Category: Blog RSS Feed

What’s happened? Researchers at Abnormal have discovered the latest evolution in call-back phishing campaigns . Call-back phishing? Traditional phishing emails might contain a malicious link or attachment, and lure recipients into clicking on them via social engineering techniques. Call-back phishing…

Read more →

Electrical utilities are responsible for just about everything we do. This presents a tremendous burden on those who operate those utilities. One way these organizations offer assurance is through the audit process. While audits can generate tremendous anxiety, good planning,…

Read more →

Frankly stated, operational resilience is your ability to climb the mountain, no matter the weather. Businesses now need more than a good security structure to weather the storms of AI-driven threats, APTs, cloud-based risks, and hyper-distributed environments. And more importantly,…

Read more →

Today’s VERT Alert addresses Microsoft’s December 2023 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1086 on Wednesday, December 13th. In-The-Wild & Disclosed CVEs CVE-2023-20588 AMD has released AMD-SB-7007 – Speculative Leaks…

Read more →

A malicious hacking group, thought to have been operating since at least 2013, may have suffered a significant blow after the arrest of a suspected leading member by Spanish police late last week. Spain’s National Police arrested a Venezuelan man…

Read more →

Organizations looking to protect their sensitive data and assets against cyberattacks may lack the ability to build a cybersecurity strategy without any structured help. The National Institute of Standards and Technology (NIST) has a free, public framework to help any…

Read more →

The security industry is at a critical juncture. Capturing the state of affairs is a recent report released by the International Information System Security Certification Consortium, or (ISC)2. “A perfect storm” As they state in their Executive Summary, “Our study…

Read more →

What’s going on? A cybercriminal group calling itself BlackSuit has claimed responsibility for a series of ransomware attacks, including breaches at schools in central Georgia . And earlier in the year, a zoo in Tampa Bay was targeted by the…

Read more →

Identity theft is like a thief in the night; it can happen to anyone, anywhere, at any time. It is a real threat to everyone. We live in a time where so much personal information is stored online, which allows…

Read more →

The holiday season is just around the corner; a time of joy and celebration. However, threat actors anticipate this joyous season as much as it is by many festive revelers. In fact, cybercriminals tend to be particularly active during the…

Read more →

It is easy to assume that security tools are effectively configured right out of the box, so to speak. This scenario is all too common and can lead to severe consequences, such as data breaches if an organization implements software…

Read more →

It’s the small vines, not the large branches, that trip us up in the forest. Apparently, it’s no different in Healthcare . In November, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Mitigation Guide aimed at the Healthcare…

Read more →

Over sixty credit unions across the United States have been taken offline following a ransomware attack at one of their technology providers – demonstrating once again the damage that can be caused by a supply-chain attack . There are a…

Read more →

As the holiday shopping season kicks in, many are eager to secure early bird discounts and offers, preparing for the festive season. The convenience and speed of mobile devices has led to a growing number of individuals opting for mobile…

Read more →

Tripwire’s November 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the patch priority are patches for Microsoft Edge (Chromium-based) that resolve elevation of privilege, remote code execution, and spoofing vulnerabilities. Next on the patch priority…

Read more →

Once again companies are being warned to be wary of past employees who may turn rogue. 28-year-old Andrew Mahn, of Derry, New Hampshire, has pleaded guilty to charges that he illegally hacked the network of his former company, telecoms firm…

Read more →

At our recent Energy and NERC Compliance Working Group, we took some time to share more about Fortra, the cybersecurity company that Tripwire is a part of. In case you missed it, Fortra is a rebranding of HelpSystems, an already…

Read more →

As we approach the holiday season, in addition to our busy work schedules, we need to plan for family visits, develop menus for special meals, and do a little shopping while the deals are good! It’s a lot to keep…

Read more →

While the EU AI Act is poised to introduce binding legal requirements, there’s another noteworthy player making waves—the National Institute of Standards and Technology’s (NIST) AI Risk Management Framework (AI RMF) , published in January 2023. This framework promises to…

Read more →

Phishing is a longstanding danger of the digital world that most people are aware of. Whether it happens via email, text message, social media, or any other means, phishing presents a risk to all users. In recent years, the growing…

Read more →