Today’s VERT Alert addresses Microsoft’s February 2024 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1093 as soon as coverage is completed. In-The-Wild & Disclosed CVEs CVE-2024-21351 This CVE describes a bypass…
Tag: Blog RSS Feed
3 Tips for Enterprise Patch Management
With all the technology we have today, installing software updates has become a near-daily, full-time activity. Patch management for large-scale enterprise IT systems can be one of the most stressful parts of an IT professional’s job. In today’s large and…
5 Key Findings from the Business Email Compromise (BEC) Trends Report
Today’s BEC attacks are more nuanced, more accessible, less technically demanding, and consequently, more dangerous than ever before. In our report, 2023 BEC Trends, Targets, and Changes in Techniques , we take a hard look at the anatomy of Business…
Leveraging AI LLMs to Counter Social Engineering: A Psychological Hack-Back Strategy
In the ever-evolving landscape of cybersecurity, businesses and individuals find themselves in a relentless battle against the surge of cybercrime, which continues to escalate in complexity and frequency. Despite the significant investments in cutting-edge cybersecurity solutions, the financial toll of…
Surge in deepfake “Face Swap” attacks puts remote identity verification at risk
New research shows a 704% increase in deepfake “face swap” attacks from the first to the second half of 2023. A report from biometric firm iProov warns that “face-swapping” fraudsters are increasingly using off-the-shelf tools to create manipulated images and…
The Vital Role of Defensive AI: Safeguarding the Future
In recent times, the remarkable advancement of AI has revolutionized our technological landscape. Its profound benefits have not only enhanced the efficiency of our daily operations but also induced transformative shifts across industries. The impact of AI has made our…
WhatsApp Scams in 2024: How to Spot a Fake
Last year, text scammers prowling around on messaging platforms like WhatsApp sent a staggering 19 million messages in December alone. When ploys like these can rake up over $10 million in a matter of months, it’s easy to see why.…
The Dangers of Default: Cybersecurity in the Age of Intent-Based Configuration
Technology has recently been evolving at the speed of light. We have seen the onset of increased cyber threats across all industries. Gone are the times when threat actors had a specific goal and target. We now live in an…
Security Risks of Kubernetes Helm Charts and What to do About Them
Kubernetes has emerged as the leading platform for orchestrating containerized applications. However, developers and administrators rely on an ecosystem of tools and platforms that have emerged around Kubernetes. One of these tools is Helm, a package manager that simplifies Kubernetes…
Tripwire Patch Priority Index for January 2024
Tripwire’s January 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, Apple, Google, and Atlassian. First on the patch priority list are patches for Apple, Google Chromium V8, and Atlassian Confluence Data Center and Server. These CVEs have…
Preparing Cybersecurity for the Super Bowl
The 49ers and Kansas City Chiefs aren’t the only ones with a big game to play on February 11th; this year, cybercriminals and cyber defenders will be facing off behind the scenes in a Super Bowl-sized bout of their own.…
Managing Financial Crime Risks in Digital Payments
The emergence of innovative Financial Technology (FinTech) has spearheaded rapid growth in the digital payments sector. In recent years, global payment revenues exceeded valuations of $2.2 trillion , with a steady Compound Annual Growth Rate (CAGR) expected in the next…
Streamlining the Cybersecurity Maturity Model Certification (CMMC)
Nearly four years ago, the Department of Defense released the Cybersecurity Maturity Model Certification (CMMC). This was created as a complement to NIST SP 800-171 , which focused on protecting Controlled Unclassified Information (CUI). If you are unfamiliar with what…
HISCOX Cyber Readiness Report Shines Light on Commercial Cybersecurity
One of the most important concerns for organizations of all sizes is protection against cyberattacks and other digital threats to security. These dangers can prove a major setback for a company, and many even pose an existential threat. In order…
IBM i and Tripwire Enterprise: What you need to know
The IBM i is a midrange server that is used across many industries and businesses varying in sizes. Backed by its long history and support by IBM, a world-class innovator, the IBM i platform stands alone in the midrange server…
Why the OWASP API Security Top 10 is Essential for Every Business
In an era where digital transformation dictates the pace of business growth, APIs have become the cornerstone of modern enterprise architecture. APIs are not just technical tools; they are vital assets that drive business processes, enhance customer experiences, and open…
NCSC Warns That AI is Already Being Used by Ransomware Gangs
In a newly published report , the UK’s National Cyber Security Centre (NCSC) has warned that malicious attackers are already taking advantage of artificial intelligence and that the volume and impact of threats – including ransomware – will increase in…
Four Takeaways from the McKinsey AI Report
Artificial intelligence (AI) has been a hot topic of discussion this year among tech and cybersecurity professionals and the wider public. With the recent advent and rapid advancement of a number of publicly available generative AI tools—ChatGPT, Dall-E, and others—the…
WaterISAC: 15 Security Fundamentals You Need to Know
