Most of us already know the basic principle of authentication, which, in its simplest form, helps us to identify and verify a user, process, or account. In an Active Directory environment, this is commonly done through the use of an NTLM hash. When a user wants to access a network resource, such as a file share, their password is hashed and sent...

LastPass, the popular password manager used by millions of people around the world, has announced that it suffered a security breach two weeks ago that saw attackers break into its systems and steal information. But don't panic just yet - that doesn't mean that all of your passwords are now in the hands of internet criminals. Although the breach is...

Medical imaging cybersecurity needs to evolve to meet today’s security threats. Cyberthreats specifically targeting health care institutions have increased over recent years. More data is also at risk since patients have begun widely using telemedicine services. In addition to the risk of information theft, there is a very serious risk to patients,...

With Cyber Security Awareness month fast approaching, information security professionals and data protection managers will be looking at how to secure board-level buy-in for company-wide cybersecurity awareness campaigns. Often, this is the biggest hurdle for any cyber awareness campaign as senior leadership weighs the costs and benefits of...

The second quarter of 2022 offered plenty of positing on privacy, both in the U.S. and internationally. In the U.S., we saw the addition of another state privacy law, and a spark of hope in privacy professionals’ eyes with the introduction of tangible federal legislation. Plus, the Federal Trade Commission (FTC) is positioned to act on rulemaking...

In the context of hybrid work, the threat of data loss is rampant. Cybersecurity systems that were once designed to operate within the confines of a network perimeter have become obsolete, with employees using various devices, networks, and applications to get their work done. As such, it’s easier than ever for companies to be vulnerable to the loss...

Arriving at the keynote hall for Black Hat 2022, I was immediately struck by the size of the crowd - after the seemingly endless pandemic hiatus, the cyber industry had come out in force. The mood was one of enthusiasm, and the entire place reverberated with the vibrancy of reunion. It was a great event for the industry - and for Fortra - and a few...

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of August 15th, 2022. I’ve also included some comments on these stories. Newly Uncovered PyPI Package Drops Fileless...

Can you remember your first email? Either sending one, or receiving it? I certainly remember explaining to people what email was, and I also remember someone telling me they could live without their email server for "about a month before it becomes a problem". Can you imagine that now? A month without email? Emails are a necessary evil According...

The world of enterprise cybersecurity is exceedingly dynamic. In a landscape that is ever-changing, security professionals need to combat a class of evolving threat actors by deploying increasingly sophisticated tools and techniques. Today with enterprises operating in an environment that is more challenging than ever, Security Information and Event...

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of August 8st, 2022. I’ve also included some comments on these stories. Slack leaked hashed passwords from its servers for...

This year marks the eighth edition of the popular IBM i Marketplace Survey Results. Each year, Fortra collects data about how companies utilize the IBM i platform and the IT enterprises it helps. Year after year, the survey has started to demonstrate long-term directions that provide useful information about the future of this entrusted technology. ...

In March 2022, the Payment Card Industry Data Security Standard (PCI DSS) was updated with a number of new and modified requirements. Since their last update in 2018, there has been a rapid increase in the use of cloud technologies, contactless payments have become the norm, and the COVID-19 pandemic spurred a massive growth in e-commerce and online...

A new type of scam, called “pig butchering” is gaining momentum. Pig butchering is a unique scam which uses a romance scam script, but with an investment spin on it, where victims are groomed to invest large sums of money, often on fake crypto apps. Behind the scenes of these scams are scam centers run by cryptocurrency scammers, who coerce human...

Ransomware is to blame for the closure of all 175 7-Eleven stores in Denmark on Monday. The retailer closed all of its stores in Denmark after its cash registers and payment systems were brought down in the attack. Initially, 7-Eleven's Danish division did not say that ransomware was responsible for its problems, simply describing the incident as...

During the last few years, we have witnessed an increase in advanced cyber attacks. Cybercriminals utilize advanced technology to breach the digital boundary and exploit enterprises' security vulnerabilities. No industry feels secure; security professionals do their utmost to close security gaps and strengthen their cyber defense. As new...

Cybersecurity is becoming more of a common term in today’s industry. It is being passed around executive meetings along with financial information and projected marketing strategies. Within the cybersecurity lexicon, there are some attack methods that are repeated enough to become part of a “common tongue”. These terms are infrastructure agnostic;...

“Data: We have never had so much of it, and it has never been so challenging to protect.” These are some of the opening words in the new survey published by ISMG and Fortra in the ‘Data Security Survey 2022’. The survey explores how COVID19 has permanently changed how CISOs approach Data Security. It is an important study because it recognises...

Today’s Patch Tuesday VERT Alert addresses Microsoft’s August 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1015 on Wednesday, August 10th. In-The-Wild & Disclosed CVEs CVE-2022-34713 According to Microsoft, CVE-2022-34713 is a variant of the Dogwalk vulnerability. There has been a...

At a time when the state of cybersecurity is constantly changing, with new and increasing threats arising each day, it is vital for all organizations to keep it near the top of their list of priorities. Business applications are increasingly targeted by cybercriminals, and their ability to protect and defend themselves against these attacks is a...