With 2017 coming to a close, we wanted to give our readers an overview of some of the most interesting, educational, and standout blogs from the year to help fill the time between Christmas and the New Year.

My favourite State of Security blogs from 2017

Pentest Toolbox Additions 2017

It´s becoming a yearly tradition, but one our readers and I love! Carrie Roberts takes us through some of the tools she has found useful in the past year. The blog covers tools such as the Domain Password Audit Tool (DPAT), Powermeta by Beau Bullock, and much much!

Read all about Carrie Roberts pentesting toolbox additions here.

How a Smart Coffee Machine Infected a PLC Monitoring System with Ransomware

Back in June, a chemical engineer on Reddit received an alert when a programmable logic controllers (PLC) monitoring system started acting up. Here’s the tale of how a ransomware infection spread from a factory’s smart coffee machine to its PLC monitoring system.

To read this news story from David Bisson, click here.

Could Containers Save The Day? 10 Things to Consider when Securing Docker

We’re all aware of the Equifax breach that affected 143 million customer records. Equifax reported that Apache Struts vulnerability CVE-2017-5638 was used by the attackers. Equifax was not running its vulnerable struts application in a container. But what if it had been? Containers are more secure, so this whole situation could have been avoided, right?

Read all about how containers could have potentially saved the day for Equifax in this brilliant blog from Ben Layer.

VERT Threat Alert: Return of Bleichenbacher’s Oracle Threat (ROBOT)

On December 12th this year, a team of researchers including Tripwire VERT’s Craig Young announced that TLS stacks from at least 8 different vendors are vulnerable to a well-known 19-year-old protocol flaw (Read more...)