Aerospace And Defence Group Embraer’s Systems Affected By Cyberattack
It’s important to keep in mind that other types of attacks are still out there, if not as readily recognizable.
Every organization should be prepared to respond to ransomware, including the potential operational disruptions that come with that response. While we tend to focus on the response to ransomware, prevention is still the best way to deal with the threat. Ransomware doesn’t magically appear on systems, and the methods by which it’s introduced into an environment are generally well understood: phishing, vulnerability exploits, and misconfigurations. Identifying and addressing the weak points.....Read More
Every organization should be prepared to respond to ransomware, including the potential operational disruptions that come with that response. While we tend to focus on the response to ransomware, prevention is still the best way to deal with the threat. Ransomware doesn’t magically appear on systems, and the methods by which it’s introduced into an environment are generally well understood: phishing, vulnerability exploits, and misconfigurations. Identifying and addressing the weak points in your security posture can help prevent ransomware, as well as other attacks, from being successful. We see an imbalance of headlines for ransomware attacks because they are the easiest to identify. Ransomware simply can’t be successful in getting the ransom paid without announcing itself. It’s important to keep in mind that other types of attacks are still out there, if not as readily recognizable.  Read Less
September 26, 2020

Security Experts On Instagram bug lets hackers ‘snoop on you through your phone’ by sending a single image file
The more these apps are integrated into business and daily life, the more critical they become.
We might think of social media apps as frivolous, but the more these apps are integrated into business and daily life, the more critical they become. Social media, including Instagram, are conduits for news and information. They’re also conduits to personal information stored on mobile devices. Targeted takeover of high profile accounts is one possibility, but in this age of disinformation campaigns, there’s clear value in taking over the average consumer’s account for the purposes of.....Read More
We might think of social media apps as frivolous, but the more these apps are integrated into business and daily life, the more critical they become. Social media, including Instagram, are conduits for news and information. They’re also conduits to personal information stored on mobile devices. Targeted takeover of high profile accounts is one possibility, but in this age of disinformation campaigns, there’s clear value in taking over the average consumer’s account for the purposes of spreading propaganda.  Read Less
September 18, 2020

Expert Reacted On Patient Dies After Hackers Attack Hospital In Germany
Delays in treatment, regardless of the cause, can be life-threatening.
When cyberattacks impact critical systems, there can be real-world consequences. We’re not used to thinking of cyberattacks in terms of life and death, but that was the case here. Delays in treatment, regardless of the cause, can be life-threatening. Ransomware doesn’t just suddenly appear on systems. It has to get there through exploited vulnerabilities, phishing, or other means. While we tend to focus on the ransomware itself, the best way to avoid becoming a victim is to prevent the.....Read More
When cyberattacks impact critical systems, there can be real-world consequences. We’re not used to thinking of cyberattacks in terms of life and death, but that was the case here. Delays in treatment, regardless of the cause, can be life-threatening. Ransomware doesn’t just suddenly appear on systems. It has to get there through exploited vulnerabilities, phishing, or other means. While we tend to focus on the ransomware itself, the best way to avoid becoming a victim is to prevent the infection in the first place. And the best way to prevent ransomware infections is to address the infection vectors by patching vulnerabilities, ensuring systems are configured securely, and preventing phishing.  Read Less
September 16, 2020

Expert On News That Welsh Coronavirus Patient Details Leaked Online
Breach response, especially for public entities, has to include appropriate transparency and analysis.
Health information is certainly sensitive and needs to be protected. Unfortunately, technical controls aren’t always perfect, and aren’t always enough. In some cases, human error is the root cause of a breach. Breach response, especially for public entities, has to include appropriate transparency and analysis. Although human error might cause a breach, technical controls can certainly be part of the response. Using a technical control to prevent a human from making an error can be very.....Read More
Health information is certainly sensitive and needs to be protected. Unfortunately, technical controls aren’t always perfect, and aren’t always enough. In some cases, human error is the root cause of a breach. Breach response, especially for public entities, has to include appropriate transparency and analysis. Although human error might cause a breach, technical controls can certainly be part of the response. Using a technical control to prevent a human from making an error can be very effective.  Read Less
May 19, 2020

