Image While a majority of discourse in the cybersecurity industry is focused on external threats – malicious hacking, phishing, and the like – the fact is that internal actors are just as capable of causing damage to an enterprise, if not more so. An insider threat may have access to resources or areas of the network that someone...

Image The Tripwire Vulnerability Exposure and Research Team (VERT) keeps its finger on the cybersecurity pulse. Check out some of the stories that stood out for us recently: WordPress forced the patching of WooCommerce Plugin The WooCommerce Plugin is subject to a privilege escalation vulnerability where an unauthenticated attacker...

Image When it comes to law enforcement crime investigations, there is a maxim of, “follow the money”. This broadly means that if you can follow the money trail, it will eventually lead you to the perpetrator of the crime. In today’s modern society, money has now become a series of binary ones and zeros that are transferred between...

Image A new report from ENISA, the European Union Agency for Cybersecurity, looking at cyberattacks targeting the European transport network over a period of almost two years, has identified that ransomware has become the prominent threat. ENISA's report, its first ever analysis of the myriad of cybersecurity threats facing the...

Image During discussions with clients about their approach to managing IT services, many organizations refer to the Information Technology Infrastructure Library (ITIL) practices as a key component of their approach. This is not surprising, as the ITIL framework provides a practical methodology for IT management, enabling the use of...

Image Hardening in Cybersecurity Cybersecurity hardening is a comprehensive approach to keeping your organization safe from intruders, and mitigating risk. By reducing your attack surface, vulnerability is reduced in tandem. Hardening (or system hardening) considers all flaws and entry points potentially targeted by attackers to...

Image Cybersecurity is no longer the exclusive domain of computers, servers, and handheld devices. As wireless connectivity grows, it makes many daily activities more convenient, but it also means that cars may be vulnerable to cyberattacks. Connected, Autonomous, Shared and Electric vehicles are starting to dominate the auto market,...

Image How big is Ransomware? The San Francisco 49ers, confirmed a ransomware attack, Cisco was attacked by the Yanluowang ransomware gang, and Entrust was attacked by Lockbit. And that’s just a handful of ransomware accounts noted in 2022. On the surface, ransomware is relatively easy for any criminal to perpetrate, however, those...

Image The cybersecurity landscape is continuously evolving. It has led businesses to question how they are protecting themselves and their consumers from data breaches. Since 2014, the Department for Digital, Culture, Media and Sport (DCMS) has commissioned the Cybersecurity Breaches Survey of the UK to understand what protections...

Image When did you last have a light-bulb moment? For me, it was very recent. I was working with a client, supporting them in their latest Payment Card Industry Data Security Standard (PCI DSS) annual compliance assessment, and, in discussion with the Qualified Security Assessor (QSA), I had a sudden urge to challenge something we’ve...

Image From its inception, the automotive industry has been shaped by innovation and disruption. In recent years, these transformations have taken shape in rapid digitization, ever-growing Electric Vehicle (EV) infrastructure, and advanced connectivity. These shifts have redirected the automotive industry, meeting and surpassing...

Image Security researchers have released a new decryption tool that should come to the rescue of some victims of a modified version of the Conti ransomware, helping them to recover their encrypted data for free. Conti was one of the most notorious ransomware groups, responsible for hundreds of attacks against organisations, which...

Image Legacy gas and coal plants are being aged out – and no one wants to pay enough to keep them going. With increased pressure from green energy laws and added competition from renewable sources, these monsters of Old Power are being shown the door. Considering they've predated and precipitated all Industrial Revolutions (except for...

Image The world of security advisories is disjointed, with disparate systems holding critical documentation in various formats. To make matters more challenging, despite living in a digital-first era, most of these documents are not legible for machines and must be parsed, reviewed, or referenced by humans. As system administrators...

Image A Rootkit is a malicious program composed of malware that is created to provide prolonged root-level or privileged-level access to a computer. It remains hidden in the computer system while maintaining control of the system remotely. Rootkits have the ability to steal data, eavesdrop, change system configurations, create...

Image Today’s VERT Alert addresses Microsoft’s March 2023 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1046 on Wednesday, March 15th. In-The-Wild & Disclosed CVEs CVE-2023-24880 Up first this month is a publicly disclosed and exploited vulnerability impacting Windows...

Image If you were to poll the folks in a typical office about which aspect of the infamous CIA Triad was most important to them, you would likely get different answers from different people. While confidentiality, integrity, and availability are all important and serve to function together, for the sake of fun, what if you had to...

Image If you blinked, you might have missed it… On October 25th 2022, the new standard for the Information Security Management System,  ISO27001 was released. Without fuss, and without fanfare. But, to quote a famous movie, “There was a great disturbance in the force.” ISO27001 is possibly one of the world's best-known standards...