Cyberattacks are an increasingly common occurrence for a spectrum of industries. Rising cybercrime affects everyone, but certain sectors are more at risk than others. In 2023, the auto industry could face particularly significant dangers. Attacks in the automotive space can…
Tag: The State of Security
Tripwire Patch Priority Index for July 2022
Tripwire’s July 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft and Adobe. First on the patch priority list this month are patches that resolve 2 vulnerabilities in Edge. Next is a patch that resolves a security feature…
Exploring ESG Through a GRC Lens
Oftentimes, three-letter acronyms trend and become buzzwords. At other times, they act as catalysts by influencing the business environment in which an organization operates. Such acronyms include CSR (corporate social responsibility), GRC (governance, risk, and compliance), and the most recent…
Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of July 25, 2022
All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of July 25, 2022. I’ve…
Email Fraud in 2022: What you Need to Know
With how much of our personal and professional lives take place online, it becomes more important each day for us to understand our vulnerability to cyberattacks. Cybercriminals target emails, domains, and accounts in order to impersonate identities and scam consumers…
$10 million reward offered for information on foreign government-linked malicious hackers
A $10 million reward is being offered for information leading to the identification or location of malicious hackers working with North Korea to launch cyber attacks on US critical infrastructure. The offer comes from the US State Department which is…
Malware on IBM Power Systems: What You Need to Know
Malware – what are the threats? Malware can come from and in a variety of attack vectors. Besides using ‘traditional’ methods of spreading malware, adversaries can leverage more sophisticated methods to turn your Power System into a ‘malware host’. The…
Is any organisation risk and data breach free?
I walked into a business the other day. After a long conversation about the client’s need for cybersecurity and the implementation of the ISO27001 security standard, we talked about their risk appetite. “We don’t accept any risk. We’re risk-averse” said…
The State of Data Security in 2022: The CISOs Perspective
In the two years proceeding from the beginning of the COVID-19 pandemic, the business world has been transformed on a grand scale. Organizations have created more data than ever before, data is now spread across a wider attack surface, putting…
How DevOps and CIS Security Controls Fit Together
The Center for Internet Security’s Critical Security Controls has become an industry standard set of controls for securing the enterprise. Now on version 8, the original 20 controls are down to 18 with several sub controls added. The first six…
Cybersecurity in city government, taken to new heights: An Interview with Shane McDaniel
When most people speak of any city government, they often mention words like “Bureaucratic”,“Behind the times”, and “Slow.” This is especially true when considering cybersecurity initiatives. However, a small town in Texas is changing that view. Seguin, Texas, which was…
Black Hat USA 2022: What you need to know
Following a successful hybrid event in 2021 that saw more than 6,000 in-person, and more than 14,500 virtual attendees, Black Hat USA returns in 2022 to the Mandalay Bay Convention Centre in Las Vegas, Nevada. Now in its 25th year,…
Tripwire Patch Priority Index for June 2022
Tripwire’s June 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the patch priority list this month is a patch for a remote code execution vulnerability in Edge. Next are patches for Office and Excel that…
Cybersecurity Policy – time to think outside the box?
When we get into cybersecurity, one of the first things any organisation or company should do is write a cybersecurity policy, one that is owned by all. Easy words to put down on paper, but what do they mean? So,…
More malware-infested apps found in the Google Play store
Three million Android users may have lost money and had their devices infected by spyware, after the discovery that the official Google Play store has been distributing apps infected by a new family of malware. French security researcher Maxime Ingrao…
HIPAA Compliance & The Security Rule
Within the HIPAA Security Rule are Administrative, Physical, and Technical Safeguards. These safeguards are as important to understand as they are to implement, so let’s get some clarifications for the non-initiated. Many healthcare entities and their business associates are routinely challenged with understanding and successfully implementing…
Are your visuals making businesses more vulnerable to cybercrime?
