Tripwire recently conducted a series of surveys and interviews to understand IT professionals who manage security for their company. The cybersecurity landscape is constantly changing, new challenges are rapidly emerging, and new threats have surfaced, especially throughout the pandemic. We were curious to know some of the struggles that security...

The Australian government is looking to pass the Security Legislation Amendment (Critical Infrastructure) Bill 2020, an overhaul which is aimed to help Australian businesses fend off cyberattacks. The Bill expands the business sectors that were previously defined as critical infrastructure by adding, amongst others, Food and Grocery, Finance and...

Users who do not have the appropriate security awareness training are considered a weak link in the security of an enterprise. These untrained users are easier to exploit than finding a flaw or vulnerability in the equipment that an enterprise uses to secure its network. Attackers could convince unsuspecting users to unintentionally provide access...

Take a glance on social media on any given day, and we'll hear from commentators stating how there is a (cyber) skills gap and that it must be addressed if we are to meet the challenges we are all increasingly facing. Let's be clear about something before we continue. If we are saying that there is a skills gap, then there are organizations out...

According to Germany's Federal Office for Information Security (BSI), the country faces a grave and growing threat as society becomes more digitally connected and criminals more sophisticated. The BSI said threat levels have reached red alarm levels. Threat level increased BSI published their annual report “The State of IT Security in Germany in...

In this episode, Lisa Forte, partner at Red Goat Cybersecurity, discusses what happens when organizations go unprepared for an inevitable cyber breach. She explains how practicing your breach plan is the best line of defense in preparing your strategy. https://open.spotify.com/episode/2JUS5UGeDwa1fIe5dzeYyl?si=hTjjNB7NTQGGgTmW0q5ZwQ Spotify:...

In 2020, just under half the UK workforce worked from home at least some of the time, according to the Office of National Statistics. In the United States, a survey by Upwork found that over a quarter of professionals expect to work fully remotely within the next five years. Working from home has been propelled into the mainstream by the COVID-19...

Because it encompasses the lazy days of summer, Q3 is often a slower roll in the world of privacy — and July and August did not disappoint. Those of us following the privacy space got a much-needed break. However, as August wrapped up, Washington resumed its busy state of affairs, Europe returned to business as usual, and it quickly became clear...

Finland's National Cyber Security Centre (NCSC-FI) has issued a warning about malicious SMS messages that have been spammed out to mobile users, directing iPhone owners to phishing sites and Android users to download malware. The messages are written in Finnish but without the customary accented characters. In some instances, the messages pose as a...

Networks form a critical core for our modern-day society and businesses. People, processes, and technologies should be in place for monitoring, detecting, logging, and preventing malicious activities that occur when an enterprise experiences an attack within or against their networks. Key Takeaways for Control 13 Enterprises should understand that...

Tripwire's November 2021 Patch Priority Index (PPI) brings together important vulnerabilities for open-source software components and Microsoft. First on the patch priority list this month are patches for Open Management Infrastructure (CVE-2021-38648, CVE-2021-38647), Eclipse Jetty (CVE-2021-28164), and ExifTool (CVE-2021-22204). Exploits for...

Tuesday, November 30th, is National Computer Security Day. Although this special day has been around since 1988, many people are not only unaware of it, but are still also unaware of some of the basic security required for protecting their computing devices. The rise of remote work has stretched the security perimeters of all corporations, and...

In this blog series, I will be putting the spotlight on useful Ghidra features you may have missed. Each post will look at a different feature and show how it helps you save time and be more effective in your reverse engineering workflows. Ghidra is an incredibly powerful tool, but much of this power comes from knowing how to use it effectively. ...

In a recent Tripwire survey, over 300 respondents from both private and public sectors said that implementing Zero Trust Architecture (ZTA) could materially improve cybersecurity outcomes. This result seems like a positive outcome since we don’t often get such a unanimously high confidence level in a specific security approach from survey data. No...

Security researchers are warning biomanufacturing facilities around the world that they are being targeted by a sophisticated new strain of malware, known as Tardigrade. The warning comes from the non-profit Bioeconomy Information Sharing and Analysis Center (BIO-ISAC) which revealed that at least two large facilities working on manufacturing bio...

Networks form a critical core for our modern-day society and businesses. These networks are comprised of many types of components that make up the networks’ infrastructure. Network infrastructure devices can be physical or virtual and include things such as routers, switches, firewalls, and wireless access points. Unfortunately, many devices are...

We’re getting into the end-of-year holiday season. In addition to our busy end-of-year business schedule, we need to plan for family visits, develop menus for special meals, and possibly do a little shopping while the deals are good. It’s a lot to keep track of. Just remember it’s when you are distracted that you tend to put your digital security...

When the Biden Administration released its Cybersecurity Executive Order in May 2021, it was clear that Zero Trust would be a central component of the government’s security approach moving forward. Agencies and their partners scrambled to assess their existing Zero Trust investments and the gaps that would need to be filled in order to quickly ramp...

Word splitting is a function of BASH that I was unfamiliar with, but it is definitely one that impacted my recent research. From the bash(1) man page: IFS The Internal Field Separator that is used for word splitting after expansion and to split lines into words with the read builtin command. The default value is <space><tab>&lt...

Currently, ransomware is the most prominent cyber threat to businesses and individuals. Ransomware attacks are growing more prevalent as cybercriminals find new ways to profit from them. According to CyberEdge's 2021 Cyberthreat Defense Report, 62% of organizations were victimized by ransomware in 2019—up from 56% in 2018 and 55% in 2017. This rise...