2023 saw two concerning attacks on public water systems, highlighting the fragility and risk to utility systems. In Pennsylvania, malicious hackers breached the Municipal Water Authority of Aliquippa system the night after Thanksgiving. The criminals were making a political statement:…
Cultivating a Cybersecurity Culture
When I attend a networking event and ask a business owner, “Who’s responsible for Information Security?” The usual reply is “IT”. But in today’s hyper-connected world, where digital landscapes are constantly evolving, and data breaches and cyberattacks are becoming alarmingly…
Navigating the New Waters of AI-Powered Phishing Attacks
The dynamism of Artificial Intelligence (AI) is transforming not only the tech landscape but also various sectors of human activity at breakneck speeds. Unfortunately, with any progress in technology, these advances aren’t only being applied in beneficial ways. The sad…
US Agencies Issue Cybersecurity Guide in Response to Cybercriminals Targeting Water Systems
US federal agencies have teamed up to release a cybersecurity best practice guidance for the water and wastewater sector (WWS). The Cybersecurity and Infrastructure Security Agency (CISA), United States Environmental Protection Agency (EPA), and Federal Bureau of Investigation (FBI) have…
Resolving Top Security Misconfigurations: What you need to know
One of the most common factors that can lead to cybersecurity incidents is a security misconfiguration in software or application settings. The default settings that come with the implementation of these tools and solutions are often not configured securely, and…
5 Things to Consider Before Buying a File Integrity Monitoring (FIM) Solution
Imagine you’re on the tail end of installing a 100-line script. It’s five o’clock, and you’re ready to head out early for once. You run the startup script on a new server, and then – the fated error message. Something…
What is the Windows Security Account Manager (SAM)?
To most people, the process of logging into a Microsoft Windows machine is a simple process of entering a username and a password. However, for a cybersecurity professional, the process is a carefully orchestrated mechanism. Unfortunately, throughout the history of…
The 2023 Global Cybercrime Report: A look at the key takeaways
In the digital-first era, the internet is not simply a luxury; it’s a fundamental part of our daily lives. From business growth to personal connections, its impact is profound. However, this interconnectedness comes with a price: the rise of cybercrime.…
Tips for Ensuring HIPAA Compliance
Like every other industry, the healthcare sector is barely recognizable when compared to its state 20 years ago. It, too, has been transfigured by technology. While this has brought many impactful benefits, it has also introduced at least one major…
Why Therapists need Data Protection and Cybersecurity
Cybersecurity in Mental Healthcare – The Overlooked Risk Did you know the New-Age Therapeutic sector is unregulated? If that surprises you, then you’re not alone. I was a little surprised, too. Yes, there are various professional bodies a practitioner can…
Shining Light on Employee Cybersecurity Awareness in Retail
Individual users are often referred to as the weakest link in cybersecurity, as human error is a major contributor to security incidents of all kinds. However, employees can also be a significant asset when adequately trained in cybersecurity hygiene and…
Critical flaw found in WordPress plugin used on over 300,000 websites
A WordPress plugin used on over 300,000 websites has been found to contain vulnerabilities that could allow hackers to seize control. Security researchers at Wordfence found two critical flaws in the POST SMTP Mailer plugin. The first flaw made it…
Expert Insight for Securing Your Critical Infrastructure
At Tripwire’s recent Energy and NERC Compliance Working Group, we had the opportunity to speak with the Manager of Gas Measurement, Controls, & Cybersecurity at a large energy company. More specifically, we focused on SCADA and field assets of gas…
An Introduction to AWS Security
Cloud providers are becoming a core part of IT infrastructure. Amazon Web Services (AWS), the world’s biggest cloud provider, is used by millions of organizations worldwide and is commonly used to run sensitive and mission-critical workloads. This makes it critical…
Tripwire Patch Priority Index for December 2023
Tripwire’s December 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft and Google. First on the patch priority are patches for Google Chrome and Microsoft Edge (Chromium-based) that resolve elevation of privilege, remote code execution, and information disclosure…
VERT Threat Alert: January 2024 Patch Tuesday Analysis
Today’s VERT Alert addresses Microsoft’s January 2024 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1088 as soon as coverage is completed. In-The-Wild & Disclosed CVEs There were no in-the-wild or disclosed…
Non-repudiation: Your Virtual Shield in Cybersecurity
In the digital world, where countless users communicate, share data, and engage in diverse activities, determining the origin and actions behind these interactions can be quite challenging. This is where non-repudiation steps in. Coupling other security factors, such as delivery…
The Evolution of Anomaly Detection and the Importance of Configuration Monitoring in Cybersecurity
Back in 1992, when I was more concerned about my acne breakouts and being selected for the Junior cricket team, a freshman at Purdue University was studying the impact of the 1988 Morris Worm event and how it brought about…
Know Thyself and Thy Network
The shifting sands of IT make the adage “you never know it all” ever more true as time goes by. I recall days when it felt like you could click through every major directory of Yahoo and know a little…
How Does PCI DSS 4.0 Affect Web Application Firewalls?