In the world of modern business, companies must put extra effort into creating engaging visual content to stand out from the crowd. Social media marketing, for instance, was once deemed an easy way for companies to reach additional eyes but…
Vulnerability Management Program Best Practices
An enterprise vulnerability management program can reach its full potential when it is built on well-established foundational goals. These goals should address the information needs of all stakeholders, tie back to the business goals of the enterprise, and reduce the…
The State of Security: Malware in 2022
Among the many challenges businesses contend with in the global marketplace today, the 11th Allianz Risk Barometer 2022 ranks cybersecurity threats as the most important business risk. This proves beyond any doubt that enterprises are experiencing increasing threats and full-on…
10,000 organisations targeted by phishing attack that bypasses multi-factor authentication
Microsoft has shared details of a widespread phishing campaign that not only attempted to steal the passwords of targeted organisations, but was also capable of circumventing multi-factor authentication (MFA) defences. The attackers used AiTM (Attacker-in-The-Middle) reverse-proxy sites to pose as…
10,000 organisations targeted by phishing attack that bypasses multi-factor authentication
Microsoft has shared details of a widespread phishing campaign that not only attempted to steal the passwords of targeted organisations, but was also capable of circumventing multi-factor authentication (MFA) defences. The attackers used AiTM (Attacker-in-The-Middle) reverse-proxy sites to pose as…
What Is GitOps and How Will it Impact Digital Forensics?
GitOps is arguably the hottest trend in software development today. It is a new work model that is widely adopted due to its simplicity and the strong benefits it provides for development pipelines in terms of resilience, predictability, and auditability.…
Defense in Depth to minimize the impact of ransomware attacks
Ransomware attacks continue to plague organizations globally regardless of their size. In a press release by the NCC group that preceded the Annual Threat Monitor Report 2021 published for the year 2021, there were an estimated 2,690 ransomware attacks, a…
The Great Cybersecurity Resignation
In 2022, the buzz phrase of the year has to be “The Great Resignation”. What is it? It’s a term coined to describe the current rise in people leaving their employer to find work elsewhere. But people have always moved…
VERT Threat Alert: July 2022 Patch Tuesday Analysis
Today’s VERT Alert addresses Microsoft’s July 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1011 on Wednesday, July 13th. In-The-Wild & Disclosed CVEs CVE-2022-22047 Microsoft is reporting this month that a single…
File Integrity Monitoring (FIM): Your Friendly Network Detective Control
Lateral movement is one of the most consequential types of network activity for which organizations need to be on the lookout. After accessing a network, the attacker maintains ongoing access by essentially stirring through the compromised environment and obtaining increased…
Defending Aircraft Networks Against Cybersecurity Breaches
The aviation industry is both vast and complex. More than 45,000 flights and 2.9 million passengers travel through U.S. airspace every day, requiring high-tech tools and extensive communications networks. All of that data and complexity makes the sector a prime…
Using DevSecOps for Efficient IT Security
DevSecOps is the key to achieving effective IT security in software development. By taking a proactive approach to security and building it into the process from the start, DevSecOps ensures improved application security. It also allows organizations to rapidly develop…
Lockdown Mode: Apple to protect users from targeted spyware attacks
Apple has previewed a new feature which aims to harden high-risk users from the serious threat of being spied upon by enemy states and intelligence agencies. “Lockdown Mode” is scheduled to arrive later this year with the release of Apple…
PCI 4.0: The wider meanings of the new Standard
The new PCI DSS Standard, version 4.0, contains all the steps, best practices, and explanations required for full compliance. In fact, even an organization that does not process cardholder data could follow the PCI Standard to implement a robust cybersecurity…
The True Cost of a Security Breach
There have been many articles about the cost of a security breach. With the emergence of privacy regulations that assign penalties based on a business’ profit, or those that calculate a value for each compromised record, it is possible to…
Center for Internet Security (CIS) Controls v8: Your Complete Guide to the Top 18
The Center for Internet Security (CIS) controls are a relatively short list of high-priority, highly effective defensive actions that provide a “must-do, do-first” starting point for every enterprise seeking to improve its cyber defense. Initially developed by the SANS Institute…
Why Security Configuration Management (SCM) Matters
In the Godfather Part II, Michael Corleone says, “There are many things my father taught me here in this room. He taught me: keep your friends close, but your enemies closer.” This lesson Vito Corleone taught his son Michael is…
The Need of Privacy Certifications for Lawyers
The widespread adaptability and integration of tools and the professionals who can effectively use them to comply with the law will significantly impact the careers of both lawyers and other legal personnel. One of the fastest-growing areas in the legal…
CISO Interview Series: The challenges of being the CISO for the University of Oxford.
