The new PCI DSS Standard, version 4.0, contains all the steps, best practices, and explanations required for full compliance. In fact, even an organization that does not process cardholder data could follow the PCI Standard to implement a robust cybersecurity program for any of its important data. In our series about how the new standard differs...

There have been many articles about the cost of a security breach. With the emergence of privacy regulations that assign penalties based on a business’ profit, or those that calculate a value for each compromised record, it is possible to calculate the cost of a breach based on those metrics. However, it would seem that these hard numbers are not...

The Center for Internet Security (CIS) controls are a relatively short list of high-priority, highly effective defensive actions that provide a “must-do, do-first” starting point for every enterprise seeking to improve its cyber defense. Initially developed by the SANS Institute and known as the SANS Critical Controls, these best practices are...

In the Godfather Part II, Michael Corleone says, “There are many things my father taught me here in this room. He taught me: keep your friends close, but your enemies closer.” This lesson Vito Corleone taught his son Michael is just as applicable to IT security configuration management (SCM). Faster breach detection Today’s cyber threat landscape...

The widespread adaptability and integration of tools and the professionals who can effectively use them to comply with the law will significantly impact the careers of both lawyers and other legal personnel. One of the fastest-growing areas in the legal profession in the United States is Privacy Law. Privacy certifications endorse attorneys as...

The job of a CISO is one of constant change and unexpected challenges. One of the most energetic environments to govern is that of a university. Universities function not only as academic institutions, but also as research hubs, hosting both curious students, as well as notable scholars. This is an audience not known for slow-motion progress. They...

What is Black Basta? Black Basta is a relatively new family of ransomware, first discovered in April 2022. Although only active for the past couple of months, the Black Basta ransomware is thought to have already hit almost 50 organisations - first exfiltrating data from targeted companies, and then encrypting files on the firm's computer systems....

As we continue our review of the 12 Requirements of PCI DSS version 4.0, one has to stop and consider, is it possible to have a favorite section of a standard? After all, most guidance documents, as well as regulations are seen as tedious distractions from the importance of getting the job done. However, depending on a person’s position and function...

Just when you thought that we couldn’t be any more integrated with (and dependent on) technology, the Covid pandemic swooped in to prove otherwise. The rise in the use of applications and devices to perform even basic functions pushed companies and end-users to keep pace. Of course, one group of people always seem to be ready: cybercriminals. Cyber...

Cloud computing is an effective solution for large and small companies across every industry. There has been rapid adoption due in large part to its accessibility, flexibility, and reliability. The cloud environment brings a significant amount of benefits, but at the same time, it can expose businesses to various alarming cybersecurity risks. A...

Ransomware has matured significantly over the previous decade or so. Initially thought to be a relatively basic virus that could be contained on a floppy disk, it can now damage global business infrastructures, stop healthcare systems dead in their tracks, mess with fuel supply networks, and disrupt transportation infrastructure. Its simplicity is...

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of June 20, 2022. I’ve also included some comments on these stories. Over a Dozen Flaws Found in Siemens' Industrial Network...

Earlier this year, an industry report stated that 79% of businesses remain concerned about the security risks of an increasingly remote workforce. Cyberattacks are on the rise since the COVID-19 pandemic, in part because many organizations fail to put in place adequate cybersecurity measures and procedures. In addition, there is a worldwide...

The UK's National Health Service (NHS) has warned the public about a spate of fake messages, sent out as SMS text messages, fraudulently telling recipients that they have been exposed to the Omicron variant of COVID-19. In a tweet, the NHS said that it had seen reports of text messages that claimed to come from the NHS, telling recipients that they...

In Part 1 of this series, we reviewed the first four sections of the new PCI standards. As we continue our examination of PCI DSS version 4.0, we will consider what organizations will need to do in order to successfully transition and satisfy this update. Requirements 5 through 9 are organized under two categories: Maintain a Vulnerability...

Modern goods and services rely on a supply chain ecosystem, which are interconnected networks of manufacturers, software developers, and other service providers. This ecosystem provides cost savings, interoperability, quick innovation, product feature diversity, and the freedom to pick between rival providers. However, due to the many sources of...

According to IBM’s Cost of a Data Breach report In 2021, data breach costs rose from $3.86 million to $4.24 million, exhibiting the highest average total cost in the 17-year history of their report. A new report from the Department for Culture, Media, and Sport (DCMS) has revealed that data breaches have become more costly for medium and large...

In 2022, phishing attacks have not only increased substantially, but they have also taken a new turn of events. According to the Agari and PhishLabs Quarterly Threat Trends & Intelligence report, phishing attacks are gradually being delivered through a wide range of online platforms. The classic email phishing attack technique has increased...

Nearly a year ago, journalist Martin Banks codified “Five Laws of Cybersecurity”. Cybersecurity is a complicated field, and any way to simplify its many facets into short, easy-to-remember maxims is always welcome. The five laws are a very good start towards developing a robust security program. The laws are: Treat everything like it’s vulnerable...

Each year, CyberEdge publishes the Cyberthreat Defense Report (CDR). Aimed at IT security leaders, this comprehensive report outlines the threats, security issues, and industry concerns that are most pressing. Information summarized in the CDR is gathered through surveys conducted in 17 countries and 19 industries. Respondents are IT decision...