Compliance is a key part of any organisation and in business terms, it is about ensuring companies of all sizes and their employees comply with existing national and international laws. In the UK the Companies Act 2006 is the main legislation that forms the primary source of company law and businesses of all sizes must ensure they adhere to it to...

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of May 2, 2022. I’ve also included some comments on these stories. Microsoft Azure Vulnerability Exposes PostgreSQL Databases...

The popularity of cloud services has increased exponentially in recent years. The prospects of saving on capital and operational expenditures have been significant driving forces in influencing companies to adopt cloud services. Scalability and elasticity are also key drivers that encourage companies to move to the cloud. However, moving to the...

The most relevant cybersecurity threat to most businesses may be human, not technical. A sudden wave of cybercrime paired with longstanding tech labor challenges has created a cybersecurity skills gap, leaving companies without the expertise they need.Some companies lack dedicated security staff entirely, while others have a small, overworked...

Over US $43 billion has been lost through Business Email Compromise attacks since 2016, according to data released this week by the FBI. The FBI's Internet Crime Complaint Center (IC3) issued a public service announcement on May 4 2022, sharing updated statistics on Business Email Compromise (BEC) attacks which use a variety of social engineering...

In 2002 I sat in a local bookstore in Jackson Hole, WY that offered a few Internet-connected computers for hourly use. After chatting with the owner and petting the resident store dog, I took a few guesses at the password protecting these computers. It took me maybe 10 attempts. It was, of course, some variation of the dog’s name. While this is a...

Over the past few years, I’ve used Star Wars Day as a way to talk about two of my favourite things – Star Wars and cybersecurity. I wrote about scammers in 2020 and IoT in 2021, and I really thought I’d write about IoT again this year. After all, there’s no shortage of IoT blunders to talk about and tie into the Star Wars mythos. Instead, an article...

It is often stated that security is hard. Whether it is the people, processes, and technology, or any combination of the three, security is a never ending challenge. Conversely, compliance is the opposite. Compliance is relatively straightforward. For too long, and for too many organisations, meeting a compliance standard was seen as a...

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of April 25, 2022. I’ve also included some comments on these stories. Homeland Security bug bounty program uncovers 122 holes...

Tripwire's April 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, Google Chrome, Oracle, and Adobe. First on the patch priority list this month is an elevation of privilege vulnerability in the Microsoft Windows User Profile Service. This vulnerability has been added to the Metasploit Exploit Framework and...

In the past, I’ve written about digital privacy and how much data we leak through our day to day interactions. I think this is an important topic to consider and really focus on and it is an element of cybersecurity at both the enterprise and personal level that isn’t discussed enough. One of the reasons is that demonstrating this can definitely...

If your company is worried about the financial hit of paying a ransom to cybercriminals after a ransomware attack, wait until they find out the true cost of a ransomware attack. Because the total costs of recovering from the ransomware attack are likely to be much, much higher. That's the finding of a new study by researchers at Check Point, who...

It’s not often we can say this, but 2022 is shaping up to be an exciting time in information governance, especially for those interested in compliance and compliance frameworks. We started the year in eager anticipation of the new version of the international standard for information security management systems, ISO 27001:2022, soon to be followed...

The Payment Card Industry Data Security Standard (PCI DSS) is a benchmark with tenure in the industry, with the first version being introduced in 2004. The PCI DSS was unique when it was introduced because of its prescriptive nature and its focus on protecting cardholder data. Cybersecurity is a changing landscape, and prescriptive standards must be...

Remember how, just a few years ago, many organizations were striving to be cyber secure? Over the last years, it seemed that crowing about one’s cybersecurity posture became the very thing that mocked every organization that was the victim of a newsworthy compromise. Many organizations began augmenting their previously acclaimed security posture...

Organizations are always concerned with improving efficiencies to make business flow smoother. Some of the biggest inefficiencies in any business revolve around time wasted on operational tasks. Whether it is a stale accounting process, or something as trivial as routing phone calls to the proper department, saving time by improving a process can...

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of April 18, 2022. I’ve also included some comments on these stories. CISA Alert on ICS, SCADA Devices Highlights Growing...

For most organizations, Security Operations Center (SOC) teams have long since been their first line of defense. These SOC systems efficiently ensure robust cybersecurity and are designed to detect, analyze, respond to, and prevent any cybersecurity incident that the organization might come across. Integrating a SOC within an organization aims to...

Sometimes referred to as Sodinokibi, the notorious REvil ransomware-as-a-service (RAAS) enterprise was responsible for a series of high profile attacks against the likes of the world's biggest meat supplier JBS Foods and IT service firm Kaseya. However, it looked like its activities had come to a halt after law enforcement agencies pushed REvil...