The job of a CISO is one of constant change and unexpected challenges. One of the most energetic environments to govern is that of a university. Universities function not only as academic institutions, but also as research hubs, hosting both…
Black Basta ransomware – what you need to know
What is Black Basta? Black Basta is a relatively new family of ransomware, first discovered in April 2022. Although only active for the past couple of months, the Black Basta ransomware is thought to have already hit almost 50 organisations…
What you need to know about PCI 4.0: Requirements 10, 11 and 12
As we continue our review of the 12 Requirements of PCI DSS version 4.0, one has to stop and consider, is it possible to have a favorite section of a standard? After all, most guidance documents, as well as regulations…
Penetration Testing in 2022: Key Trends and Challenges
Just when you thought that we couldn’t be any more integrated with (and dependent on) technology, the Covid pandemic swooped in to prove otherwise. The rise in the use of applications and devices to perform even basic functions pushed companies…
The Role of IAM in Maintaining Cloud Security
Cloud computing is an effective solution for large and small companies across every industry. There has been rapid adoption due in large part to its accessibility, flexibility, and reliability. The cloud environment brings a significant amount of benefits, but at…
Are Protection Payments the Future of Ransomware? How Businesses Can Protect Themselves
Ransomware has matured significantly over the previous decade or so. Initially thought to be a relatively basic virus that could be contained on a floppy disk, it can now damage global business infrastructures, stop healthcare systems dead in their tracks,…
Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of June 20, 2022
All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of June 20, 2022. I’ve…
How to Protect Your Remote Workforce from a Cyberattack
Earlier this year, an industry report stated that 79% of businesses remain concerned about the security risks of an increasingly remote workforce. Cyberattacks are on the rise since the COVID-19 pandemic, in part because many organizations fail to put in…
NHS warns of scam COVID-19 text messages
The UK’s National Health Service (NHS) has warned the public about a spate of fake messages, sent out as SMS text messages, fraudulently telling recipients that they have been exposed to the Omicron variant of COVID-19. In a tweet, the…
What you need to know about PCI 4.0: Requirements 5, 6, 7, 8 and 9
In Part 1 of this series, we reviewed the first four sections of the new PCI standards. As we continue our examination of PCI DSS version 4.0, we will consider what organizations will need to do in order to successfully…
NIST SP 800-161r1: What You Need to Know
Modern goods and services rely on a supply chain ecosystem, which are interconnected networks of manufacturers, software developers, and other service providers. This ecosystem provides cost savings, interoperability, quick innovation, product feature diversity, and the freedom to pick between rival…
Q1 2022 Phishing Threat Trends and Intelligence Report
In 2022, phishing attacks have not only increased substantially, but they have also taken a new turn of events. According to the Agari and PhishLabs Quarterly Threat Trends & Intelligence report, phishing attacks are gradually being delivered through a wide…
The actual cost of a breach – reputation, loss of customers, fines, suspension of business
According to IBM’s Cost of a Data Breach report In 2021, data breach costs rose from $3.86 million to $4.24 million, exhibiting the highest average total cost in the 17-year history of their report. A new report from the Department…
Reexamining the “5 Laws of Cybersecurity”
This article has been indexed from The State of Security Nearly a year ago, journalist Martin Banks codified “Five Laws of Cybersecurity”. Cybersecurity is a complicated field, and any way to simplify its many facets into short, easy-to-remember maxims is…
Cyberthreat Defense Report 2022: Key Points You Should Know
This article has been indexed from The State of Security Each year, CyberEdge publishes the Cyberthreat Defense Report (CDR). Aimed at IT security leaders, this comprehensive report outlines the threats, security issues, and industry concerns that are most pressing. Information…
Interpol arrests thousands of scammers in operation “First Light 2022”
