The popularity of electric vehicles is partly a response to the desire of achieving sustainability and carbon footprint reduction. Automobile manufacturers are making substantial investments to tackle emissions issues, create environment-friendly vehicles, and align with Environmental, Social, and Governance (ESG) requirements. To achieve brand edge and investment appeal, automakers market ESG as...

Passwords are the most basic and common authentication method used to secure access to systems. But the process of using and maintaining secure passwords for numerous platforms can be quite tedious. According to Verizon`s 2020 Data Breach Investigation Report, weak, and re-used passwords resulted in 81% of data breaches. Apart from that, there are many more vulnerabilities and risks related to...

Are you sitting comfortably? Then let us begin… No, this isn’t the start of some Christmas fairy tale… it’s how I begin reading most reports which cover the last 12 months in Cybersecurity, and there are quite a few to look at. But for me, the one I value most is the ENSIA Threat landscape (ETL) report, which is now in its tenth year. Every year, the report does a great job of presenting what has...

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of December 19th, 2022. I’ve also included some comments on these stories. NIST Recommends upgrading from SHA-1 The SHA-1 algorithm has reached the end of its usefulness...

The FBI is warning US consumers that cybercriminals are placing ads in search engine results that impersonate well-known brands, in an attempt to spread ransomware and steal financial information. In a public service announcement issued this week, the FBI describes how cybercriminals are purchasing ads that show up at the very top of search engine results, often purporting to link to a legitimate...

Tripwire's November 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the patch priority list this month are patches for Microsoft Office, Word, and Excel that resolve 8 vulnerabilities, including remote code execution, information disclosure, and security feature bypass vulnerabilities. Up next are patches that affect components of the core Windows...

This year marks the release of the first 2022 Vulnerability Management Report from Fortra. The report, which was conducted in September 2022, is based on a comprehensive survey of over 390 cybersecurity professionals with the goal of gaining insights into the latest trends, key challenges, and vulnerability management solution preferences. According to the report, cybersecurity teams require...

There’s usually a surge in online activities during festive periods. People place gift orders and send funds to loved ones, and organizations roll out offers that reflect the spirit of the festivity. Threat actors will usually take advantage of this activity to sneak past your defenses. By convincingly impersonating any of these legitimate offers, they can gain access to an organization's network...

Call her Linda Leesburg. Fresh out of graduate school and starting her first serious job, she decided to buy some kitchen utensils and related items, including a dish set, cookware, silverware and a coffee maker, to outfit the kitchen of her new apartment. She could easily buy these products at a local store, but she discovered a store online that offered them at an unusually low price. Leesburg...

When we speak of necessary evils, some images readily spring to mind. A dental appointment, automobile insurance, and many others. In cybersecurity, audits fit this image quite well. There are many uncomfortable aspects of audits, including the need to maintain accurate records, as well as finding the time to perform all the work required to satisfy the auditors. Deep down, we all know that audits...