configuration
YubiKey PIN/PUK Configuration at Scale
Yubikeys are an all-in-one MFA device. In addition to serving as a physical authentication token, they can generate one-time-passwords (OTP) and require users to input a PIN. It’s quite difficult to enable ...
Shared Responsibility and Configuration Management in the Cloud: SecTor 2020
A number of high-profile data breaches have resulted directly from misconfigured permissions or unpatched vulnerabilities. For instance, the 2017 Equifax breach was the result of exploiting an unpatched flaw in Apache Struts ...
Podcast Episode 9 – Cloud Misconfigurations: Simple Mistakes, Big Consequences
Tripwire’s Brent Holder and Stephen Wood discuss recent study findings that provide a snapshot of what organizations are doing (and not doing) to secure their cloud. Spotify: https://open.spotify.com/episode/5wXKv9DiQjfsZNf6heXg67 Stitcher: https://www.stitcher.com/podcast/the-tripwire-cybersecurity-podcast RSS: https://tripwire.libsyn.com/rss ...
Survey: 76% of IT Pros Say It’s Difficult to Maintain Security Configs in the Cloud
Cloud misconfigurations are no laughing matter. In its “2020 Cloud Misconfigurations Report,” DivvyCloud revealed that 196 separate data breaches involving cloud misconfigurations had cost companies a combined total of approximately $5 trillion ...
What is Configuration Drift?
In a previous post by my colleague Irfahn Khimji, he spoke about how ensuring devices on your network is a great way to minimize the attack surface of your infrastructure. Organizations like ...
Secure Remote Endpoints from Vulnerabilities in Video Conferencing & Productivity Applications like Zoom
With millions working, learning and collaborating remotely due to COVID-19 challenges, there’s an explosion of remote endpoints running Zoom and other collaboration and productivity applications such as Outlook, Teams, Webex, Slack, Office ...
Malware: Three Industry Problems and How to Solve Them
In the last few years, organizations have been subject to extortion through ransomware. Now, hackers are bypassing the nasty business of trying to get people to give them cryptocurrency to simply hijacking ...
Catching Configuration Changes that Can Lead to Data Exposure
Amazon’s new security issue, which came to light just days before one of its biggest sale events of the year, is making recent headlines. And whilst it probably won’t stop the online ...
How to Receive a Clean SOC 2 Report
Controls—SOC 2 is all about controls. It’s right there in the name: Service Organization Controls, S-O-C. A SOC 2 report is a de facto requirement for any organization that wants to store ...
6 Steps for Establishing and Maintaining Digital Integrity
To create a secure digital profile, organizations need digital integrity. This principle encapsulates two things. First, it upholds the integrity of files that store operating system and application binaries, configuration data, logs ...