This article has been indexed from The State of Security Law enforcement agencies around the world appear to have scored a major victory in the fight against fraudsters, in an operation that seized tens of millions of dollars and seen…
Grooming lies and their function in financial frauds
This article has been indexed from The State of Security Grooming techniques used in various frauds are getting more common and more elaborate. Fraudsters are coming up with narratives that involve complicated lies and may have different stages, depending on…
Tripwire Products: Quick Reference Guide
This article has been indexed from The State of Security The post Tripwire Products: Quick Reference Guide appeared first on The State of Security. Read the original article: Tripwire Products: Quick Reference Guide
VERT Threat Alert: June 2022 Patch Tuesday Analysis
This article has been indexed from The State of Security Today’s VERT Alert addresses Microsoft’s June 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1007 on Wednesday, June 15th. In-The-Wild & Disclosed…
What you need to know about PCI 4.0: Requirements 1, 2, 3 and 4.
This article has been indexed from The State of Security The Payment Card Industry Security Standards Council has released its first update to their Data Security Standard (PCI DSS) since 2018. The new standard, version 4.0, is set to generally…
Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of June 06, 2022
This article has been indexed from The State of Security All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out…
Stronger Together: 4 things to do at Infosecurity Europe 2022
This article has been indexed from The State of Security Following a two-year suspension of its live conference, Europe’s largest information security event Infosecurity Europe returns, welcoming in-person attendees at London’s ExCel Centre between June 21st and 23rd. Reed Exhibitions announced in…
The State of Security: Ransomware
This article has been indexed from The State of Security Sophos Labs recently released its annual global study, State of Ransomware 2022, which covers real-world ransomware experiences in 2021, their financial and operational impact on organizations, as well as the…
Navigating Cybersecurity with NERC CIP as the North Star
This article has been indexed from The State of Security Working in the Electric Utility sector of critical infrastructure gives a person a very unique perspective on how many of the pieces of the puzzle fit together to provide uninterrupted…
What Is ISO/IEC 27017?
This article has been indexed from The State of Security More than a third of organizations suffered a serious cloud security incident in 2021. According to a survey of 300 cloud professionals covered by BetaNews, 36% of those respondents said…
Bridging the IT/OT gap with Tripwire’s Industrial Solutions
This article has been indexed from The State of Security Cybersecurity has, since its inception, been a corporate-based problem. Whether it is a public, or private corporation, these entities were the primary targets of most cybercrime. In recent years, the industrial sector…
NERC CIP Audits: Top 8 Dos and Don’ts
This article has been indexed from The State of Security My time at NERC had me involved with quite a few projects over my seven-year career there. I was involved with CIP compliance audits, investigations, auditor training, and many advisory sessions.…
Apple protected App Store users from $1.5 billion fraud last year
This article has been indexed from The State of Security Apple says that it protected many millions of users from being defrauded to the tune of nearly $1.5 billion dollars in the last year, by policing its official App Store.…
Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of May 30, 2022
This article has been indexed from The State of Security All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out…
HITRUST: the Path to Cyber Resilience
This article has been indexed from The State of Security There has been a lot of talk recently about cyber resilience. There is no doubt that the ability to bounce back from a security event is important, however, all of…
High Seas and High Stakes Communications: Securing the Maritime Industry
This article has been indexed from The State of Security Recall the last time that you stood on the shore, enjoying the briny breeze that gently caressed your skin, and the sounds and smells of the sea. You may have noticed…
Top CVE Trends — And What You Can Do About Them
