Blog

Blog

Operational Resilience: What It Is and Why It's Important

Frankly stated, operational resilience is your ability to climb the mountain, no matter the weather. Businesses now need more than a good security structure to weather the storms of AI-driven threats, APTs, cloud-based risks, and hyper-distributed environments. And more importantly, operational resilience in 2024 requires a paradigm shift. Attackers aren’t out there doing the bare minimum . As the...
Blog

Tips for Achieving Success With a NERC CIP Audit

Electrical utilities are responsible for just about everything we do. This presents a tremendous burden on those who operate those utilities. One way these organizations offer assurance is through the audit process. While audits can generate tremendous anxiety, good planning, and tools can help make the entire process go smoothly. Moreover, these can also help to achieve positive results. At the...
Blog

Kelvin Security cybercrime gang suspect seized by Spanish police

A malicious hacking group, thought to have been operating since at least 2013, may have suffered a significant blow after the arrest of a suspected leading member by Spanish police late last week. Spain's National Police arrested a Venezuelan man in Alicante on Thursday, in the belief that he is connected to the Kelvin Security gang. In an announcement posted on Telegram, Spanish police described...
Blog

The 2023 ISC2 Cybersecurity Workforce Study Delves into Cloud Security and AI

The security industry is at a critical juncture. Capturing the state of affairs is a recent report released by the International Information System Security Certification Consortium, or ISC2. “A perfect storm” As they state in their Executive Summary, “Our study shows that a perfect storm of economic uncertainty, rapidly emerging technologies, fragmented regulations and ever-widening workforce and...
Blog

BlackSuit ransomware - what you need to know

What's going on? A cybercriminal group calling itself BlackSuit has claimed responsibility for a series of ransomware attacks, including breaches at schools in central Georgia . And earlier in the year, a zoo in Tampa Bay was targeted by the same hacking gang. Meanwhile, liberal arts college DePauw University in Indiana says that it was recently targeted, and a "limited amount of data on specific...
Blog

How to Avoid and Prevent Identity Theft

Identity theft is like a thief in the night; it can happen to anyone, anywhere, at any time. It is a real threat to everyone. We live in a time where so much personal information is stored online, which allows cybercriminals to steal it and use it for their gain. A Federal Trade Commission report shows that over 1 million people fell victim to identity theft in 2022. The most common types of...
Blog

Quick Look at the New CISA Healthcare Mitigation Guide

It’s the small vines, not the large branches, that trip us up in the forest. Apparently, it’s no different in Healthcare . In November, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Mitigation Guide aimed at the Healthcare and Public Health (HPH) sector. In the midst of current hybrid cloud security challenges, hyper-distributed environment considerations, an AI...
Blog

Tripwire Patch Priority Index for November 2023

Tripwire's November 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the patch priority are patches for Microsoft Edge (Chromium-based) that resolve elevation of privilege, remote code execution, and spoofing vulnerabilities. Next on the patch priority list this month are patches for Microsoft Office and Excel that resolve 3 remote code execution...
Blog

Understanding Mobile Payment Security

As the holiday shopping season kicks in, many are eager to secure early bird discounts and offers, preparing for the festive season. The convenience and speed of mobile devices has led to a growing number of individuals opting for mobile payments, whether conducted online or through contactless systems. The global mobile payment revenue is expected to reach $12.06 trillion by 2027 , and smartphone...
Blog

Ex-worker phished former employer to illegally hack network and steal data

Once again, companies are being warned to be wary of past employees who may turn rogue. 28-year-old Andrew Mahn, of Derry, New Hampshire, has pleaded guilty to charges that he illegally hacked the network of his former company, telecoms firm Motorola after he successfully tricked current staff into handing over their login credentials Mahn, who had previously worked for Motorola as an RF Network...
Blog

