Common Criteria for Information Technology Security Evaluation (CC) is an international agreement that provides a set of standards, testing processes, and documentation standards that is widely recognized as the leading standard for defined software security standards. The Canadian Centre for Cyber Security performs evaluations on common IT products...

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of September 5th, 2022. I’ve also included some comments on these stories. Critical RCE Vulnerability Affects Zyxel NAS...

Data classification can feel like an overwhelming task, especially for organizations without a strong practice in place. As with any security approach, data classification is both crucial and tempting to avoid. Regardless of whether the value is recognized, there’s a chance that it gets pushed further and further down the priority list in favor of...

With business and technology becoming increasingly intertwined, organizations are being forced to rethink how they look at digital security. Once overlooked or viewed as a mere afterthought, today it has become a business-critical necessity. As a result, organizations across industry lines are racing to improve their security postures. Chief...

A ransomware gang that has been increasingly disproportionately targeting the education sector is the subject of a joint warning issued by the FBI, CISA, and MS-ISAC. The Vice Society ransomware group has been breaking into schools and colleges, exfiltrating sensitive data, and demanding ransom payments. The threat? If the extortionists aren't paid...

It is hard to believe, but ransomware is more than three decades old. While many would think that the ransomware mayhem started with the WannaCry attack of 2017, that is simply the most publicized example. Since then, dozens of ransomware strains have been utilized in a variety of cyberattacks. According to a PhishLabs report, by Fortra,...

The world is becoming a smaller place. The prospect of working in another country becomes increasingly realistic and even promising as businesses migrate toward the cloud and collaborate more closely with international partners. Amid this shift, cybersecurity professionals may wonder if they can work abroad. Cybersecurity is a worldwide concern,...

What are the most important areas for a CISO to focus on? When speaking to Aman Sood, it becomes clear that the job of a CISO encompasses every aspect of a business. Aman is the Head of Cyber Security with Jimdo, a website building platform that helps small businesses start, grow, and ultimately thrive online. Aman is also the Cyber Security...

File integrity monitoring (FIM) started back in 1997 when Gene Kim launched Tripwire and its “Change Audit” solution. Just a few years later, Change Audit became FIM; this rebranded tool worked with the 12 security controls identified in Visa’s Cardholder Information Security Program (CISP). CISP became PCI DSS 1.0, and things continued to evolve...

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of August 29th, 2022. I’ve also included some comments on these stories. WordPress 6.0.2 Patches Vulnerability That Could...

The biggest cyber security threat that businesses have to tackle is much closer than you’d think. Verizon’s 2022 Data Breach Investigations report – found human error to be a key driver in 82% of breaches, which is why it is crucial for businesses to address cyber security awareness in the workplace and ensure that employees are equipped with the...

Amid a wave of hacks that have cost investors billions of dollars worth of cryptocurrency, the FBI is calling on decentralised finance (DeFi) platforms to improve their security. In a warning posted on its website, the FBI said that cybercriminals are increasingly targeting DeFi platforms to steal cryptocurrency, often exploiting vulnerabilities in...

The increasing popularity of online payment systems results from the world’s gradual transition to a cashless and contactless digital economy — an economy, projected in a recent Huawei white paper, to be worth $23 trillion by 2025. With digital commerce emerging as the largest segment in the projected $8.49 trillion global digital payments market in...

CI/CD is a recommended technique for DevOps teams and a best practice in agile methodology. CI/CD is a method for consistently delivering apps to clients by automating the app development phases. Continuous integration, continuous delivery, and continuous deployment are the key concepts. CI/CD adds continuous automation and monitoring throughout...

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of August 22nd, 2022, including some commentary of mine. VMware fixed a privilege escalation issue in VMware Tools VMware...

The volume and impact of data breaches have accelerated largely in 2022, which has contributed to many adverse effects for businesses. Tc highlights several updated factors that have generated great costs across 17 countries and regions, and 17 industries. The report has included new related areas of analysis such as: Extended Detection and...

Most of us already know the basic principle of authentication, which, in its simplest form, helps us to identify and verify a user, process, or account. In an Active Directory environment, this is commonly done through the use of an NTLM hash. When a user wants to access a network resource, such as a file share, their password is hashed and sent...

LastPass, the popular password manager used by millions of people around the world, has announced that it suffered a security breach two weeks ago that saw attackers break into its systems and steal information. But don't panic just yet - that doesn't mean that all of your passwords are now in the hands of internet criminals. Although the breach is...

Medical imaging cybersecurity needs to evolve to meet today’s security threats. Cyberthreats specifically targeting health care institutions have increased over recent years. More data is also at risk since patients have begun widely using telemedicine services. In addition to the risk of information theft, there is a very serious risk to patients,...

With Cyber Security Awareness month fast approaching, information security professionals and data protection managers will be looking at how to secure board-level buy-in for company-wide cybersecurity awareness campaigns. Often, this is the biggest hurdle for any cyber awareness campaign as senior leadership weighs the costs and benefits of...