Blog
Enhancing Endpoint Security with Advanced Host-Based Intrusion Detection Capabilities
By Tripwire Guest Authors on Tue, 04/23/2024
In 2023, companies lost about $4.45 million on average because of data breaches. As cyber threats advance, securing endpoints is more important than ever. An advanced Host-based Intrusion Detection System (HIDS) provides a sturdy remedy to improve endpoint security. By monitoring and examining system responses and device status, HIDS identifies and...
Blog
Exploring Cybersecurity Risks in Telemedicine: A New Healthcare Paradigm
By Tripwire Guest Authors on Mon, 04/22/2024
The experience of seeing a doctor has transformed dramatically, thanks in part to the emergence of telemedicine. This digital evolution promises convenience and accessibility but brings with it a host of cybersecurity risks that were unimaginable up until a few years ago.
The unique cybersecurity challenges facing telemedicine today underscore the...
Blog
37 Arrested as Police Smash LabHost International Fraud Network
By Graham Cluley on Thu, 04/18/2024
Police have successfully infiltrated and disrupted the fraud platform "LabHost", used by more than 2,000 criminals to defraud victims worldwide.
A major international operation, led by the UK's Metropolitan Police, has seized control of LabHost, which has been helping cybercriminals create phishing websites since 2021 to steal sensitive information...
Blog
Supply Chain Cybersecurity – the importance of everyone
By Gary Hibberd on Thu, 04/18/2024
I’m always surprised – and a little disappointed – at how far we have to go before supply chain cybersecurity gets the respect and attention it deserves.
I sat down this week with a new client who wanted some help addressing several internal issues surrounding their IT systems. When I asked them about their relationship with the supplier –...
Blog
Navigating AI and Cybersecurity: Insights from the World Economic Forum (WEF)
By Josh Breaker-Rolfe on Wed, 04/17/2024
Cybersecurity has always been a complex field. Its adversarial nature means the margins between failure and success are much finer than in other sectors. As technology evolves, those margins get even finer, with attackers and defenders scrambling to exploit them and gain a competitive edge. This is especially true for AI.
In February, the World...
Blog
SCM and NERC: What You Need to Know
By Michael Betti on Tue, 04/16/2024
Security configurations are an often ignored but essential factor in any organization’s security posture: any tool, program, or solution can be vulnerable to cyberattacks or other security incidents if the settings are not configured correctly.
Staying on top of all of these security configurations can be a daunting responsibility for security or...
Blog
Casting a Cybersecurity Net to Secure Generative AI in Manufacturing
By Emily Newton on Tue, 04/16/2024
Generative AI has exploded in popularity across many industries. While this technology has many benefits, it also raises some unique cybersecurity concerns. Securing AI must be a top priority for organizations as they rush to implement these tools.
The use of generative AI in manufacturing poses particular challenges. Over one-third of...
Blog
ITRC's 2023 Data Breach Report Is a Mixed Bag
By Josh Breaker-Rolfe on Mon, 04/15/2024
In the first quarter of every year, organizations around the world release reports summing up data breach trends from the previous twelve months. And every year, these reports say broadly the same thing: data breach numbers have gone up again. This year is no different. Or is it?
Compromises Up, Victims Down
However, the Identity Theft Resource...
Blog
DragonForce Ransomware - What You Need To Know
By Graham Cluley on Thu, 04/11/2024
What's going on?
A relatively new strain of ransomware called DragonForce has making the headlines after a series of high-profile attacks.
Like many other ransomware groups, DragonForce attempts to extort money from its victims in two ways - locking companies out of their computers and data through encryption, and exfiltrating data from compromised systems with the threat of releasing it to...
Blog
Life in Cybersecurity: From Nursing to Threat Analyst
By Joe Pettit on Wed, 04/10/2024
As digital threats increase, we see more professionals transition into cybersecurity. Some come from previous technical roles, and some do not.
However, because cybersecurity is primarily a problem-solving industry, those who switch from other high-pressure, high-performance positions are often best prepared for the job. Take Gina D’Addamio, for...
Blog
Embracing Two-Factor Authentication for Enhanced Account Protection
By Fortra Staff on Wed, 04/10/2024
Let’s start the second quarter of the year with boosting our security posture by adopting two-factor authentication methods on our accounts to make them more secure. Two-factor authentication (2FA) is an identity and access management security method that requires two forms of identification to access resources and data. The first factor you provide...
Blog
Gone Phishing 2023: Here Are the Results!
By PJ Bradley on Mon, 04/08/2024
Phishing is one of the most pertinent cybersecurity dangers for organizations to be concerned about in today’s digital landscape. Threat trends come and go, but phishing is a tried-and-true method that cybercriminals can adjust and adapt to all different manners of communication and evolving technology.
Fortra’s Gone Phishing Tournament (GPT) is a...
Blog
AI/ML Digital Everest: Dodging System Failure Summit Fever
By Sandy Dunn on Mon, 04/08/2024
Summit Fever Syndrome, a cause of many extreme altitude climbers' deaths, is due to a lack of oxygen and mission blindness, which leads to impaired judgment where climbers take needless risks, disregard safety precautions, and make deadly errors.
Deploying AI/ML models is like climbing Mount Everest. Both climbers and AI projects chase their peaks...
Blog
Exploring Advanced Tripwire Enterprise Capabilities
By John Salmi on Fri, 04/05/2024
In today's digital landscape, it is important for organizations to depend upon the tools they use for cybersecurity. Large businesses can employ many security solutions, practices, and policies that must combine to create a robust and layered security strategy. While many of these tools are important and necessary, organizations often don't use them...
Blog
Google Patches Pixel Phone Zero-days After Exploitation by "Forensic Companies"
By Graham Cluley on Thu, 04/04/2024
Google has issued a security advisory to owners of its Android Pixel smartphones, warning that it has discovered someone has been targeting some devices to bypass their built-in security.
What makes the reported attacks particularly interesting is that traditional cybercriminals may not be behind them, but rather "forensic companies" exploiting two...
Blog
Security vs. Compliance: What's the Difference?
By Anthony Israel-Davis on Thu, 04/04/2024
Security and compliance – a phrase often uttered in the same breath as if they are two sides of the same coin, two members of the same team, or two great tastes that go great together.
As much as I would like to see auditors, developers, and security analysts living in harmony like a delicious Reese’s cup, a recent gap analysis that I was part of...
Blog
Exploring Access Control Models: Building Secure Systems in Cybersecurity
By Dilki Rathnayake on Wed, 04/03/2024
In any organization, unrestricted access to systems and resources poses significant security risks. Recent cybersecurity events have shown that attackers will target any organization of any size. The most common attack vector is through unauthorized access to a legitimate account, often preceded by a phishing technique.
To protect against...
Blog
Oops, Malware! Now What? Dealing with Accidental Malware Execution
By Dilki Rathnayake on Tue, 04/02/2024
On an ordinary day, you're casually surfing the web and downloading some PDF files. The document icons seem pretty legitimate, so you click without a second thought. But, to your surprise, nothing happens. A closer look reveals that what you believed to be a harmless PDF was, in fact, an executable file. Panic sets in as your settings lock up, and...
Blog
What’s New in NIST’s Cybersecurity Framework 2.0?
By PJ Bradley on Tue, 04/02/2024
The National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) was published in 2014 for the purpose of providing cybersecurity guidance for organizations in critical infrastructure. In the intervening years, much has changed about the threat landscape, the kinds of technology that organizations use, and the ways that...