Industry Experts On Verizon DBiR 2020
The industry analysis provided by the DBIR is invaluable.
We often think of ransomware as a breach, but the DBIR categorizes most ransomware activity as an incident because while you may have lost access to the data, the attacker hasn’t actually stolen it. While that may give you some comfort, it doesn’t mean that a ransomware incident is materially less impactful to the security folks who have to deal with it. The fact that “misconfiguration” is in the top five action varieties for breaches is an important acknowledgment that not all.....Read More
We often think of ransomware as a breach, but the DBIR categorizes most ransomware activity as an incident because while you may have lost access to the data, the attacker hasn’t actually stolen it. While that may give you some comfort, it doesn’t mean that a ransomware incident is materially less impactful to the security folks who have to deal with it. The fact that “misconfiguration” is in the top five action varieties for breaches is an important acknowledgment that not all incidents are the result of an exploited vulnerability. Misconfigurations actually lead to more breaches than exploited systems, but organizations often don’t put the same effort into assessing them as they do scanning for vulnerabilities. At a high level, the key things for every organisation to worry about are brute force and stolen credentials, and web applications. It’s tempting to downplay vulnerability management based on this data, but the details show that, by and large, the organizations that are doing it reasonably well are safer, and the organizations that aren’t are very, very vulnerable. One key lesson, though, is that an organization can do both. The old adage “you can’t protect what you don’t know about” is true for vulnerability management. Asset management is a prerequisite for vulnerability management. If you want to protect yourself from the most common breaches, protect your web servers, your workstations and your mail infrastructure. Cloud assets are still a minority of targets, at 24% compared to on-premise’s 70%. Why change tactics if they’re working? The cloud has a learning curve for criminals as well as enterprises. One important lesson to take from the DBIR is that a compromise is often made up of multiple attacks, and so, as a defender, you have multiple opportunities to stop the attacker. The concept of ‘defense in depth’ is applicable here. The data provided about how the multiple steps in a compromise occur is vital. Malware is rarely the first step, and so if you catch malware in your environment, you have to look for what came before that. Hacking is much harder to deal with because it plays a role in the beginning, middle and end stages of a breach. The industry analysis provided by the DBIR is invaluable. Being able to see which assets, actions, and patterns are most relevant for your industry allows you to take much more decisive action as a defender. For example, Manufacturing should be more concerned about crimeware, introduced through malware and social engineering, than any other industry. If you’re in healthcare, errors figure much more prominently in your threat model than other industries. The inclusion of the CIS controls, after a hiatus, is a good addition for defenders. CIS is well-respected in the industry, and the controls provide enough information to be actionable but avoid being overwhelming at the same time.  Read Less
May 13, 2020

Hacked Law Firm Informs Celeb Clients Including Lady Gaga And Madonna Of Data Breach – Experts Insight
Ransomware makes headlines, in part, because it’s always detected.
The overwhelming tendency is to focus on the ransomware itself in these types of cases, but ransomware doesn’t magically appear on a system. Organizations that are concerned about ransomware should assess how well they’ve deployed basic controls like vulnerability management, secure configurations and email protections. The first line of defense against ransomware is to prevent it from getting inside in the first place. Ransomware makes headlines, in part, because it’s always detected......Read More
The overwhelming tendency is to focus on the ransomware itself in these types of cases, but ransomware doesn’t magically appear on a system. Organizations that are concerned about ransomware should assess how well they’ve deployed basic controls like vulnerability management, secure configurations and email protections. The first line of defense against ransomware is to prevent it from getting inside in the first place. Ransomware makes headlines, in part, because it’s always detected. It has to be, in order to get the ransom paid. Keep in mind that if self-announcing ransomware can get in, so can much more stealthy attackers.  Read Less
May 08, 2020

Cybersecurity Must Not Be Forgotten With State-sponsored Attacks Rising Amid COVID-19 Pandemic, Experts Warn
It’s vitally important that these organizations have a good handle on their vulnerabilities.
Pandemic or not, cyberattacks continue. It’s vitally important that these organizations have a good handle on their vulnerabilities. It may not be possible to fix every single vulnerability, but you have to know you have them before you can effectively prioritize remediation activities. Nation-state attacks can be harder to understand because the motivation isn’t always financial in nature.
April 22, 2020

Expert Insight On News: SBA Website Leaks Personal Data Of 8,000 Small-Business Loan Applicants
It’s difficult for an affected party to really understand what the impact will be.
Initial disclosures of these kinds of breaches are often filled with qualifiers like “may” and “might have included.” It’s difficult for an affected party to really understand what the impact will be. Government developed and deployed systems are subject to the same risks, and perhaps more, than commercial enterprises. While any breach is unfortunate, it’s especially painful when the government exposes the personal data of citizens. There is likely plenty of blame to go around.....Read More
Initial disclosures of these kinds of breaches are often filled with qualifiers like “may” and “might have included.” It’s difficult for an affected party to really understand what the impact will be. Government developed and deployed systems are subject to the same risks, and perhaps more, than commercial enterprises. While any breach is unfortunate, it’s especially painful when the government exposes the personal data of citizens. There is likely plenty of blame to go around for an incident like this, but the focus should be on how trust can be restored and affected victims can be protected.  Read Less
April 16, 2020

TikTok Flaw Allows Threat Actors To Plant Forged Videos In User Feeds
This type of attack represents a different kind of privilege escalation.
This type of attack represents a different kind of privilege escalation. Masquerading as an authoritative identity in order to feed false information into someone’s feed could be used for all kinds of malicious intents. We often ask that users be diligent about evaluating the sources of information they receive from social media, but diligence isn’t helpful when an attacker can simply impersonate an authoritative source.
April 02, 2020

‘Secure’ Backup Company Leaks 135 Million Records Online After Misconfiguration – Experts Insight
A misconfiguration can be like doing the attacker’s work for them.
A misconfiguration can be like doing the attacker’s work for them. No one has to break in, if the front door is left open. Organizations are often very aware of security vulnerabilities, but continuously scanning for misconfigurations is just as important. Environments change, and change can result in data being mistakenly exposed. If you’re scanning for vulnerabilities, but not addressing the changes in your environment, you’re only doing half the job.