Security threat actors are becoming smarter, and their attacks more devious. Staying ahead of cybercriminals and vulnerabilities is the only way to defeat the attackers at their own game. If you want to protect your organization from cyber threats, then you need to think like an attacker. Operational security, also known as OPSEC, is a discipline...

Governments play a key role in the continued operation of society. While getting a speeding ticket or paying taxes may not be anyone’s favorite thing to do, they contribute to the government’s ability to protect its citizens while maintaining its infrastructure and services. Cybersecurity is critical for all organizations and government agencies,...

As governments and organizations standardize and harmonize their responses to better mitigate the increasing number of cyber-attacks, so do cybercriminals. In Europe, security decision-makers and businesses face similar attack techniques as their global counterparts. While the methodologies employed are identical because they all rely on the same...

Application dependencies occur when technology components, applications, and servers depend on each other to provide a business solution or service. Developers have a specific technology stack in mind when building solutions. This can typically include operating systems, database engines, and development frameworks (such as .Net or Java), as well as...

The owner of a Russian penetration-testing company has been found guilty of being part of an elaborate scheme that netted $90 million after stealing SEC earning reports. For nearly three years, 42-year-old Vladislav Klyushin - the owner of Moscow-based cybersecurity firm M-13 - and his co-conspirators had hacked into two US-based filing agents used...

Today’s VERT Alert addresses Microsoft’s February 2023 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1042 on Wednesday, February 15th. In-The-Wild & Disclosed CVEs CVE-2023-21823 The first vulnerability in the list this week is CVE-2023-21823, a vulnerability in Windows Graphic Component...

We create massive amounts of data daily, from the exercise stats compiled by our wearable devices to smart meters used at our homes to reduce expense consumption to maintenance statistics of critical systems in industrial settings. If data creation continues at its present rate, more than a yottabyte (a million trillion megabytes) will likely be...

Tripwire's January 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft and Adobe. First on the patch priority list this month are patches for Microsoft Visio and Microsoft Office that resolve 6 vulnerabilities, including remote code execution and information disclosure vulnerabilities. Next are patches for Adobe...

The Tripwire Vulnerability Exposure and Research Team (VERT) keeps its finger on the cybersecurity pulse. Check out some of the stories that stood out for us recently: Compromised Linux Endpoints can be isolated with Microsoft Defender Microsoft Defender for Endpoint can now isolate compromised Linux environments. This can potentially mitigate the...

Industrial control systems are fundamental to all industrial processes, from power generation to water treatment and manufacturing. ICS refers to the collection of devices that govern a process to ensure its safe and effective execution. These devices include Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS)...

It’s another new year and hence another occasion to predict how the cybersecurity landscape will evolve in 2023. Once again, it will be challenging, as most every year is, and could wind up being an unusually difficult 12 months because of multiple headwinds. One is that it has become clear that a huge increase in remote working is here to stay, if...

The distribution systems of the U.S. energy grid — the portions of the grid that carry electricity to consumers — are growing more susceptible to cyber-attacks, in part due to the advent of monitoring and control technology and their reliance on them. However, the magnitude of the possible consequences of such attacks is not fully understood. Reports...

The cybersecurity landscape has become something of a battle royale: companies and cyber criminals are continually trying to outsmart one another in an effort to be the last one standing.Thankfully, many businesses are seeking a proactive approach, aiming to avoid the proverbial egg on their face when it comes to cybersecurity breaches. Learning from...

In today's hyper-connected world, most of us now take care of our daily tasks with the help of digital tools, which includes online banking. Whether we're reviewing our account balances, transferring money, applying for payment cards, or simply paying our bills, banking has become more digital, and requires financial firms to adapt to this new world...

The Tripwire Vulnerability Exposure and Research Team (VERT) are constantly looking out for exciting stories and developments in the cybersecurity world. Here’s what news stood out to us, including some comments on these stories. Vulnerabilities discovered in Netcomm and TP-Link Routers Netcomm routers are subject to an authentication bypass and a...

In the world of cybersecurity, the spotlight often shines on protecting applications, networks, and individual accounts. Application programming interfaces (APIs), on the other hand, present their own set of challenges to secure. APIs account for a significant portion of internet traffic and handle massive amounts of information from a wide variety...

I keep hearing about LockBit ransomware attacks. What's going on? It's no surprise if you have heard about LockBit. It is the world's most active ransomware group - responsible for an estimated 40% of all ransomware infections worldwide. I guess LockBit does the usual bad stuff - encrypt your data, steal your files, dump a ransom note on your PC.....

Penetration testing is a vital part of cybersecurity strategy development, evaluating the strength of an organization’s infrastructure. To prevent attackers from exploiting security flaws in your software or networks, you want to discover them as soon as possible. Penetration testing is becoming increasingly common because it anticipates attacks...

It’s old news, but data is – and will remain for the foreseeable future – king. It has to be dealt with and handled responsibly, assigned to the right boxes, and stored properly. Why? Because everyone wants it, and there are increased efforts to obtain it by ever-more sophisticated and subtle bad actors. You wouldn’t put a piece of junk mail in a...

Recent headlines have indicated that some major companies were affected by Remote Code Execution (RCE) vulnerabilities, just in the month of October. RCE flaws are largely exploited in the wild, and organizations are continually releasing patches to mitigate the problem. RCE is a type of an Arbitrary Code Execution (ACE) attack where the threat...