An application programming interface, or API, is a defined process that allows data to be shared between applications or programs. Each API consists of a set of rules that dictates how communication occurs between a client and a server or external program. The required request format, the authentication process, and the encryption of data all have...

You always want to know what is attached to your network. And whether it could be vulnerable or not. In any organisation it's normal for different devices, on- or off-prem, wired or wireless, to be constantly added or removed - and this can present an opportunity for malicious hackers to take advantage of improperly secured systems. In many cases,...

As threats to technology and private information become more frequent, the President of the United States and Congress have proclaimed October to be Cybersecurity Awareness Month. This initiative aims to assist people in protecting themselves online. Government and business are working together to increase cybersecurity awareness on a national and...

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of September 26th, 2022. I’ve also included some comments on these stories. Sophos Firewall Zero-Day Exploited in Attacks on...

After years of falling behind, the construction industry has realised the importance of its data. Construction-related businesses invested a remarkable 188% more in cybersecurity in 2018–19. Data leaks and cyberattacks have jolted sectors worldwide, affecting everyone. 55% of UK businesses experienced a cyberattack in 2019 alone, and the average...

Follies The Broadway Tower in Worcestershire, England is a famous structure. It's inspiring, beautiful, and at 62 feet high, like other similar buildings, it's a folly. While it looks grand inside and out, it serves no purpose than to be a decoration. It’s all too easy to buy a set of policies and procedures, change the company name and some other...

A 40-year-old man could face up to 10 years in prison, after admitting in a US District Court to sabotaging his former employer's computer systems. Casey K Umetsu, of Honolulu, Hawaii, has pleaded guilty to charges that he deliberately misdirected a financial company's email traffic and prevented customers from reaching its website in a failed...

I’m delighted to share that I will be speaking for the first time at SecTor this year. The talk will be in Theatre 1 at 1:15pm on October 5th. In the session Neither Pointless Nor Boring: Pop It And Lock It Down With CIS Controls, I will be discussing the latest version of CIS Controls. There are 18 Controls in Version 8. We will review these before...

Fleet operations today revolve around data. Telematics systems, connected cars, and similar IoT systems provide fleet managers with a wealth of information, but this connectivity also raises security concerns. As data breach costs reach their highest point in decades, accounting for vulnerabilities in organizations’ data becomes increasingly...

It’s no secret that if nations want to meet the Net Zero emission targets set by international organizations by 2050, there’s a lot of work to be done. In the UK, one of the key initiatives aimed at reducing emissions and increasing energy efficiency is the development of the Smart Grid. What Is the Smart Grid? In 2014, the Department of Energy...

There’s a high chance that you or someone you know has been impacted by email fraud or identity theft. At the very least, you’ve likely received a variety of spam emails and text messages asking to provide a payment or confirm your identity. The good news is that cybersecurity protection is constantly evolving and improving, with cybersecurity...

2022 began with successful ransomware attacks against global IT and digital transformation providers, no thanks to the notorious LAPSUS$ ransomware gang. Often, any discussion about ransomware impact has mostly centered on affected organizations. Rightly so, as victimized organizations usually suffer significant disruption to their operations. In...

Together with the National Cybersecurity Center of Excellence (NCCoE), the National Institute of Standards and Technology (NIST) has released a series of practice guides that focuses on data integrity. Data integrity is the property that records have not been altered in an unauthorized manner. Tripwire is very proud to have contributed and...

For the record, it should be acknowledged from the start that there is no question that the cybersecurity landscape has improved over time, mostly courtesy of persistent increases in cyber spending year after year. Gartner estimates that the U.S. and the rest of the world will invest $172 billion in cybersecurity this year, up from $150 billion last...

People have become the primary attack vector for cyber attackers around the world. As the Verizon Data Breach Investigations Report 2022 indicates, it is humans rather than technology that now represent the greatest risk to organizations. According to the SANS 2022 Security Awareness Report, the top three security risks that security professionals...

Last year, it was great to be back at SecTor after everything was canceled in 2020. The capacity was reduced, but the Hack Lab was still plenty busy and we loved having everyone come by and visit our table and play with the gear. Even more than that, we were excited to meet up with so many friends that we hadn’t seen since 2019. We’re looking...

Tripwire's August 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the patch priority list this month are patches for Microsoft Office, Outlook, and Excel that resolve 4 vulnerabilities, including denial of service, remote code execution, and security feature bypass. Up next are patches that affect...

Modern enterprises will have to work with customer data in one way or another. The COVID-19 pandemic proved that the only businesses that would survive the future were those willing to embrace technology. While technologies such as the Internet of Things, and artificial intelligence have undeniable benefits, they have also presented complications. ...

It is always said that security is never a one-size-fits-all solution. This is true not only because of the apparent infinite varieties of equipment in each individual organization, but also, and perhaps more importantly, the different ways that every organization views security. Some spend lots of time focusing on physical security, especially...

I’m excited to share that I will be speaking at SecTor this year in the tools track. While the SecTor schedule is not yet finalized, I’m currently listed as speaking at 10:15am on October 6th. The talk, The Power of the Pico: Replacing Expensive Toys with the Raspberry Pi Pico, will cover how to use a Raspberry Pi Pico to perform BadUSB attacks....