Holiday Shopping: Tips and Best Practices to Help you Stay Secure

As we approach the holiday season, in addition to our busy work schedules, we need to plan for family visits, develop menus for special meals, and do a little shopping while the deals are good! It’s a lot to keep track of. Just remember it’s when you are distracted that you tend to put your digital security most at risk. Cybercriminals don’t take holidays. In fact, cyberattacks surge during this...
Blog

Building Fortra as Your Cybersecurity Ally

At our recent Energy and NERC Compliance Working Group, we took some time to share more about Fortra, the cybersecurity company that Tripwire is a part of. In case you missed it, Fortra is a rebranding of HelpSystems, an already established and trusted company that has acquired a few valuable cybersecurity companies along the way. One such company, Tripwire, is already a familiar name in the...
Blog

QR Code Phishing –What Is It?

Phishing is a longstanding danger of the digital world that most people are aware of. Whether it happens via email, text message, social media, or any other means, phishing presents a risk to all users. In recent years, the growing popularity of QR codes for all manner of operations has created an environment ripe for cybercriminals to take advantage of. All of the dangers of other sorts of...
Blog

How Does NIST's AI Risk Management Framework Affect You?

While the EU AI Act is poised to introduce binding legal requirements, there's another noteworthy player making waves—the National Institute of Standards and Technology's (NIST) AI Risk Management Framework (AI RMF) , published in January 2023. This framework promises to reshape the future of responsible AI uniquely and voluntarily, setting it apart from traditional regulatory approaches. Let's...
Blog

Guarding the Grid: Navigating the Current and Future Landscape of Utility Cybersecurity

Tripwire recently held its annual Energy and NERC Compliance Working Group. This year's attendees included more than 200 Tripwire customer utility personnel representing over 80 different registered entities from all across the US and Canada. The company sizes ranged from public utility districts and city municipalities to medium and larger-sized investor-owned utilities, including many of the...
Blog

NIST NCCoE Publishes Cybersecurity Framework Profile for Hybrid Satellite Networks

In late September 2023, the US-based National Institute of Standards and Technology (NIST) published its Cybersecurity Framework Profile for Hybrid Satellite Networks, otherwise known as NIST IR 8441. This blog will explore the reasons behind NIST developing the framework, outline its intentions, and summarize its key points. What is a Hybrid Satellite Network? To understand IR 8441, we must first...
Blog

$9 million seized from "pig butchering" scammers who preyed on lonely hearts

US authorities have seized almost $9 million worth of cryptocurrency linked to a gang engaged in cryptocurrency investment fraud and romance scams. The US Department of Justice has announced that the seized funds are connected to cryptocurrency wallet addresses alleged to be associated with a " pig butchering " gang that has claimed over 70 victims around the world. "Pig butchering" is one of the...
Blog

The Cybersecurity Skills Gap: You’re Looking at the Wrong Gap

How many times have you heard “There is a skills gap in Cybersecurity!” If you go on social media, you’ll likely hear it at least once a day. The government is big on it, and organisations lament how difficult it is to find the ‘right talent’. But here’s some news for you... There is NO SKILLS GAP. Why there’s no gap I have written on this topic previously , but let me come at it from a different...
Blog

AI-Enabled Information Manipulation Poses Threat to EU Elections: ENISA Report

Amid growing concerns about the integrity of upcoming European elections in 2024, the 11th edition of the Threat Landscape report by the European Union Agency for Cybersecurity (ENISA) , released on October 19, 2023, reveals alarming findings about the rising threats posed by AI-enabled information manipulation. Key Insights The ENISA Threat Landscape report for 2023 paints a concerning picture of...
Blog

SMB Protocol Explained: Understanding its Security Risks and Best Practices

Server Message Block (SMB) protocol is a communication protocol that allows users to communicate with remote servers and computers, which they can open, share, edit files, and even share and utilize resources. With the expansion of telecommunications, this protocol has been a prime target for threat actors to gain unauthorized access to sensitive data and devices. In 2017, we introduced 5 general...