The payment industry is bracing for the transition to Payment Card Industry Data Security Standard (PCI DSS) 4.0 , heralding significant changes in cybersecurity practices. As we approach the implementation of this revised standard, a critical focal point emerges: the…
How to Reduce Your Attack Surface
What is an Attack Surface? An attack surface is the total number of channels, pathways, or areas that threat actors can utilize to gain unauthorized access to networks. The result is that they can obtain private information or carry out…
Cryptocurrency wallet CEO loses $125,000 in wallet-draining scam
Anyone can get scammed . If you think you’re somehow immune to being scammed, then, in my opinion, you’re a prime target for being scammed. No one is too big, too clever, too security-savvy to avoid being duped because it’s…
Is Cybercrime Only Going to Get Worse?
At the turn of the millennium, few people were worried about cybercrime. The Good Friday Agreement had just come into effect, the US expelled a Russian diplomat for spying, and the threat of the Y2K bug loomed. ILOVEYOU , the…
CI/CD Security: Advanced Best Practices to Secure Your Pipelines
Continuous Integration and Continuous Delivery (CI/CD) security has become crucial to modern software development practices. As the speed of software development increases with DevOps and Agile methodologies, there is a growing need to ensure the integrity of software across the…
What Is the Future and Technology of Zero Trust?
What Is the Future and Technology of Zero Trust? In the dynamic realm of cybersecurity, the future of Zero Trust unfolds with promises and challenges. In the second part of the Zero Trust series, we explore the insights from industry…
Getting the Board on Board: Explaining Cybersecurity ROI
Despite increasing data breaches, ransomware attacks, and assorted cyber threats, convincing the Board of Directors to invest in robust cybersecurity isn’t always easy for many businesses. The challenge originates mainly from the need to demonstrate a quantifiable Return On Investment…
Cloud Security Optimization: A Process for Continuous Improvement
Cloud optimization is the process of correctly selecting and assigning the right resources to a workload or application with the ultimate goal of minimizing costs while improving performance and efficiency. These resources can range from computational power, memory, and storage…
2023 Business Impact Report: Small Businesses and Cyberattacks
We live in a highly digitized world, and small businesses and solopreneurs have become prime targets for cybercriminals. The 2023 Business Impact Report , conducted by the Identity Theft Resource Center (ITRC), sheds light on a concerning trend: a sharp…
What Role Does Cybersecurity Awareness Play in Education?
