Ready to Test Your Hacking Skills? Join Tenable’s First CTF Competition!

Tenable launches new Capture the Flag event for the security community, running from February 18–22. Capture the Flag events are a tried and true way of testing your cybersecurity skills, practicing new ones and seeing how you measure up against others in the industry. At Tenable, we wanted to put on a CTF specifically for our community. We’re proud to announce the first Tenable Capture the Flag … [Read more...]

Zoom watermarking: pros and cons

Metadata, which gives background information on pieces of data, is typically hidden. It becomes a problem when accidentally revealed. Often tied to photography mishaps, it can be timestamps. It might be location. In some cases, it can be log analysis. Many tutorials exist to strip this information out. This is because it can reveal more than intended when it hits the public domain. Default … [Read more...]

DNSpooq: Seven Vulnerabilities Identified in dnsmasq

Researchers identify seven vulnerabilities in popular Domain Name System software. Background On January 19, researchers from the JSOF Research lab disclosed seven vulnerabilities in dnsmasq, a widely used open-source application for network infrastructure. Dubbed “DNSpooq” by the JSOF team, the acronym is a play on words as the vulnerabilities allow for Domain Name System (DNS) spoofing. The JSOF … [Read more...]

The Best of Perimeter 81 2020: Top 5 Content From Our Readers

2021 is just a few weeks old, but we can’t forget the trend-setting year that was 2020. Here at Perimeter 81, 2020 was a fruitful year of growth and opportunity which included the launching of new features and integrations, the attainment of 650 new customers, a 40 million dollar Series B raise, three new offices, … The post The Best of Perimeter 81 2020: Top 5 Content From Our Readers … [Read more...]

How Excellus Could Have Avoided the $5.1m HIPAA Violation Penalty

In January 2021, an American Health insurer by the name of Excellus agreed to pay over $5.1 million to the Office for Civil Rights (OCR) at the US Department of Health and Human Services (HHS) in a settlement after violating the Health Insurance Portability and Accountability Act (HIPAA). Excellus Data Breach The violation in question relates to a data breach that resulted in the sensitive data of … [Read more...]

The story of ZeroLogon

This is the story of a vulnerability that was brought about by the incorrect use of an encryption technique. After it was discovered by researchers, the vulnerability was patched and that should have been the end of the story. Unfortunately the patch caused problems of its own, which made it very unpopular. Cybercriminals seized the opportunity to use the vulnerability for their own purposes. This … [Read more...]

Malwarebytes targeted by Nation State Actor implicated in SolarWinds breach. Evidence suggests abuse of privileged access to Microsoft Office 365 and Azure environments

A nation state attack leveraging software from SolarWinds has caused a ripple effect throughout the security industry, impacting multiple organizations. We first reported on the event in our December 14 blog and notified our business customers using SolarWinds asking them to take precautionary measures. While Malwarebytes does not use SolarWinds, we, like many other companies were recently … [Read more...]

Top 5 Hacking and Cyber Security Books of 2020

Continuous learning is a top priority for me.  It’s critical to stay updated on the latest cyber security methods, technologies, strategies, and developments. 2020 brought the opportunity for us to indulge in some additional reading and learn new skills from incredible industry experts. From a young age, I struggled reading the likes of Shakespeare and was more interested in the … [Read more...]

What is ISO 27001 Compliance? A Complete Guide

What is ISO 27001? The International Organization for Standardization (ISO) consists of representatives from various national standards organizations. With the exception of acronyms, they develop and publish international standards for pretty much everything. ISO 27001 is the international standard for information security management systems (ISMS). Who does ISO 27001 apply to? One might assume … [Read more...]

What’s up with WhatsApp’s privacy policy?

WhatsApp has been in the news recently after changes to its privacy policy caused a surge of interest in rival messaging app Signal. Initial reports may have worried a lot of folks, leading to inevitable clarifications and corrections. But what, you may ask, actually happened? Is there a problem? Are you at risk? Or should you keep using your apps as you were previously? Setting the … [Read more...]