Blog

Blog

Reexamining the “5 Laws of Cybersecurity”

Nearly a year ago, journalist Martin Banks codified “Five Laws of Cybersecurity”. Cybersecurity is a complicated field, and any way to simplify its many facets into short, easy-to-remember maxims is always welcome. The five laws are a very good start towards developing a robust security program. The laws are: Treat everything like it’s vulnerable...
Blog

Cyberthreat Defense Report 2022: Key Points You Should Know

Each year, CyberEdge publishes the Cyberthreat Defense Report (CDR). Aimed at IT security leaders, this comprehensive report outlines the threats, security issues, and industry concerns that are most pressing. Information summarized in the CDR is gathered through surveys conducted in 17 countries and 19 industries. Respondents are IT decision...
Blog

Interpol arrests thousands of scammers in operation "First Light 2022"

Law enforcement agencies around the world appear to have scored a major victory in the fight against fraudsters, in an operation that seized tens of millions of dollars and seen more than 2000 people arrested. Operation "First Light 2022", running for two months from March 8 2002 until May 8 2022, saw 76 countries clamp down on organised crime...
Blog

Grooming lies and their function in financial frauds

Grooming techniques used in various frauds are getting more common and more elaborate. Fraudsters are coming up with narratives that involve complicated lies and may have different stages, depending on the type of fraud. Often, different actors are brought into the story. These actors also lie to the victim, in order to support the narrative. The...
Blog

VERT Threat Alert: June 2022 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s June 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1007 on Wednesday, June 15th. In-The-Wild & Disclosed CVEs None of the vulnerabilities patched this month have been exploited in-the-wild or publicly disclosed according to Microsoft. However,...
Blog

What you need to know about PCI 4.0: Requirements 1, 2, 3 and 4.

The Payment Card Industry Security Standards Council has released its first update to their Data Security Standard (PCI DSS) since 2018. The new standard, version 4.0, is set to generally go into effect by 2024, but there are suggested updates that are not going to be required until a year after that. This, of course, creates a couple of problems...
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of June 06, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of June 06, 2022. I’ve also included some comments on these stories. Another nation-state actor exploits Microsoft Follina to...
Blog

Stronger Together: 4 things to do at Infosecurity Europe 2022

Following a two-year suspension of its live conference, Europe’s largest information security event Infosecurity Europe returns, welcoming in-person attendees at London’s ExCel Centre between June 21st and 23rd. Reed Exhibitions announced in December that the theme of this year's conference would be Stronger Together, a continuation of 2021’s...
Blog

The State of Security: Ransomware

Sophos Labs recently released its annual global study, State of Ransomware 2022, which covers real-world ransomware experiences in 2021, their financial and operational impact on organizations, as well as the role of cyber insurance in cyber defense. The report, which surveyed 5,600 IT professionals in mid-sized organizations across 31 countries,...
Blog

Navigating Cybersecurity with NERC CIP as the North Star

Working in the Electric Utility sector of critical infrastructure gives a person a very unique perspective on how many of the pieces of the puzzle fit together to provide uninterrupted services to a broad population. My personal experience as a software engineer in the electrical industry introduced me to the nuances that the average person doesn’t...
Blog

What Is ISO/IEC 27017?

More than a third of organizations suffered a serious cloud security incident in 2021. According to a survey of 300 cloud professionals covered by BetaNews, 36% of those respondents said that their organizations had suffered a severe cloud security data leak or breach in the past 12 months. Looking forward, eight in 10 survey participants said they...
Blog

Bridging the IT/OT gap with Tripwire’s Industrial Solutions

Cybersecurity has, since its inception, been a corporate-based problem. Whether it is a public, or private corporation, these entities were the primary targets of most cybercrime. In recent years, the industrial sector has increasingly become the target of attack for malicious actors. The reasons include newly internet-connected devices that were...
Blog

NERC CIP Audits: Top 8 Dos and Don'ts

My time at NERC had me involved with quite a few projects over my seven-year career there. I was involved with CIP compliance audits, investigations, auditor training, and many advisory sessions. Typically, I was advising entities across North America on different tactics, techniques, and insight from best practices I have seen. I wanted to share a...
Blog

Apple protected App Store users from $1.5 billion fraud last year

Apple says that it protected many millions of users from being defrauded to the tune of nearly $1.5 billion dollars in the last year, by policing its official App Store. According to a newly published report by Apple, over 1.6 million risky and untrustworthy apps and app updates were stopped in their tracks due to the company's fraud prevention...
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of May 30, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of May 30, 2022. I’ve also included some comments on these stories. Vendor Refuses to Remove Backdoor Account That Can...
Blog

High Seas and High Stakes Communications: Securing the Maritime Industry

Recall the last time that you stood on the shore, enjoying the briny breeze that gently caressed your skin, and the sounds and smells of the sea. You may have noticed in the distance a large sailing vessel. Have you ever considered all the moving parts that contribute to these “floating cities”? Beyond the logistics of setting out to sea, a ship...
Blog

Top CVE Trends — And What You Can Do About Them

Cybersecurity awareness, protection, and prevention is all-encompassing. In addition to implementing the right tools and resources, and hiring skilled professionals with the right cybersecurity education and experience, organizations should be aware of the latest CVEs. What Is a CVE? The acronym “CVE” stands for Common Vulnerabilities and...
Blog

How to Apply the Risk Management Framework (RMF)

The Risk Management Framework (RMF) is most commonly associated with the NIST SP 800-37 guide for "Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach," which has been available for FISMA compliance since 2004. It was updated in December 2018 to revision 2. This was the result of a Joint Task Force...
Blog

Building a More Secure Cloud: 5 Strategies for 2022

Cloud adoption continues to soar. More than two-thirds of small to mid-sized businesses intend to increase their use of cloud technologies over the next few years. While the cloud comes with many security benefits, it also carries unique concerns. As the cloud becomes increasingly central to business operations, cloud security should be a priority....
Blog

ICS Security in Healthcare: Why Software Vulnerabilities Pose a Threat to Patient Safety

The lack of healthcare cybersecurity is one of the most significant threats to the sanctity of the global healthcare industry. This is made evident by the fact that in 2020 more than 18 million patient records were affected by successful cyber-attacks on the U.S. healthcare system. Health professionals should not take this issue lightly, as...