Cybersecurity is an essential consideration for any organization that deals in the digital sphere on any level, and the education sector is no exception. In recent years, the global pandemic and technological advances have led to a massive shift toward…
AI’s Emerging Role in the Fight Against Intellectual Property Theft
In an era where knowledge and creativity are the cornerstones of progress, intellectual property ( IP ) is not just a legal asset but the very lifeblood that sustains business innovation, competitiveness, and growth. However, as we march deeper into…
Tips, Tricks and Updates for Tripwire’s State Analyzer
At the recent Tripwire Energy and NERC Compliance Working Group, we held a session to demonstrate some tips and tricks to make the latest Tripwire State Analyzer (TSA) work better for your organization. The newest State Analyzer version is 1.5.2,…
The Current Challenges of Adopting Zero Trust and What You Can Do About Them
In the fast-evolving world of cybersecurity, the transition to remote work, the challenges of Zero Trust adoption, and the technology that supports it have taken center stage. Join me as we explore the insights of cybersecurity professionals and uncover the…
The History of Patch Tuesday: Looking back at the first 20 years
One of the most critical aspects of cybersecurity is ensuring that all software is kept up to date with the latest patches. This is necessary to cover any vulnerabilities that cybercriminals could take advantage of in order to infiltrate an…
#TripwireBookClub – The Rust Programming Language
Most of the team that I work with on a daily basis is heavily invested in Python . As such, it was difficult to find people interested in reading The Rust Programming Language, 2nd Edition . In the end, two…
Guide to Creating a Robust Website Security Incident Response Plan
Earlier this year, the SEC proposed a new set of rules on cybersecurity governance , which would require public companies to make appropriate disclosures of cyber risks and management procedures. Although the amendments target the financial sector, it is one…
Google Forms Used in Call-Back Phishing Scam
What’s happened? Researchers at Abnormal have discovered the latest evolution in call-back phishing campaigns . Call-back phishing? Traditional phishing emails might contain a malicious link or attachment, and lure recipients into clicking on them via social engineering techniques. Call-back phishing…
Tips for Achieving Success With a NERC CIP Audit
Electrical utilities are responsible for just about everything we do. This presents a tremendous burden on those who operate those utilities. One way these organizations offer assurance is through the audit process. While audits can generate tremendous anxiety, good planning,…
Operational Resilience: What It Is and Why It’s Important
Frankly stated, operational resilience is your ability to climb the mountain, no matter the weather. Businesses now need more than a good security structure to weather the storms of AI-driven threats, APTs, cloud-based risks, and hyper-distributed environments. And more importantly,…
VERT Threat Alert: December 2023 Patch Tuesday Analysis
Today’s VERT Alert addresses Microsoft’s December 2023 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1086 on Wednesday, December 13th. In-The-Wild & Disclosed CVEs CVE-2023-20588 AMD has released AMD-SB-7007 – Speculative Leaks…
Kelvin Security cybercrime gang suspect seized by Spanish police
A malicious hacking group, thought to have been operating since at least 2013, may have suffered a significant blow after the arrest of a suspected leading member by Spanish police late last week. Spain’s National Police arrested a Venezuelan man…
NIST CSF 2.0: What you need to know
Organizations looking to protect their sensitive data and assets against cyberattacks may lack the ability to build a cybersecurity strategy without any structured help. The National Institute of Standards and Technology (NIST) has a free, public framework to help any…
The 2023 ISC2 Cybersecurity Workforce Study Delves into Cloud Security and AI
The security industry is at a critical juncture. Capturing the state of affairs is a recent report released by the International Information System Security Certification Consortium, or (ISC)2. “A perfect storm” As they state in their Executive Summary, “Our study…
BlackSuit ransomware – what you need to know
What’s going on? A cybercriminal group calling itself BlackSuit has claimed responsibility for a series of ransomware attacks, including breaches at schools in central Georgia . And earlier in the year, a zoo in Tampa Bay was targeted by the…
How to Avoid and Prevent Identity Theft
Identity theft is like a thief in the night; it can happen to anyone, anywhere, at any time. It is a real threat to everyone. We live in a time where so much personal information is stored online, which allows…
10 Essential Cybersecurity Tips For Your Organization This Holiday Season
The holiday season is just around the corner; a time of joy and celebration. However, threat actors anticipate this joyous season as much as it is by many festive revelers. In fact, cybercriminals tend to be particularly active during the…
Quick Look at the New CISA Healthcare Mitigation Guide
It’s the small vines, not the large branches, that trip us up in the forest. Apparently, it’s no different in Healthcare . In November, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Mitigation Guide aimed at the Healthcare…
Supply-chain ransomware attack causes outages at over 60 credit unions
Over sixty credit unions across the United States have been taken offline following a ransomware attack at one of their technology providers – demonstrating once again the damage that can be caused by a supply-chain attack . There are a…
Understanding Mobile Payment Security
As the holiday shopping season kicks in, many are eager to secure early bird discounts and offers, preparing for the festive season. The convenience and speed of mobile devices has led to a growing number of individuals opting for mobile…
Tripwire Patch Priority Index for November 2023
Tripwire’s November 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the patch priority are patches for Microsoft Edge (Chromium-based) that resolve elevation of privilege, remote code execution, and spoofing vulnerabilities. Next on the patch priority…
Ex-worker phished former employer to illegally hack network and steal data
Once again companies are being warned to be wary of past employees who may turn rogue. 28-year-old Andrew Mahn, of Derry, New Hampshire, has pleaded guilty to charges that he illegally hacked the network of his former company, telecoms firm…
Building Fortra as Your Cybersecurity Ally
At our recent Energy and NERC Compliance Working Group, we took some time to share more about Fortra, the cybersecurity company that Tripwire is a part of. In case you missed it, Fortra is a rebranding of HelpSystems, an already…
Holiday Shopping: Tips and Best Practices to Help you Stay Secure
As we approach the holiday season, in addition to our busy work schedules, we need to plan for family visits, develop menus for special meals, and do a little shopping while the deals are good! It’s a lot to keep…
How Does NIST’s AI Risk Management Framework Affect You?
