Every Business Needs a Vulnerability Disclosure Policy. Every. Single. Business.

Every Business Needs a Vulnerability Disclosure Policy. Every. Single. Business.

An anonymous report claims that a ton of your company’s customer data has been exposed. A sense of calm is in the air as you enact your vulnerability disclosure policy. You save the day, get a promotion and rainbows and unicorns fill the sky. Then you wake up!! You don’t ... Read More
What is your product and what does it do?

What is your product and what does it do?

Lessons I learned trying to make the most of vendor briefingsI’ve always been a sort of ‘cut-to-the-chase’ kind of guy. I’m self-taught when it comes to security and technology. Over the years, I’ve learned how to skim through a book, article or website to extract the important information. Sometimes I’m ... Read More
What’s the dominant professional network in your country?

What’s the dominant professional network in your country?

LinkedIn isn’t always the dominant social network for professionals… but what takes its place in those locations?PurposeTypically, I don’t start off an essay by stating it’s purpose, but since it’s primary purpose is to ask a question, I want to make that clear up front. This essay is part of ... Read More
Worried someone is accessing your Gmail account?

Worried someone is accessing your Gmail account?

Here’s 4 things you can check and 1 thing you can’tBackgroundAn acquaintance was asking about this for a friend. She noticed that emails from one particular source would show up already read in her Inbox. As far as I’m aware, there’s nothing that can happen in delivery to cause that ... Read More
Medigate takes a surgical approach to protecting medical devices from cyberattacks

Medigate takes a surgical approach to protecting medical devices from cyberattacks

A Savage Security Market ReportGraphic courtesy MedigateOne of the primary challenges with IoT Security is how specific the threats are. While classes of devices have common vulnerabilities and attack surface, most are completely different. It’s unlikely we’ll ever see a single product designed to protect both cars and hospitals, for ... Read More
Bad Rabbit, Good Practice

Bad Rabbit, Good Practice

We’ve been getting our heads around this latest malware — third in a series that have several things in common:Worm component using SMB to spreadRansomware payloads (or at least, posing as ransomware)Leveraging NSA-sourced exploits that were patched earlier this year, via MS17–010.You would think we’d be immune to the same attacks by ... Read More
My scariest moment in security

My scariest moment in security

Written for Tripwire’s “scariest moment in security” Halloween seriesI’ve had many “oh crap, I’m totally getting fired for this” moments in security (I never did get fired). The scariest single moment, however, was probably during a red team assessment overseas.We were in the Middle East during The Arab Spring. In ... Read More
Violet: Threatcare’s virtual assistant for security tasks

Violet: Threatcare’s virtual assistant for security tasks

A Savage Security Market ReportCybersecurity AI gets a little less artificial…Threatcare is a startup that first caught Savage Security’s attention a few years ago. We were not only taken with the concept of attack simulation, but also with founder Marcus Carey’s vision for a security product that’s as easy to ... Read More
4LifeLockNow.com - LifeLock Commercial, Use promo code Apprentice & get 30 Days FREE!!!

Equifax breached, no eyebrows raised

Yet another breach from yet another organization that could and should have done better.UPDATE: Equifax executives caught dumping stockI generally try to stay away from media and other sources that might influence my writing when putting together a story, choosing to focus on just the related facts. It turns out ... Read More
Startup Axonius steps in to help enterprises (re)tackle the basics

Startup Axonius steps in to help enterprises (re)tackle the basics

A Savage Security Market ReportThe security industry is full of solutions to prevent advanced and sophisticated attacks, but somehow we still lack the basic ability to perform effective asset discovery and identification. Of all the controls we consider to be ‘the basics’ of information security, asset management is considered the ... Read More
Loading...