Resources

Blog

Guide to Creating a Robust Website Security Incident Response Plan

Earlier this year, the SEC proposed a new set of rules on cybersecurity governance , which would require public companies to make appropriate disclosures of cyber risks and management procedures. Although the amendments target the financial sector, it is one more evidence of the fact that cybersecurity is no longer a backburner component of business operations. It is a critical factor that can...
Blog

#TripwireBookClub – The Rust Programming Language

Most of the team that I work with on a daily basis is heavily invested in Python . As such, it was difficult to find people interested in reading The Rust Programming Language, 2nd Edition . In the end, two members of the team tackled the book, and it took them longer to complete the read than I would have expected. While I picked up the book, I just couldn’t get into it. That isn’t because of the...
Blog

Google Forms Used in Call-Back Phishing Scam

What's happened? Researchers at Abnormal have discovered the latest evolution in call-back phishing campaigns . Call-back phishing? Traditional phishing emails might contain a malicious link or attachment, and lure recipients into clicking on them via social engineering techniques. Call-back phishing dupes unsuspecting victims into telephoning a fraudulent call centre, where they will speak to an...
Blog

Operational Resilience: What It Is and Why It's Important

Frankly stated, operational resilience is your ability to climb the mountain, no matter the weather. Businesses now need more than a good security structure to weather the storms of AI-driven threats, APTs, cloud-based risks, and hyper-distributed environments. And more importantly, operational resilience in 2024 requires a paradigm shift. Attackers aren’t out there doing the bare minimum . As the...
Blog

Tips for Achieving Success With a NERC CIP Audit

Electrical utilities are responsible for just about everything we do. This presents a tremendous burden on those who operate those utilities. One way these organizations offer assurance is through the audit process. While audits can generate tremendous anxiety, good planning, and tools can help make the entire process go smoothly. Moreover, these can also help to achieve positive results. At the...
Blog

VERT Threat Alert: December 2023 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s December 2023 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1086 on Wednesday, December 13th. In-The-Wild & Disclosed CVEs CVE-2023-20588 AMD has released AMD-SB-7007 – Speculative Leaks Security Notice , which describes how some AMD processors can potentially return speculative data after a...
Blog

Kelvin Security cybercrime gang suspect seized by Spanish police

A malicious hacking group, thought to have been operating since at least 2013, may have suffered a significant blow after the arrest of a suspected leading member by Spanish police late last week. Spain's National Police arrested a Venezuelan man in Alicante on Thursday, in the belief that he is connected to the Kelvin Security gang. In an announcement posted on Telegram, Spanish police described...
Blog

The 2023 ISC2 Cybersecurity Workforce Study Delves into Cloud Security and AI

The security industry is at a critical juncture. Capturing the state of affairs is a recent report released by the International Information System Security Certification Consortium, or ISC2. “A perfect storm” As they state in their Executive Summary, “Our study shows that a perfect storm of economic uncertainty, rapidly emerging technologies, fragmented regulations and ever-widening workforce and...
Blog

NIST CSF 2.0: What you need to know

Organizations looking to protect their sensitive data and assets against cyberattacks may lack the ability to build a cybersecurity strategy without any structured help. The National Institute of Standards and Technology (NIST) has a free, public framework to help any organization mature its IT security posture. Recently, the institute published an updated version of the cybersecurity framework...
Blog

BlackSuit ransomware - what you need to know

What's going on? A cybercriminal group calling itself BlackSuit has claimed responsibility for a series of ransomware attacks, including breaches at schools in central Georgia . And earlier in the year, a zoo in Tampa Bay was targeted by the same hacking gang. Meanwhile, liberal arts college DePauw University in Indiana says that it was recently targeted, and a "limited amount of data on specific...
Blog

How to Avoid and Prevent Identity Theft

Identity theft is like a thief in the night; it can happen to anyone, anywhere, at any time. It is a real threat to everyone. We live in a time where so much personal information is stored online, which allows cybercriminals to steal it and use it for their gain. A Federal Trade Commission report shows that over 1 million people fell victim to identity theft in 2022. The most common types of...
Blog

10 Essential Cybersecurity Tips For Your Organization This Holiday Season

The holiday season is just around the corner; a time of joy and celebration. However, threat actors anticipate this joyous season as much as it is by many festive revelers. In fact, cybercriminals tend to be particularly active during the holiday season, taking advantage of the distractions that come with it. The holiday season tends to witness an increase in successful attacks affecting both...
Blog

Quick Look at the New CISA Healthcare Mitigation Guide

It’s the small vines, not the large branches, that trip us up in the forest. Apparently, it’s no different in Healthcare . In November, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Mitigation Guide aimed at the Healthcare and Public Health (HPH) sector. In the midst of current hybrid cloud security challenges, hyper-distributed environment considerations, an AI...
Blog

Five Things You Need to Know About Security Misconfigurations

It is easy to assume that security tools are effectively configured right out of the box, so to speak. This scenario is all too common and can lead to severe consequences, such as data breaches if an organization implements software solutions with improper security configurations. A misconfiguration is “an incorrect or suboptimal configuration of an information system or system component that may...
Blog

Supply-chain ransomware attack causes outages at over 60 credit unions

Over sixty credit unions across the United States have been taken offline following a ransomware attack at one of their technology providers - demonstrating once again the damage that can be caused by a supply-chain attack . There are a few moving parts here, so here’s a quick summary: Trellance - A provider of solutions and services used by credit unions, and the parent company of FedComp...
Blog

Tripwire Patch Priority Index for November 2023

Tripwire's November 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the patch priority are patches for Microsoft Edge (Chromium-based) that resolve elevation of privilege, remote code execution, and spoofing vulnerabilities. Next on the patch priority list this month are patches for Microsoft Office and Excel that resolve 3 remote code execution...
Blog

Understanding Mobile Payment Security

As the holiday shopping season kicks in, many are eager to secure early bird discounts and offers, preparing for the festive season. The convenience and speed of mobile devices has led to a growing number of individuals opting for mobile payments, whether conducted online or through contactless systems. The global mobile payment revenue is expected to reach $12.06 trillion by 2027 , and smartphone...
On-Demand Webinar

Top Security Misconfigurations to Watch Out For

Misconfigurations continue to be a leading cause of cybersecurity breaches. Luckily, you can prevent and correct them with the right knowledge and tools on your side. The National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) recently released a joint cybersecurity advisory (CSA) sharing the most common misconfigurations observed by their Red and Blue team...
Blog

Ex-worker phished former employer to illegally hack network and steal data

Once again, companies are being warned to be wary of past employees who may turn rogue. 28-year-old Andrew Mahn, of Derry, New Hampshire, has pleaded guilty to charges that he illegally hacked the network of his former company, telecoms firm Motorola after he successfully tricked current staff into handing over their login credentials Mahn, who had previously worked for Motorola as an RF Network...
Blog

Holiday Shopping: Tips and Best Practices to Help you Stay Secure

As we approach the holiday season, in addition to our busy work schedules, we need to plan for family visits, develop menus for special meals, and do a little shopping while the deals are good! It’s a lot to keep track of. Just remember it’s when you are distracted that you tend to put your digital security most at risk. Cybercriminals don’t take holidays. In fact, cyberattacks surge during this...