While the EU AI Act is poised to introduce binding legal requirements, there’s another noteworthy player making waves—the National Institute of Standards and Technology’s (NIST) AI Risk Management Framework (AI RMF) , published in January 2023. This framework promises to…
QR Code Phishing –What Is It?
Phishing is a longstanding danger of the digital world that most people are aware of. Whether it happens via email, text message, social media, or any other means, phishing presents a risk to all users. In recent years, the growing…
Guarding the Grid: Navigating the Current and Future Landscape of Utility Cybersecurity
Tripwire recently held its annual Energy and NERC Compliance Working Group. This year’s attendees included more than 200 Tripwire customer utility personnel representing over 80 different registered entities from all across the US and Canada. The company sizes ranged from…
NIST NCCoE Publishes Cybersecurity Framework Profile for Hybrid Satellite Networks
In late September 2023, the US-based National Institute of Standards and Technology (NIST) published its Cybersecurity Framework Profile for Hybrid Satellite Networks, otherwise known as NIST IR 8441. This blog will explore the reasons behind NIST developing the framework, outline…
$9 million seized from “pig butchering” scammers who preyed on lonely hearts
US authorities have seized almost $9 million worth of cryptocurrency linked to a gang engaged in cryptocurrency investment fraud and romance scams. The US Department of Justice has announced that the seized funds are connected to cryptocurrency wallet addresses alleged…
UK Finance Reports Slight Decrease in FinTech Cyberattacks
Overview of UK Finance’s Report The latest report from UK Finance paints a mixed picture of financial fraud in the United Kingdom, with losses exceeding £500 million in the first half of the year. However, amidst these concerning figures, there…
The Cybersecurity Skills Gap: You’re Looking at the Wrong Gap
How many times have you heard “There is a skills gap in Cybersecurity!” If you go on social media, you’ll likely hear it at least once a day. The government is big on it, and organisations lament how difficult it…
SMB Protocol Explained: Understanding its Security Risks and Best Practices
Server Message Block (SMB) protocol is a communication protocol that allows users to communicate with remote servers and computers, which they can open, share, edit files, and even share and utilize resources. With the expansion of telecommunications, this protocol has…
AI-Enabled Information Manipulation Poses Threat to EU Elections: ENISA Report
Amid growing concerns about the integrity of upcoming European elections in 2024, the 11th edition of the Threat Landscape report by the European Union Agency for Cybersecurity (ENISA) , released on October 19, 2023, reveals alarming findings about the rising…
Change Variance: How Tiny Differences Can Impact Your IT World
In the vast and ever-evolving universe of information technology, there’s one constant: change (that and cliches about constants!). Servers, systems, and software – they all get updated and modified. But, have you ever stopped to consider how even tiny differences…
Phishing Trends Examined by the SANS Institute
Earlier this year, the SANS Institute published a blog exploring emerging phishing trends. This kind of research is an invaluable resource for all individuals and organizations looking to identify and rebuff phishing attacks. In this article, we’ll cover some of…
The Six Pillars of Cybersecurity
Winter is coming In the ever-evolving landscape of cloud computing, ensuring robust security measures has never been more important. In the new ISO 27001:2022 standard, there is a new requirement for organisations to establish control of their Cloud services, which…
Financial Institutions in New York Face Stricter Cybersecurity Rules
Boards of directors need to maintain an appropriate level of cyber expertise, incidents must be reported within 72 hours after determination, and all ransom payments made must be reported within a day. Those are just some of the changes made…
Secure Access Control in 2024: 6 Trends to Watch Out For
What Is Secure Access Control? Secure access control, part of the broader field of user management , is a key concept in the realm of information security, particularly in the business environment. It refers to the process of selectively restricting…
VERT Threat Alert: November 2023 Patch Tuesday Analysis
Today’s VERT Alert addresses Microsoft’s November 2023 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1082 on Wednesday, November 15th. In-The-Wild & Disclosed CVEs CVE-2023-36033 A vulnerability in the Microsoft Desktop Window…
How Does IoT Contribute to Real-Time Grid Monitoring for Enhanced Stability and Fault Detection?
