Ransomware attacks continue to plague organizations globally regardless of their size. In a press release by the NCC group that preceded the Annual Threat Monitor Report 2021 published for the year 2021, there were an estimated 2,690 ransomware attacks, a 92.7% increase from 2020s figures of 1,389. The increase of ransomware attacks builds upon the...

Today’s VERT Alert addresses Microsoft’s July 2022 Security Updates. VERT is actively working on coverage for these Patch Tuesday vulnerabilities and expects to ship ASPL-1011 on Wednesday, July 13th.In-The-Wild & Disclosed CVEsCVE-2022-22047Microsoft is reporting this month that a single vulnerability in the Windows Client/Server Runtime Subsystem ...

The aviation industry is both vast and complex. More than 45,000 flights and 2.9 million passengers travel through U.S. airspace every day, requiring high-tech tools and extensive communications networks. All of that data and complexity makes the sector a prime target for cybercriminals. Worryingly, only 49% of non-governmental organizations have...

DevSecOps is the key to achieving effective IT security in software development. By taking a proactive approach to security and building it into the process from the start, DevSecOps ensures improved application security. It also allows organizations to rapidly develop application security with fewer bottlenecks and setbacks. Some critical aspects...

The Center for Internet Security (CIS) controls are a relatively short list of high-priority, highly effective defensive actions that provide a “must-do, do-first” starting point for every enterprise seeking to improve its cyber defense.Initially developed by the SANS Institute and known as the SANS Critical Controls, these best practices are...

What is Black Basta? Black Basta is a relatively new family of ransomware, first discovered in April 2022. Although only active for the past couple of months, the Black Basta ransomware is thought to have already hit almost 50 organisations - first exfiltrating data from targeted companies, and then encrypting files on the firm's computer systems....

Just when you thought that we couldn’t be any more integrated with (and dependent on) technology, the Covid pandemic swooped in to prove otherwise. The rise in the use of applications and devices to perform even basic functions pushed companies and end-users to keep pace. Of course, one group of people always seem to be ready: cybercriminals. Cyber...

Ransomware has matured significantly over the previous decade or so. Initially thought to be a relatively basic virus that could be contained on a floppy disk, it can now damage global business infrastructures, stop healthcare systems dead in their tracks, mess with fuel supply networks, and disrupt transportation infrastructure. Its simplicity is...

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of June 20, 2022. I’ve also included some comments on these stories. Over a Dozen Flaws Found in Siemens' Industrial Network...

Earlier this year, an industry report stated that 79% of businesses remain concerned about the security risks of an increasingly remote workforce. Cyberattacks are on the rise since the COVID-19 pandemic, in part because many organizations fail to put in place adequate cybersecurity measures and procedures. In addition, there is a worldwide...

Modern goods and services rely on a supply chain ecosystem, which are interconnected networks of manufacturers, software developers, and other service providers. This ecosystem provides cost savings, interoperability, quick innovation, product feature diversity, and the freedom to pick between rival providers. However, due to the many sources of...

Nearly a year ago, journalist Martin Banks codified “Five Laws of Cybersecurity”. Cybersecurity is a complicated field, and any way to simplify its many facets into short, easy-to-remember maxims is always welcome. The five laws are a very good start towards developing a robust security program. The laws are: Treat everything like it’s vulnerable...

Today’s VERT Alert addresses Microsoft’s June 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1007 on Wednesday, June 15th. In-The-Wild & Disclosed CVEs None of the vulnerabilities patched this month have been exploited in-the-wild or publicly disclosed according to Microsoft. However,...

Cybersecurity has, since its inception, been a corporate-based problem. Whether it is a public, or private corporation, these entities were the primary targets of most cybercrime. In recent years, the industrial sector has increasingly become the target of attack for malicious actors. The reasons include newly internet-connected devices that were...

Recall the last time that you stood on the shore, enjoying the briny breeze that gently caressed your skin, and the sounds and smells of the sea. You may have noticed in the distance a large sailing vessel. Have you ever considered all the moving parts that contribute to these “floating cities”? Beyond the logistics of setting out to sea, a ship...

Cybersecurity awareness, protection, and prevention is all-encompassing. In addition to implementing the right tools and resources, and hiring skilled professionals with the right cybersecurity education and experience, organizations should be aware of the latest CVEs. What Is a CVE? The acronym “CVE” stands for Common Vulnerabilities and...

The Risk Management Framework (RMF) is most commonly associated with the NIST SP 800-37 guide for "Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach," which has been available for FISMA compliance since 2004. It was updated in December 2018 to revision 2.This was the result of a Joint Task Force...

Cloud adoption continues to soar. More than two-thirds of small to mid-sized businesses intend to increase their use of cloud technologies over the next few years. While the cloud comes with many security benefits, it also carries unique concerns.As the cloud becomes increasingly central to business operations, cloud security should be a priority....

The lack of healthcare cybersecurity is one of the most significant threats to the sanctity of the global healthcare industry. This is made evident by the fact that in 2020 more than 18 million patient records were affected by successful cyber-attacks on the U.S. healthcare system.Health professionals should not take this issue lightly, as financial...

Tripwire's May 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft.First on the patch priority list this month are 2 remote code execution vulnerabilities for Excel and a security feature bypass vulnerability for Office.Up next are patches that affect components of the Windows operating systems. These patches...