Blog

Blog

Phishing Trends Examined by the SANS Institute

Earlier this year, the SANS Institute published a blog exploring emerging phishing trends. This kind of research is an invaluable resource for all individuals and organizations looking to identify and rebuff phishing attacks. In this article, we'll cover some of the key findings from that report. Changing Platforms Traditionally, phishing attacks relied on email as a primary communication channel...
Blog

Change Variance: How Tiny Differences Can Impact Your IT World

In the vast and ever-evolving universe of information technology, there's one constant: change (that and cliches about constants!). Servers, systems, and software – they all get updated and modified. But, have you ever stopped to consider how even tiny differences between these digital entities can sometimes lead to unexpected challenges? In the world of Tripwire, we like to call this phenomenon...
Blog

The Six Pillars of Cybersecurity

Winter is coming In the ever-evolving landscape of cloud computing, ensuring robust security measures has never been more important. In the new ISO 27001:2022 standard, there is a new requirement for organisations to establish control of their Cloud services, which includes every flavor of cloud from Software as a Service (SaaS) to Platform as a Service (PaaS). Amazon Web Services (AWS) is a...
Blog

Secure Access Control in 2024: 6 Trends to Watch Out For

What Is Secure Access Control? Secure access control, part of the broader field of user management , is a key concept in the realm of information security, particularly in the business environment. It refers to the process of selectively restricting and allowing access to a place or resource. In the context of information technology, it is a vital element of data protection, dictating who or what...
Blog

Financial Institutions in New York Face Stricter Cybersecurity Rules

Boards of directors need to maintain an appropriate level of cyber expertise, incidents must be reported within 72 hours after determination, and all ransom payments made must be reported within a day. Those are just some of the changes made by The New York State Department of Financial Services to its Cybersecurity Requirements for Financial Services (23 NYCRR 500) , effective November 1, 2023...
Blog

How Does IoT Contribute to Real-Time Grid Monitoring for Enhanced Stability and Fault Detection?

More decision-makers are investing in grid modernization efforts, knowing that doing so is necessary for keeping pace with modern demands. For example, smart grid fault-detection sensors could warn utility company providers of problems in real time, preventing costly and inconvenient outages. Technologies like the Internet of Things (IoT) can also improve stability. An IoT grid-monitoring approach...
Blog

Cloud Watching Report: Key Takeaways

The capabilities of cloud computing have changed the digital landscape significantly, and the popularity of cloud solutions only continues to increase. According to Gartner , the market for public cloud services is expected to surpass 700 billion USD by the end of 2024. The growth of cloud technologies presents a wealth of new opportunities for IT teams but also brings a host of security...
Blog

A Simplified Overview of the MITRE ATT&CK Framework

In the world of cybersecurity, have you ever wondered about the inner workings of threat actors as they attempt to breach systems, their methods, tactics, and strategies, and how they seamlessly converge to execute a successful attack? It's not merely about initiating an attack but also the strategies they utilize to remain concealed within the system, allowing them to persistently operate and...
Blog

CherryBlos, the malware that steals cryptocurrency via your photos - what you need to know

What's the deal with CherryBlos? CherryBlos is a rather interesting family of Android malware that can plunder your cryptocurrency accounts - with a little help from your photos. Wait. I've heard of hackers stealing photos before, but what do you mean by malware stealing cryptocurrency via my photos? How does it do that? Well, imagine you have sensitive information - such as details related to...
Blog

Some Financial Institutions Must Report Breaches in 30 Days

The heat has just been turned up for companies hoping to “hide out” a data breach. Announced October 27th, all non-banking financial institutions are now required to report data breach incidents within 30 days. The amendment to the Safeguards Rule was made by the U.S. Federal Trade Commission (FTC). It will go into effect 180 days after publication of the law in the Federal Register, or around...
Blog

Key Highlights from the 2023 UK Cyber Crime Landscape

It’s 2023, and the landscape of cybercrime in the United Kingdom is evolving unprecedentedly. This year's cyber threat landscape is shaped by many factors, from the continuing effects of the global pandemic to the ever-expanding digital footprint of individuals and organizations. In this article, we delve into the key cybercrime statistics for 2023, providing you with valuable insights into the...
Blog

Google introduces real-time scanning on Android devices to fight malicious apps

It doesn't matter if you have a smartphone, a tablet, a laptop, or a desktop computer. Whatever your computing device of choice, you don't want it impacted by malware. And although many of us are familiar with the concept of protecting our PCs and laptops with security software that aims to identify attacks in real-time, it's not a defence that is as widely adopted on mobile devices. However, the...
Blog

Looking Ahead: Highlights from ENISA's Foresight 2030 Report

One of the most important factors in the technology and cybersecurity industries is the inevitable presence of constant change. Technology, business, and industry are always evolving, while cybercriminals are always searching for new and innovative ways to attack. While there is no surefire way to account for future developments, some professionals have dedicated time and expertise to predicting...
Blog

What is Classiscam Scam-as-a-Service?

"The 'Classiscam' scam-as-a-service operation has broadened its reach worldwide, targeting many more brands, countries, and industries, causing more significant financial damage than before,” touts Bleeping Computer . So just what is it? What is Classiscam? It’s a bird. It’s a plane. It’s - a pyramid? Classiscam is an enterprising criminal operation that uses a division of labor to organize low...
Blog

What We Learned From "The Cyber-Resilient CEO" Report

In today's digital landscape, cybersecurity is not just a technical concern; it's a strategic imperative. As we delve into the insights from a recent report from Accenture titled " The Cyber-Resilient CEO ," we'll uncover CEOs' critical role in safeguarding their organizations against cyber threats. Discover how a select group of leaders navigates the complex terrain of cyber vulnerabilities...
Blog

Tripwire Patch Priority Index for October 2023

Tripwire's October 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the patch priority is a patch for Microsoft Edge (Chromium-based) that resolves a type confusion vulnerability. Next on the patch priority list this month are patches for Microsoft Office that resolve 3 elevation of privilege vulnerabilities. Next are patches that affect components...
Blog

Simple Reminders to Conclude Cybersecurity Awareness Month

2023 marked the 20th Cybersecurity Awareness Month which was founded as a collaboration between government and the private industry to raise awareness about digital security and empower everyone to protect their personal data from digital forms of crime. While most of the cybersecurity news articles are about massive data breaches and cybercriminals, it can seem overwhelming, making it feel like...
Blog

Massive Surge in Security Breaches of Pensions Prompt Questions

A recent report from RPC has revealed that cybersecurity breaches in UK pension schemes increased by 4,000% from 2021/22 to 2022/23. Understandably, the announcement has raised serious concerns about the efficacy of financial service organization’s cybersecurity programmes. Although the reasons for cyberattacks on financial services are fairly obvious – potential financial gains, troves of...
Blog

A Scary Story of Group Policy Gone Wrong: Accidental Misconfigurations

In the world of cybersecurity, insider threats remain a potent and often underestimated danger. These threats can emanate not only from malicious actors within an organization but also from well-intentioned employees who inadvertently compromise security with a mis-click or other unwitting action. Having spent many years in system administrator-type roles, I'm actually surprised at how easy it...
Blog

Phony Corsair job vacancy targets LinkedIn users with DarkGate malware

Job hunters should be on their guard. Researchers at security firm WithSecure have described how fake job opportunities are being posted on LinkedIn with the intent of spreading malware. A Vietnamese cybercrime gang is being blamed for a malware campaign that has seen bogus adverts posted on LinkedIn, pretending to be related to jobs at computer memory and gaming accessories firm Corsair. The...