Resources

Blog

CherryBlos, the malware that steals cryptocurrency via your photos - what you need to know

What's the deal with CherryBlos? CherryBlos is a rather interesting family of Android malware that can plunder your cryptocurrency accounts - with a little help from your photos. Wait. I've heard of hackers stealing photos before, but what do you mean by malware stealing cryptocurrency via my photos? How does it do that? Well, imagine you have sensitive information - such as details related to...
Blog

Some Financial Institutions Must Report Breaches in 30 Days

The heat has just been turned up for companies hoping to “hide out” a data breach. Announced October 27th, all non-banking financial institutions are now required to report data breach incidents within 30 days. The amendment to the Safeguards Rule was made by the U.S. Federal Trade Commission (FTC). It will go into effect 180 days after publication of the law in the Federal Register, or around...
Blog

Key Highlights from the 2023 UK Cyber Crime Landscape

It’s 2023, and the landscape of cybercrime in the United Kingdom is evolving unprecedentedly. This year's cyber threat landscape is shaped by many factors, from the continuing effects of the global pandemic to the ever-expanding digital footprint of individuals and organizations. In this article, we delve into the key cybercrime statistics for 2023, providing you with valuable insights into the...
Blog

Google introduces real-time scanning on Android devices to fight malicious apps

It doesn't matter if you have a smartphone, a tablet, a laptop, or a desktop computer. Whatever your computing device of choice, you don't want it impacted by malware. And although many of us are familiar with the concept of protecting our PCs and laptops with security software that aims to identify attacks in real-time, it's not a defence that is as widely adopted on mobile devices. However, the...
Blog

Looking Ahead: Highlights from ENISA's Foresight 2030 Report

One of the most important factors in the technology and cybersecurity industries is the inevitable presence of constant change. Technology, business, and industry are always evolving, while cybercriminals are always searching for new and innovative ways to attack. While there is no surefire way to account for future developments, some professionals have dedicated time and expertise to predicting...
Blog

What is Classiscam Scam-as-a-Service?

"The 'Classiscam' scam-as-a-service operation has broadened its reach worldwide, targeting many more brands, countries, and industries, causing more significant financial damage than before,” touts Bleeping Computer . So just what is it? What is Classiscam? It’s a bird. It’s a plane. It’s - a pyramid? Classiscam is an enterprising criminal operation that uses a division of labor to organize low...
Blog

What We Learned From "The Cyber-Resilient CEO" Report

In today's digital landscape, cybersecurity is not just a technical concern; it's a strategic imperative. As we delve into the insights from a recent report from Accenture titled " The Cyber-Resilient CEO ," we'll uncover CEOs' critical role in safeguarding their organizations against cyber threats. Discover how a select group of leaders navigates the complex terrain of cyber vulnerabilities...
Blog

Tripwire Patch Priority Index for October 2023

Tripwire's October 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the patch priority is a patch for Microsoft Edge (Chromium-based) that resolves a type confusion vulnerability. Next on the patch priority list this month are patches for Microsoft Office that resolve 3 elevation of privilege vulnerabilities. Next are patches that affect components...
Blog

Simple Reminders to Conclude Cybersecurity Awareness Month

2023 marked the 20th Cybersecurity Awareness Month which was founded as a collaboration between government and the private industry to raise awareness about digital security and empower everyone to protect their personal data from digital forms of crime. While most of the cybersecurity news articles are about massive data breaches and cybercriminals, it can seem overwhelming, making it feel like...
Blog

Massive Surge in Security Breaches of Pensions Prompt Questions

A recent report from RPC has revealed that cybersecurity breaches in UK pension schemes increased by 4,000% from 2021/22 to 2022/23. Understandably, the announcement has raised serious concerns about the efficacy of financial service organization’s cybersecurity programmes. Although the reasons for cyberattacks on financial services are fairly obvious – potential financial gains, troves of...
Blog

Container Security Essentials: Vulnerability Scanning and Change Detection Explained

Containers offer a streamlined application deployment and management approach. Thanks to their efficiency and portability, platforms like Docker and Kubernetes have become household names in the tech industry. However, a misconception lurks in the shadows as containers gain popularity - the belief that active vulnerability scanning becomes redundant once containers are implemented. This blog will...
Guide

10 Common Security Misconfigurations and How to Fix Them

Is your organization using default security settings, or do you have a security configuration management (SCM) program in place to ensure your configurations are as secure as possible? Misconfigurations are a leading cause of unauthorized access and security breaches, creating entry points for hackers in servers, websites, software, and cloud infrastructure. The Open Worldwide Application Security...
Blog

6 Common Phishing Attacks and How to Protect Against Them

Phishing is still as large a concern as ever. “If it ain’t broke, don’t fix it,” seems to hold in this tried-and-true attack method. The Verizon 2023 Data Breach Report states that phishing accounted for 44% of social engineering incidents overall, up 3% from last year despite stiff competition from pretexting attacks. In the wake of more “malicious” threats (APTs, recompiled malware code...
Blog

A Scary Story of Group Policy Gone Wrong: Accidental Misconfigurations

In the world of cybersecurity, insider threats remain a potent and often underestimated danger. These threats can emanate not only from malicious actors within an organization but also from well-intentioned employees who inadvertently compromise security with a mis-click or other unwitting action. Having spent many years in system administrator-type roles, I'm actually surprised at how easy it...
Blog

Phony Corsair job vacancy targets LinkedIn users with DarkGate malware

Job hunters should be on their guard. Researchers at security firm WithSecure have described how fake job opportunities are being posted on LinkedIn with the intent of spreading malware. A Vietnamese cybercrime gang is being blamed for a malware campaign that has seen bogus adverts posted on LinkedIn, pretending to be related to jobs at computer memory and gaming accessories firm Corsair. The...
Blog

What you should know about VPN audits

The main reasons internet users choose to use a virtual private network (VPN) are to protect their online identity and bypass geo-restrictions. Cybercrime is on the rise and is expected to grow each year – the largest breach of 2023 so far occurred on Twitter . For those who reside in countries where internet freedom is lacking, a VPN is necessary to access certain content, and privacy is crucial...
Blog

Security in the Property Industry: Challenges and How to Avoid Attacks

In recent years, there has been a major ongoing trend toward more digital infrastructure and an increased dependence on technology across a wide variety of sectors. In the property industry, this has manifested heavily in the growth of the property technology (PropTech) market. These developments have had a serious impact on the sector, enabling advances that both improve existing processes and...
Blog

The growth of APIs attracts Cybercrime: How to prepare against cyber attacks

Application Programming Interfaces (APIs) have profoundly transformed the internet's fabric. In the pre-API era, digital interactions were limited by siloed systems functioning in isolation. APIs dismantled these barriers by introducing a universal language that diverse applications could comprehend. This linguistic bridge facilitated an unprecedented level of interconnectivity between software...
Blog

5 Tripwire Enterprise Misconfigurations to Avoid

Configuration management is vitally important as part of a sound cybersecurity strategy. We have previously published how patching alone is not enough, as that does not alter a system’s customized configuration. Misconfigurations can be as damaging to security as a deliberate attack on a system. As the manufacturer of Tripwire Enterprise (TE) , we thought that it would be prudent to help our...
Blog

Cyber Insurance Report: Breach Frequency Down, Breach Severity Up

The past half-decade has been a particularly tumultuous one for cybersecurity. It has borne witness to some of the most damaging attacks in history, unprecedentedly high data breach rates, and a staggering number of emerging threat groups. However, a new report from cyber insurance provider Coalition suggests that things are beginning to stabilize. The report , which features data from Coalition’s...