This article has been indexed from The State of Security Cybersecurity awareness, protection, and prevention is all-encompassing. In addition to implementing the right tools and resources, and hiring skilled professionals with the right cybersecurity education and experience, organizations should be…
How to Apply the Risk Management Framework (RMF)
This article has been indexed from The State of Security The Risk Management Framework (RMF) is most commonly associated with the NIST SP 800-37 guide for “Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach,” which…
Building a More Secure Cloud: 5 Strategies for 2022
This article has been indexed from The State of Security Cloud adoption continues to soar. More than two-thirds of small to mid-sized businesses intend to increase their use of cloud technologies over the next few years. While the cloud comes…
ICS Security in Healthcare: Why Software Vulnerabilities Pose a Threat to Patient Safety
This article has been indexed from The State of Security The lack of healthcare cybersecurity is one of the most significant threats to the sanctity of the global healthcare industry. This is made evident by the fact that in 2020…
Tripwire Patch Priority Index for May 2022
This article has been indexed from The State of Security Tripwire’s May 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the patch priority list this month are 2 remote code execution vulnerabilities for Excel and…
Protecting Against Bad Chemistry (with Cybersecurity)
This article has been indexed from The State of Security Do you recall one of the first really fun chemistry experiment you performed as a child? If your school followed the usual curriculum, then you probably made a model volcano…
Ransomware demands acts of kindness to get your files back
This article has been indexed from The State of Security The great thing about working in the world of cybersecurity is that there’s always something new. You may think you’ve seen it all, and then something comes along that completely…
A Problem Like API Security: How Attackers Hack Authentication
This article has been indexed from The State of Security There is a sight gag that has been used in a number of movies and TV comedies that involves an apartment building lobby. It shows how people who don’t live…
How Can OEMs Reduce Their Risk of Cyberattacks?
This article has been indexed from The State of Security Many modern businesses in almost every sector of the economy are adopting the latest technologies for greater connectivity and efficiency. However, while many of these technologies offer myriad benefits, they…
Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of May 16, 2022
This article has been indexed from The State of Security All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out…
Regulatory Compliance in the Cloud: What you Need to Know
This article has been indexed from The State of Security Anyone reading this post will have at least dipped their toes into the world of cloud services. As a result of this massive growth, the world of compliance has spent…
Why the Cybersecurity Industry Needs to Change Its Siloed Perception
This article has been indexed from The State of Security As high-profile data theft incidents continue to rise and become more sophisticated, there is a greater-than-ever need for emerging businesses to take their cybersecurity seriously. So, why do many entrepreneurs…
#TripwireBookClub – Go H*ck Yourself
This article has been indexed from The State of Security After a busy start to the year, we were finally able to settle down and take a look at a new book. This time around, we’re looking at Go H*ck…
Phishing gang that stole over 400,000 Euros busted in Spain
This article has been indexed from The State of Security Spanish police say that they have dismantled a phishing gang operating across the country, following the arrest of 13 people and the announcement that they are investigating a further seven…
Malicious hackers are finding it too easy to achieve their initial access
This article has been indexed from The State of Security It should be hard for malicious hackers to break into systems, but all too often it isn’t. That’s a takeaway from a joint cybersecurity advisory issued by the Cybersecurity and…
5 Things to know about the UK’s National Cyber Security Centre (NCSC)
This article has been indexed from The State of Security #1 The history of the National Cyber Security Centre The UK’s first cybersecurity strategy was launched in 2009 and outlined that whatever the shape of the cybersecurity mission, it made…
Your social media account hasn’t been hacked, it’s been cloned!
