Blog

Blog

Looking Ahead: Highlights from ENISA's Foresight 2030 Report

One of the most important factors in the technology and cybersecurity industries is the inevitable presence of constant change. Technology, business, and industry are always evolving, while cybercriminals are always searching for new and innovative ways to attack. While there is no surefire way to account for future developments, some professionals have dedicated time and expertise to predicting...
Blog

What is Classiscam Scam-as-a-Service?

"The 'Classiscam' scam-as-a-service operation has broadened its reach worldwide, targeting many more brands, countries, and industries, causing more significant financial damage than before,” touts Bleeping Computer . So just what is it? What is Classiscam? It’s a bird. It’s a plane. It’s - a pyramid? Classiscam is an enterprising criminal operation that uses a division of labor to organize low...
Blog

What We Learned From "The Cyber-Resilient CEO" Report

In today's digital landscape, cybersecurity is not just a technical concern; it's a strategic imperative. As we delve into the insights from a recent report from Accenture titled " The Cyber-Resilient CEO ," we'll uncover CEOs' critical role in safeguarding their organizations against cyber threats. Discover how a select group of leaders navigates the complex terrain of cyber vulnerabilities...
Blog

Tripwire Patch Priority Index for October 2023

Tripwire's October 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the patch priority is a patch for Microsoft Edge (Chromium-based) that resolves a type confusion vulnerability. Next on the patch priority list this month are patches for Microsoft Office that resolve 3 elevation of privilege vulnerabilities. Next are patches that affect components...
Blog

Simple Reminders to Conclude Cybersecurity Awareness Month

2023 marked the 20th Cybersecurity Awareness Month which was founded as a collaboration between government and the private industry to raise awareness about digital security and empower everyone to protect their personal data from digital forms of crime. While most of the cybersecurity news articles are about massive data breaches and cybercriminals, it can seem overwhelming, making it feel like...
Blog

Massive Surge in Security Breaches of Pensions Prompt Questions

A recent report from RPC has revealed that cybersecurity breaches in UK pension schemes increased by 4,000% from 2021/22 to 2022/23. Understandably, the announcement has raised serious concerns about the efficacy of financial service organization’s cybersecurity programmes. Although the reasons for cyberattacks on financial services are fairly obvious – potential financial gains, troves of...
Blog

Container Security Essentials: Vulnerability Scanning and Change Detection Explained

Containers offer a streamlined application deployment and management approach. Thanks to their efficiency and portability, platforms like Docker and Kubernetes have become household names in the tech industry. However, a misconception lurks in the shadows as containers gain popularity - the belief that active vulnerability scanning becomes redundant once containers are implemented. This blog will...
Blog

6 Common Phishing Attacks and How to Protect Against Them

Phishing is still as large a concern as ever. “If it ain’t broke, don’t fix it,” seems to hold in this tried-and-true attack method. The Verizon 2023 Data Breach Report states that phishing accounted for 44% of social engineering incidents overall, up 3% from last year despite stiff competition from pretexting attacks. In the wake of more “malicious” threats (APTs, recompiled malware code...
Blog

A Scary Story of Group Policy Gone Wrong: Accidental Misconfigurations

In the world of cybersecurity, insider threats remain a potent and often underestimated danger. These threats can emanate not only from malicious actors within an organization but also from well-intentioned employees who inadvertently compromise security with a mis-click or other unwitting action. Having spent many years in system administrator-type roles, I'm actually surprised at how easy it...
Blog

Phony Corsair job vacancy targets LinkedIn users with DarkGate malware

Job hunters should be on their guard. Researchers at security firm WithSecure have described how fake job opportunities are being posted on LinkedIn with the intent of spreading malware. A Vietnamese cybercrime gang is being blamed for a malware campaign that has seen bogus adverts posted on LinkedIn, pretending to be related to jobs at computer memory and gaming accessories firm Corsair. The...
Blog

What you should know about VPN audits

The main reasons internet users choose to use a virtual private network (VPN) are to protect their online identity and bypass geo-restrictions. Cybercrime is on the rise and is expected to grow each year – the largest breach of 2023 so far occurred on Twitter . For those who reside in countries where internet freedom is lacking, a VPN is necessary to access certain content, and privacy is crucial...
Blog

Security in the Property Industry: Challenges and How to Avoid Attacks

In recent years, there has been a major ongoing trend toward more digital infrastructure and an increased dependence on technology across a wide variety of sectors. In the property industry, this has manifested heavily in the growth of the property technology (PropTech) market. These developments have had a serious impact on the sector, enabling advances that both improve existing processes and...
Blog

The growth of APIs attracts Cybercrime: How to prepare against cyber attacks

Application Programming Interfaces (APIs) have profoundly transformed the internet's fabric. In the pre-API era, digital interactions were limited by siloed systems functioning in isolation. APIs dismantled these barriers by introducing a universal language that diverse applications could comprehend. This linguistic bridge facilitated an unprecedented level of interconnectivity between software...
Blog

5 Tripwire Enterprise Misconfigurations to Avoid

Configuration management is vitally important as part of a sound cybersecurity strategy. We have previously published how patching alone is not enough, as that does not alter a system’s customized configuration. Misconfigurations can be as damaging to security as a deliberate attack on a system. As the manufacturer of Tripwire Enterprise (TE) , we thought that it would be prudent to help our...
Blog

Cyber Insurance Report: Breach Frequency Down, Breach Severity Up

The past half-decade has been a particularly tumultuous one for cybersecurity. It has borne witness to some of the most damaging attacks in history, unprecedentedly high data breach rates, and a staggering number of emerging threat groups. However, a new report from cyber insurance provider Coalition suggests that things are beginning to stabilize. The report , which features data from Coalition’s...
Blog

Blockchain Security: Understanding vulnerabilities and mitigating risks

In recent years, blockchain technology has garnered significant attention thanks to its remarkable tamper-proof features and robust security. It is also expected that the blockchain technology market will exceed 1.2 billion US dollars by 2030, with an annual growth rate of 82.8 percent. However, recent headlines have exposed numerous vulnerabilities and cyberattacks targeting blockchain technology...
Blog

Ex-Navy IT manager jailed for selling people's data on the dark web

A former US Navy IT manager has been sentenced to five years and five months in prison after illegally hacking a database containing personally identifiable information (PII) and selling it on the dark web. 32-year-old Marquis Cooper, of Selma, California, was a chief petty officer in the US Navy's Seventh Fleet when he opened an account in August 2018 with a company that maintains a PII database...
Blog

What We Learned from the 2023 Annual Cybersecurity Attitudes and Behaviors Report

In the brisk air of early autumn, optimism fills our hearts as we celebrate the 20th anniversary of Cybersecurity Awareness Month, an annual event dedicated to fostering a deeper understanding of cybersecurity and inspiring behavior change. Two decades ago, the prevailing belief among security professionals was that raising awareness alone could lead to secure online behaviors. But in 2023, we've...
Blog

Plastic surgeries warned by the FBI that they are being targeted by cybercriminals

Plastic surgeries across the United States have been issued a warning that they are being targeted by cybercriminals in plots designed to steal sensitive data including patients' medical records and photographs that will be later used for extortion. The warning , which was issued by the FBI yesterday and is directed towards plastic surgery offices and patients, advises that extortionists have been...
Blog

The Peril of Child Identity Theft and How to Mitigate It

We often hear of how we need to protect ourselves from online scams. Criminals seek our personal information in order to use it for multiple nefarious purposes. However, there is a population who, while not having a broad online presence, are equally vulnerable to identity theft. Children are particularly vulnerable to identity theft, as they often have clean credit histories and their personal...