Currently, ransomware is the most prominent cyber threat to businesses and individuals. Ransomware attacks are growing more prevalent as cybercriminals find new ways to profit from them. According to CyberEdge's 2021 Cyberthreat Defense Report, 62% of organizations were victimized by ransomware in 2019—up from 56% in 2018 and 55% in 2017. This rise...

The COVID-19 pandemic changed many aspects of how businesses operate, remote work being one of the most significant. At the outbreak’s peak, 71% of American workers telecommuted at least part-time, 62% of whom rarely worked remotely before. This shift has impacted many industries, but the legal sector faces more disruption than most. Legal work...

In this episode, Tripwire's Senior UX Researcher, Martina Dove, uses her psychology research to explain to us how the brain operates when presented with a cyberscam. She also discusses her model for identifying fraud susceptibility and what we can do to prevent falling for these scams. https://open.spotify.com/episode/42XYgovmDPlVKsbNukQE4z ...

Cyber insurance has great potentials in improving cybersecurity practices and protecting organizations against the impact of security incidents, but these potentials “have yet to fully materialize.” This is the key highlight of a recent report developed by the Royal United Services Institute for Defence and Security Studies (RUSI) and the University...

Today’s cyber threat landscape is extremely challenging. Ransom this, ransom that, ransom everywhere – information technology (IT) professionals must work to protect organizations against the next big ransomware attack. Over the years, the sophistication of ransomware attacks has increased as well as the amount of money demanded and paid out in...

Today’s VERT Alert addresses Microsoft’s November 2021 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-972 on Wednesday, November 10th. In-The-Wild & Disclosed CVEs CVE-2021-42292 Up first this month, we have a 0-day in Microsoft Excel that allows an attacker to bypass security features....

As the world increasingly moves to a digital format, cybersecurity is becoming more important than ever. It’s especially significant since, according to a recent survey by Sophos, 51% of businesses in America experienced a ransomware attack in 2020. That’s a staggering number of security vulnerabilities that truly shouldn’t exist in the modern day...

Tripwire's October 2021 Patch Priority Index (PPI) brings together important vulnerabilities from Squid, Microsoft, and Adobe.First on the patch priority list this month are patches for Squid (CVE-2021-31807, CVE-2021-31806). Exploits for these vulnerabilities have been recently added to the Metasploit Exploit Framework. These systems should be...

Last time, I discussed the four basic types of managed service providers (MSPs) with which organizations commonly partner. Those categories help to determine the types of services offered by MSPs. In general, MSPs provide five primary services to customers. Regulatory Policy Compliance The privacy regulatory landscape is constantly expanding....

What is it like to not only be a CISO but to also be one in a large, global organization? I recently had the pleasure of speaking with Mark Ruchie, CISO of Entrust, a global tech firm securing data, payments and identities. Mark shared his unique journey into cybersecurity, and he went on to offer excellent advice about how companies of any size can...

The FBI has warned that over 30 US-based companies had been hit by the Ranzy Locker ransomware by July this year, in a flash alert to other organisations who may be at risk. According to the alert, issued with the Cybersecurity and Infrastructure Security Agency (CISA), most of the victims were compromised after brute force credential attacks...

The coronavirus pandemic has accelerated the massive increase in using cloud computing services. As the world progresses through its online evolution, cloud computing services have become more of a necessity. However, along with businesses, cybercriminals have also seen this virtualization as a means of snagging more prey. The rapid increase in...

In the episode, Tripwire's Maurice Uenuma discusses the role of integrity when it comes to zero trust architecture. With results from our latest research survey on The White House's Executive Order and zero trust, he and Tim make the case that zero trust cannot be maintained without proper Integrity controls at its foundation. https://open.spotify...

When we think about cyberattacks and malicious hackers, we often think in terms of our own personal lives and our own organizations. In my experience in cybersecurity, I often hear people say “Why would hackers target me? We are too small” or “I’ve never been affected by a cyberattack, so it’s not really something I’m interested in.” The reality is...

I’ve been working at Tripwire for over two decades, and I’ve acquired a fair bit of swag over those years: branded jackets, hats, shoes, a watch, and of course a drawer full of t-shirts. One thing I never would have predicted owning was a Tripwire-branded face mask to protect me from a global pandemic. Over the past year, I’ve worn that face mask...

Previously, we reviewed The Ghidra Book: The Definitive Guide because several of us were working with Ghidra, and it was a topic that made sense. Similarly, we spend a lot of time thinking and talking about Internet of Things (IoT) Security. Whether it is Craig Young winning the first-ever SOHOpelessly Broken contest at DEF CON or the team running...

Google has released a report taking a close look at the more than 80 million ransomware samples uploaded to its VirusTotal service in the last year and a half. Each day, approximately 150,000 ransomware samples were analysed by the free VirusTotal service after being submitted by suspicious computer users, and shared with the security community to...

Today’s VERT Alert addresses Microsoft’s October 2021 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-968 on Wednesday, October 13th. In-The-Wild & Disclosed CVEs CVE-2021-40449 Up first this month, we have an elevation of privilege in Win32k that has been exploited in-the-wild via...

Tripwire's September 2021 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Adobe, Linux, and Confluence.First on the patch priority list this month are patches for the Linux kernel (CVE-2021-3490) and Confluence Server and Data Center (CVE-2021-26084). Exploits for these vulnerabilities have been recently added to...