The National Cyber Security Centre (NCSC) revealed it had shut down more than 300,000 URLs that linked to investment scams in a four-month period. In a news bulletin published on August 14, NCSC warned users to be on the lookout for investment scams. Many of these ruses began with fake news articles...

Ships are increasingly using systems that rely on digitalization, integration, and automation, which call for cyber risk management on board. As technology continues to develop, the convergence of information technology (IT) and operational technology (OT) onboard ships and their connection to the Internet creates an increased attack surface that needs to be addressed.Challenges in Maritime...

Being a cybersecurity company in these turbulent times puts us at Tripwire, to some degree, on the front-line. Working with the largest organisations in government, finance and critical national infrastructure, we see good and bad every day. In a confusing hybrid war where APT groups launch attacks that could potentially turn out the lights, it is...

Not everything that tastes good is healthy, and not everything healthy tastes good. I think of exams as the latter. They are one way to test knowledge, and that attitude is a big part of how I survived getting certified. After taking all kinds of exams, one thing hasn't changed – I don't like them. I get anxious when faced with tests. I dislike the...

The MITRE ATT&CK Framework has gained a lot of popularity in the security industry over the past year. I have spent a lot of time researching the hundreds of techniques, writing content to support the techniques, and talking about the value to anyone who will listen.What is the MITRE ATT&CK Framework?For those who are not familiar, ATT&CK is the...

Thank you to everyone who joined us for our virtual charity event, Cyberthon 2020 on the 9th June. Given our company started out over 20 years ago as a piece of freeware pioneering many of the early approaches in intrusion detection, there has always been a strong seam of altruism running through Tripwire. This extends far beyond providing open...

The coming of widespread 5G technology promises more than just faster everything, enhanced capacity and greater reliability. Leading proponents of the wonders of 5G, such as the theoretical physicist and author Michio Kaku, paint a picture of a true technological “paradigm shift, a game-changer.” The self-described futurist invites us to imagine a...

Whilst there are many definitions out there, to me cyberbullying is any form of communication that is aimed at hurting or embarrassing a specific target. From my personal experience, it has been often used in an attempt by the bully to raise themselves above their target and/or discredit the target. Working within the cybersecurity field, I often...

Amazon Web Services (AWS) allow organizations to take advantage of numerous services and capabilities. As the number of available options under the cloud infrastructure of the company grows, so too do the security risks and the possible weaknesses. AWS Project owners need to take extra precautions by following some platform-specific advice. Amazon...

At the beginning of March 2020, Fifth Domain reported that Colorado-based aerospace, automotive and industrial parts manufacturer Visser Precision LLC had suffered a DoppelPaymer ransomware infection. Those behind this attack ultimately published information stolen from some of Visser’s customers. Those organizations included defense contractors...

As if Puerto Rico wasn't having a hard enough time as it attempts to recover from a recession, the damage caused by devastating hurricanes in recent years, and a damaging earthquake last month, it now finds itself being exploited by cybercriminals. According to media reports, the government of the US island territory has lost more than US $2.6...

In some ways, the cloud has made security management easier, as many cloud providers have taken the responsibilities traditionally associated with local server management out of your hands. But in other ways, the security management conversation has become more confusing for decision makers, as “cloud” is a very broadly defined term and could speak to...

I have wanted to do a series like this for some time. I frequently watch movies and point out social engineering and OSINT techniques or inaccuracies as well as OPSEC blunders. These blunders, in addition to the matrix style waterfall screens, are equally bad as the "hacking" you see in movies. So, let's level the playing field about the specific...

With data breaches regularly marking the headlines, it is no surprise that digital threats constitute an increasingly significant concern for the C-Suite and cyber security experts. What is surprising, however, is that these two groups don’t seem to share the same view of information security. They have different opinions when it comes to the digital...

Vulnerability Management is a much-talked-about practice in the IT security industry. Whether it is the debate on vulnerability scoring, how to implement a suitable vulnerability management program based on your own resources or even trying to convince leadership a vulnerability management solution alone won't solve all your cybersecurity issues,...

This Thursday, March 7, 2019, I’ll be facilitating a Learning Lab titled Fine Tuning Your Cyber-Defense Technologies with the ATT&CK Framework at the 2019 RSA Conference in San Francisco, CA. This will be my fourth time speaking at RSA, and this will be my second time facilitating a learning lab, which I'm happy about. I really enjoy the learning labs...

The 2018 Data Breach Investigations Report digs deep into data-driven findings about the state of global cybersecurity across a number of industries that include manufacturing, healthcare, financial and public administration. Verizon’s 11th annual report revealed the trends behind 53,000 cybersecurity incidents and 2,216 confirmed data breaches. As...

The U.S. Department of Defense (DoD) and HackerOne together announced the creation of a new bug bounty program called "Hack the Marine Corps." On 12 August, DoD kicked off its new vulnerability disclosure initiative at DEF CON 26 in Las Vegas, Nevada with a live hacking session. For the launch event,...

A software vulnerability is suspected of being to blame for a hack through which criminals transfer more than 300 million pesos (over US $15 million) out of Mexican banks. Officials from Mexico's central bank confirmed to Reuters that a series of "irregular" and unauthorised interbank money transfers involving large sums of money were detected late...