More decision-makers are investing in grid modernization efforts, knowing that doing so is necessary for keeping pace with modern demands. For example, smart grid fault-detection sensors could warn utility company providers of problems in real time, preventing costly and inconvenient…
A Simplified Overview of the MITRE ATT&CK Framework
In the world of cybersecurity, have you ever wondered about the inner workings of threat actors as they attempt to breach systems, their methods, tactics, and strategies, and how they seamlessly converge to execute a successful attack? It’s not merely…
Cloud Watching Report: Key Takeaways
The capabilities of cloud computing have changed the digital landscape significantly, and the popularity of cloud solutions only continues to increase. According to Gartner , the market for public cloud services is expected to surpass 700 billion USD by the…
CherryBlos, the malware that steals cryptocurrency via your photos – what you need to know
What’s the deal with CherryBlos? CherryBlos is a rather interesting family of Android malware that can plunder your cryptocurrency accounts – with a little help from your photos. Wait. I’ve heard of hackers stealing photos before, but what do you…
Key Highlights from the 2023 UK Cyber Crime Landscape
It’s 2023, and the landscape of cybercrime in the United Kingdom is evolving unprecedentedly. This year’s cyber threat landscape is shaped by many factors, from the continuing effects of the global pandemic to the ever-expanding digital footprint of individuals and…
Some Financial Institutions Must Report Breaches in 30 Days
The heat has just been turned up for companies hoping to “hide out” a data breach. Announced October 27th, all non-banking financial institutions are now required to report data breach incidents within 30 days. The amendment to the Safeguards Rule…
Looking Ahead: Highlights from ENISA’s Foresight 2030 Report
One of the most important factors in the technology and cybersecurity industries is the inevitable presence of constant change. Technology, business, and industry are always evolving, while cybercriminals are always searching for new and innovative ways to attack. While there…
Google introduces real-time scanning on Android devices to fight malicious apps
It doesn’t matter if you have a smartphone, a tablet, a laptop, or a desktop computer. Whatever your computing device of choice, you don’t want it impacted by malware. And although many of us are familiar with the concept of…
What We Learned From “The Cyber-Resilient CEO” Report
In today’s digital landscape, cybersecurity is not just a technical concern; it’s a strategic imperative. As we delve into the insights from a recent report from Accenture titled ” The Cyber-Resilient CEO ,” we’ll uncover CEOs’ critical role in safeguarding…
What is Classiscam Scam-as-a-Service?
“The ‘Classiscam’ scam-as-a-service operation has broadened its reach worldwide, targeting many more brands, countries, and industries, causing more significant financial damage than before,” touts Bleeping Computer . So just what is it? What is Classiscam? It’s a bird. It’s a…
Container Security Essentials: Vulnerability Scanning and Change Detection Explained
Containers offer a streamlined application deployment and management approach. Thanks to their efficiency and portability, platforms like Docker and Kubernetes have become household names in the tech industry. However, a misconception lurks in the shadows as containers gain popularity –…
Massive Surge in Security Breaches of Pensions Prompt Questions
A recent report from RPC has revealed that cybersecurity breaches in UK pension schemes increased by 4,000% from 2021/22 to 2022/23. Understandably, the announcement has raised serious concerns about the efficacy of financial service organization’s cybersecurity programmes. Although the reasons…
Simple Reminders to Conclude Cybersecurity Awareness Month
2023 marked the 20th Cybersecurity Awareness Month which was founded as a collaboration between government and the private industry to raise awareness about digital security and empower everyone to protect their personal data from digital forms of crime. While most…
Tripwire Patch Priority Index for October 2023
Tripwire’s October 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the patch priority is a patch for Microsoft Edge (Chromium-based) that resolves a type confusion vulnerability. Next on the patch priority list this month are…
A Scary Story of Group Policy Gone Wrong: Accidental Misconfigurations
In the world of cybersecurity, insider threats remain a potent and often underestimated danger. These threats can emanate not only from malicious actors within an organization but also from well-intentioned employees who inadvertently compromise security with a mis-click or other…