Africa has made huge strides in digital transformation in the past few years. For example, over 160 million Africans gained broadband internet access between 2019 and 2022. As the continent embraces digitalization, cybersecurity is becoming an increasingly pressing concern. Recognizing the need for a coordinated approach to cybersecurity, Smart Africa recently launched the African Network of...

The recent Bybit hack, in which bad actors swooped in and made off with $1.5 billion worth of Ethereum, has sent shockwaves through the cryptocurrency industry. As one of the largest digital heists in history, it lays bare the vulnerabilities in crypto exchange security and the persistent threats from sophisticated actors. And yes, Bybit has assured its customers that their funds will be covered;...

In July 2024, as the Republican National Committee (RNC) geared up for its national convention in Milwaukee, Chinese hackers infiltrated the RNC's email system. According to The Wall Street Journal, attackers maintained access for several months, trying to get their hands on intelligence on how the GOP planned to address Taiwan in its party platform. Microsoft alerted top party officials about...

Advanced Persistent Threat (APT) groups are not a new scourge. These sophisticated, state-sponsored cyber adversaries, with deep pockets and highly advanced technical skills, conduct prolonged and targeted attacks to infiltrate networks, exfiltrate sensitive data, and disrupt critical infrastructure. The stakes have never been higher, so in this blog, we’ll look at some of the most notorious APT...

As cyber threats evolve, so must the strategies and frameworks that protect the data and systems that are at the heart of national defense, intelligence, and security. At a time when cyber threats are becoming more sophisticated, the need to protect national security systems (NSS) has never been more critical. With this in mind, the Committee on National Security Systems (CNSS) was formed to...

Shed a tear, if you can, for the poor, misunderstood cybercriminals hard at work trying to earn a dishonest crust by infecting organisations with ransomware.Newly released research has revealed that the riches to be made from encrypting a company's data and demanding a ransom are not proving so easy to come by as they once were.Because, although the number of ransomware attacks are reported to...

Ransomware is no longer in its heyday. Evolving, AI-driven cybersecurity tools and global law enforcement efforts have seen to that. But that doesn’t mean ransomware is no longer a threat. In fact, in some ways, the danger is greater than ever. While ransomware attacks are less common than they used to be, the consequences of those that succeed are more severe. Earlier this year, the Ponemon...

Cyber fraud has skyrocketed from a growing concern to the leading driver of payment fraud in the UK, infiltrating most businesses in the country and exposing them to previously unimagined financial and operational risks. This was one of the findings of Trustpair’s 2025 Fraud Report, Fraud in the Cyber Era: 2025 UK Fraud Trends & Insights, which revealed that an eye-watering more than nine out of...

Today’s Patch Tuesday Alert addresses Microsoft’s April 2025 Security Updates. We are actively working on coverage for these vulnerabilities and expect to ship ASPL-1151 as soon as coverage is completed.In-The-Wild & Disclosed CVEsCVE-2025-29824A vulnerability in the Windows Common Log File System (CLFS) Driver could allow a malicious actor to elevate their privileges to SYSTEM. Microsoft has...

Compliance is a “ticket to entry” for businesses today, and information security risk management (ISRM) makes sure organizations hang on to their ticket. In this blog, we’ll review how ISRM helps organizations not only get compliant but stay compliant.And how Tripwire makes that process automatic.Compliance is a Core Cost of Doing Business TodayWithout adhering to industry-standard data privacy...

Tripwire's March 2025 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft and Google.Up first on the list are patches for Microsoft Edge (Chromium-based) and Google Chromium that resolve spoofing, out of bounds read, use after free, and other vulnerabilities.Next on the list are patches for Microsoft Office, Excel, Word, and Access. These patches resolve 12 remote...

What is HellCat?HellCat is the name of a relatively new ransomware-as-a-service (RaaS) group that first came to prominence in the second half of 2024. Like many other ransomware operations, HellCat breaks into organisations, steals sensitive files, and encrypts computer systems - demanding a ransom payment for a decryption key and to prevent the leaking of stolen files.So it's your typical "double...

Federal Desktop Core Configuration (FDCC) was mandated by the US Office of Management and Budget (OMB) in 2007 and provides a set of security standards that must be adhered to by all federal workstations and laptops running Windows XP or Vista.FDCC evolved into the United States Government Configuration Baseline (USGCB) starting in 2010, although some agencies and contracts may still be under...

What is the VanHelsing ransomware?First reported earlier in March 2025, VanHelsing is a new ransomware-as-a-service operation.Oh, so it's a relatively new player on the malware scene, then. Why the concern?At least three victims of VanHelsing have already been identitified, and a number of variants of the malware have been analysed by security researchers. The fact that VanHelsing runs as a RaaS...

At a time when cyber threats seem to escalate daily, security teams are always on the lookout for new ways to protect their sensitive data and systems. For some, Privileged Access Workstations (PAWs) are being viewed as one solution to keep privileged accounts and critical systems safe from compromise. These are specialized workstations built for administrators and users who manage highly...

The terms “patch management” and “vulnerability management“ are not the same. And that difference is a big difference.They may be confused because applying patches is one of the many ways to mitigate cyber risks. However, it is one piece of the entire vulnerability management puzzle and organizations that do not realize this are burdened with a false sense of security. A patch management program...

The Monetary Authority of Singapore (MAS) is both the central bank and chief financial regulator of Singapore. As such, they publish best practices (“Guidelines”) and legally binding regulations (“Notices”) regarding technology risk management and cyber hygiene. Mandatory requirements include:Notice on Technology Risk Management (FSM N21)Notice on Cyber Hygiene (FSM N22)Notice on Management of...

It is a significant benefit that the world is connected the way it is, with the potential for even greater interconnectivity. However, this has come at huge costs, too, considering the rise in the direct involvement of state actors engaged in cyber warfare. Against this background, nations have a more acute awareness of digital vulnerabilities, which has radiated into regulatory frameworks...

The Verizon 2023 Data Breach Investigations Report made a startling revelation: Basic Web Application Attacks accounted for nearly one-fourth of the entire breach data set. Although not the most sophisticated threats, common web attacks like credential stuffing and SQL injection continue to wreak havoc on the cybersecurity landscape—just like phishing and emerging AI-based attacks—and for good...

If your website is targeting multiple states or countries, by default, you face a double-pronged challenge: adapting to regional regulatory demands while defending against sophisticated cyber threats. Tackling this requires localization. But what does the term actually entail?Localization isn’t just about tailoring products, services, and infrastructure to meet local market requirements; it has...