This article has been indexed from The State of Security A recent Facebook post from a family member made me realize that I needed to write about an overused term. A term, that when used, causes chaos and concern. I…
Adding visibility to the invisible: securing your automated systems
This article has been indexed from The State of Security Have you ever dined in a restaurant with a police officer? When choosing a table, or seating location, law enforcement professionals will often choose the seat that positions them with…
2022 Q1 Privacy Update — A new year sparks new initiatives
This article has been indexed from The State of Security The first months of 2022 began slowly for privacy, but by the end of the first quarter we had our marching orders for the rest of the year. In the…
CIS Control 18 Penetration Testing
This article has been indexed from The State of Security Penetration testing is something that more companies and organizations should be considering a necessary expense. I say this because over the years the cost of data breaches and other forms…
Multi-Factor Authentication: A Key to Cyber Risk Insurance Coverage
This article has been indexed from The State of Security Cyber-attacks are becoming more sophisticated and devastating, especially for small and medium enterprises (SMEs). With ransom demands rising and the cost of data breaches soaring, businesses are investing heavily in…
VERT Threat Alert: May 2022 Patch Tuesday Analysis
This article has been indexed from The State of Security Today’s VERT Alert addresses Microsoft’s May 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1002 on Wednesday, May 11th. CVE-2022-26925 In-The-Wild &…
Building a Strong Business Case for Security and Compliance
This article has been indexed from The State of Security Compliance is a key part of any organisation and in business terms, it is about ensuring companies of all sizes and their employees comply with existing national and international laws. In…
Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of May 2, 2022
This article has been indexed from The State of Security All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out…
5 Potential Solutions to the Cybersecurity Talent Shortage
This article has been indexed from The State of Security The most relevant cybersecurity threat to most businesses may be human, not technical. A sudden wave of cybercrime paired with longstanding tech labor challenges has created a cybersecurity skills gap,…
The main security challenges when adopting cloud services
This article has been indexed from The State of Security The popularity of cloud services has increased exponentially in recent years. The prospects of saving on capital and operational expenditures have been significant driving forces in influencing companies to adopt…
$43 billion stolen through Business Email Compromise since 2016, reports FBI
This article has been indexed from The State of Security Over US $43 billion has been lost through Business Email Compromise attacks since 2016, according to data released this week by the FBI. The FBI’s Internet Crime Complaint Center (IC3)…
World Password Day is Dead. Long Live World Password Day!
This article has been indexed from The State of Security In 2002 I sat in a local bookstore in Jackson Hole, WY that offered a few Internet-connected computers for hourly use. After chatting with the owner and petting the resident…
A Tripwire Milestone: ASPL – 1000 is here
This article has been indexed from The State of Security When I joined nCircle as a security researcher in 2006, ASPL 117 had just been released. I missed the ASPL-100 release celebration, which included custom sweatshirts, but there was still…
May The Fourth Be with You: Jedi Mind Tricks and Scams
This article has been indexed from The State of Security Over the past few years, I’ve used Star Wars Day as a way to talk about two of my favourite things – Star Wars and cybersecurity. I wrote about scammers…
Compliance does not equal security: 7 cybersecurity experts share their insights
This article has been indexed from The State of Security It is often stated that security is hard. Whether it is the people, processes, and technology, or any combination of the three, security is a never ending challenge. Conversely, compliance…
Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of April 25, 2022
This article has been indexed from The State of Security All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out…
OSINT: The privacy risks of sharing too much information
This article has been indexed from The State of Security In the past, I’ve written about digital privacy and how much data we leak through our day to day interactions. I think this is an important topic to consider and…
Tripwire Patch Priority Index for April 2022
This article has been indexed from The State of Security Tripwire’s April 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, Google Chrome, Oracle, and Adobe. First on the patch priority list this month is an elevation of…
Ransomware costs show prevention is better than the cure
This article has been indexed from The State of Security If your company is worried about the financial hit of paying a ransom to cybercriminals after a ransomware attack, wait until they find out the true cost of a ransomware…