Every person in an organisation has the potential to enhance security. Physical office barriers were removed during the pandemic, exposing companies to countless vulnerabilities as attack avenues have multiplied. However, this does not mean that all was lost. What it signals is the importance of promoting a culture of security across the entire corporate environment, no matter how broadly that...

The healthcare sector has become a popular target for cybercriminals and is one of the most targeted industries by cyber criminals. In 2022, 324 attacks were reported in the first half of the year. As bad actors continue to target the healthcare industry, cybersecurity experts and healthcare administrators should be aware that attacks are frequently impacting smaller companies. These numbers point...

As the cyber threat evolves, adversaries are increasingly targeting non-publicly disclosed vulnerabilities in the software supply chain . Attackers are able to stealthily travel between networks because to a vulnerability in the supply chain. To combat this risk, the cybersecurity community must center its efforts on protecting the software development lifecycle. Global initiatives to secure the...

Cybersecurity professionals are always looking to keep up with new and changing threats, as well as developing new tactics and technologies to guard against cyberattacks. Traditional approaches to security are focused on defensive or reactive measures, generally blocking attacks from coming in, or responding to attacks once they happen. Unfortunately, these methods may not be enough to...

Tripwire recently announced the release of Tripwire Enterprise (TE), version 9.0, Axon Agent 3.27, and TE Agent 9.0.0. While the full list of features may be viewed on our web site , as a product manager, I wanted to take some time to introduce some of the changes in this new release. What’s new in Tripwire Enterprise 9.0? The first significant change is in the appearance of the interface. We...

In the language of technology, a sandbox is a safe testing environment that is isolated from the rest of your network or system. Developers use sandboxes to test their code before deployment. In cybersecurity, suspicious and potentially unsafe programs, software, and attachments are executed in sandboxes to detect malware and to avoid any harm implicated by them. The use of a sandbox enables you...

The popularity of electric vehicles is partly a response to the desire of achieving sustainability and carbon footprint reduction. Automobile manufacturers are making substantial investments to tackle emissions issues, create environment-friendly vehicles, and align with Environmental, Social, and Governance (ESG) requirements . To achieve brand edge and investment appeal, automakers market ESG as...

Are you sitting comfortably? Then let us begin… No, this isn’t the start of some Christmas fairy tale… it’s how I begin reading most reports which cover the last 12 months in Cybersecurity, and there are quite a few to look at. But for me, the one I value most is the ENSIA Threat landscape (ETL) report, which is now in its tenth year. Every year, the report does a great job of presenting what has...

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of December 19th, 2022. I’ve also included some comments on these stories. NIST Recommends upgrading from SHA-1 The SHA-1 algorithm has reached the end of its usefulness...

The FBI is warning US consumers that cybercriminals are placing ads in search engine results that impersonate well-known brands, in an attempt to spread ransomware and steal financial information. In a public service announcement issued this week, the FBI describes how cybercriminals are purchasing ads that show up at the very top of search engine results, often purporting to link to a legitimate...

There’s usually a surge in online activities during festive periods. People place gift orders and send funds to loved ones, and organizations roll out offers that reflect the spirit of the festivity. Threat actors will usually take advantage of this activity to sneak past your defenses . By convincingly impersonating any of these legitimate offers, they can gain access to an organization's network...

Call her Linda Leesburg. Fresh out of graduate school and starting her first serious job, she decided to buy some kitchen utensils and related items, including a dish set, cookware, silverware and a coffee maker, to outfit the kitchen of her new apartment. She could easily buy these products at a local store, but she discovered a store online that offered them at an unusually low price. Leesburg...

The National Cyber Security Centre (NCSC) is the UK’s technical authority for cybersecurity. Established in 2016, it has worked to improve online safety and security, and has brought clarity and insight to an increasingly complex online world. In its 6th annual review, it gives insights to its understanding of the cyber environment affecting the UK. One of the most important roles of the NCSC is...

Recent advancements in the digital landscape have led to a new kind of paradigm, one where enterprise perimeters are no longer clearly defined or limited. The rapid uptake of remote working, cloud, and IoT led to these prominent shifts, resulting in users, applications, and data no longer residing exclusively within the perimeters of the enterprise. This has led to enterprise perimeters becoming...

The National Cyber Security Centre (NCSC) recently published important cybersecurity guidance to help protect retailers, which comes right as the holiday shopping season is in full swing. Retail organizations are no strangers to cyber attacks. In fact, some recent large-scale retail industry cyber attacks have included popular brands such as Guess, Under Armour, CVS Health, Home Depot, and Target...

Law enforcement agencies in the United States, UK, Netherlands, Poland, and Germany have brought down the most popular DDoS-for-hire services on the internet, responsible for tens of millions of attacks against websites. 50 of the world's biggest "booter" sites used to launch disruptive distributed denial-of-service attacks have been taken down as part of "Operation Power Off" - a joint action by...

The holiday season has arrived, and cyberattacks are expected to increase with the upcoming celebratory events. According to The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) 2022 Holiday Season Threat Trends and summary report, ransomware and phishing attacks are expected to increase in retail. With the FIFA World Cup 2022, many cybersecurity experts have advised...

As we walk towards the end of 2022, full-scale predictions are made about the trends for cybersecurity in the upcoming year: how will cybersecurity affect us, what major cyber threats will dominate the landscape, and, where shall we allocate cybersecurity budgets? Above all, what can we do to secure our businesses and protect our tangible and intangible assets from cybercriminals’ activities? As...

Philip Ingram (PI) talked to Darren Desmond (DD) . Darren currently works with the Automobile Association (AA) in the UK as the Chief Information Security Officer (CISO), joining in 2018. He started his professional career in the British Army's Royal Military Police, before a stint in the Special Investigation Branch, and Military Intelligence. Darren has worked across multiple areas of the...

Businesses come in many different sizes, yet, they all share one similarity; the growing need for cybersecurity in today’s ever-changing technology landscape. While large companies with robust security infrastructure and experience may ward off many aspiring cybercriminals, small to medium-sized businesses (SMBs) prove to be ideal targets. Lacking experience, budget, and infrastructure, small...