CISOs – the senior level executives responsible for developing and implementing cybersecurity programs for corporations and other organizations – are not happy campers these days. And it’s not just because they are chronically understaffed and under constant pressure. As it turns out, Chief Information Security Officers (CISOs) often don’t see eye...

In the language of technology, a sandbox is a safe testing environment that is isolated from the rest of your network or system. Developers use sandboxes to test their code before deployment. In cybersecurity, suspicious and potentially unsafe programs, software, and attachments are executed in sandboxes to detect malware and to avoid any harm...

The popularity of electric vehicles is partly a response to the desire of achieving sustainability and carbon footprint reduction. Automobile manufacturers are making substantial investments to tackle emissions issues, create environment-friendly vehicles, and align with Environmental, Social, and Governance (ESG) requirements. To achieve brand edge...

Passwords are the most basic and common authentication method used to secure access to systems. But the process of using and maintaining secure passwords for numerous platforms can be quite tedious. According to Verizon`s 2020 Data Breach Investigation Report, weak, and re-used passwords resulted in 81% of data breaches. Apart from that, there are...

Are you sitting comfortably? Then let us begin… No, this isn’t the start of some Christmas fairy tale… it’s how I begin reading most reports which cover the last 12 months in Cybersecurity, and there are quite a few to look at. But for me, the one I value most is the ENSIA Threat landscape (ETL) report, which is now in its tenth year. Every year,...

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of December 19th, 2022. I’ve also included some comments on these stories.NIST Recommends upgrading from SHA-1The SHA-1...

The FBI is warning US consumers that cybercriminals are placing ads in search engine results that impersonate well-known brands, in an attempt to spread ransomware and steal financial information. In a public service announcement issued this week, the FBI describes how cybercriminals are purchasing ads that show up at the very top of search engine...

Tripwire's November 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the patch priority list this month are patches for Microsoft Office, Word, and Excel that resolve 8 vulnerabilities, including remote code execution, information disclosure, and security feature bypass vulnerabilities. Up next are...

This year marks the release of the first 2022 Vulnerability Management Report from Fortra. The report, which was conducted in September 2022, is based on a comprehensive survey of over 390 cybersecurity professionals with the goal of gaining insights into the latest trends, key challenges, and vulnerability management solution preferences. ...

There’s usually a surge in online activities during festive periods. People place gift orders and send funds to loved ones, and organizations roll out offers that reflect the spirit of the festivity. Threat actors will usually take advantage of this activity to sneak past your defenses. By convincingly impersonating any of these legitimate offers,...

Call her Linda Leesburg. Fresh out of graduate school and starting her first serious job, she decided to buy some kitchen utensils and related items, including a dish set, cookware, silverware and a coffee maker, to outfit the kitchen of her new apartment. She could easily buy these products at a local store, but she discovered a store online that...

When we speak of necessary evils, some images readily spring to mind. A dental appointment, automobile insurance, and many others. In cybersecurity, audits fit this image quite well. There are many uncomfortable aspects of audits, including the need to maintain accurate records, as well as finding the time to perform all the work required to satisfy...

The National Cyber Security Centre (NCSC) is the UK’s technical authority for cybersecurity. Established in 2016, it has worked to improve online safety and security, and has brought clarity and insight to an increasingly complex online world. In its 6th annual review, it gives insights to its understanding of the cyber environment affecting the UK....

Recent advancements in the digital landscape have led to a new kind of paradigm, one where enterprise perimeters are no longer clearly defined or limited. The rapid uptake of remote working, cloud, and IoT led to these prominent shifts, resulting in users, applications, and data no longer residing exclusively within the perimeters of the enterprise....

The National Cyber Security Centre (NCSC) recently published important cybersecurity guidance to help protect retailers, which comes right as the holiday shopping season is in full swing. Retail organizations are no strangers to cyber attacks. In fact, some recent large-scale retail industry cyber attacks have included popular brands such as Guess,...

Law enforcement agencies in the United States, UK, Netherlands, Poland, and Germany have brought down the most popular DDoS-for-hire services on the internet, responsible for tens of millions of attacks against websites. 50 of the world's biggest "booter" sites used to launch disruptive distributed denial-of-service attacks have been taken down as...

The holiday season has arrived, and cyberattacks are expected to increase with the upcoming celebratory events. According to The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) 2022 Holiday Season Threat Trends and summary report, ransomware and phishing attacks are expected to increase in retail. With the FIFA World Cup 2022,...

Network security is a significant topic that all organizations should consider as a major concern. Regardless of the industry, business, or scope of their operations, all enterprises need to have good network security practices in place to protect against cyberattacks. There are a plethora of different security solutions for different needs, and...

As we walk towards the end of 2022, full-scale predictions are made about the trends for cybersecurity in the upcoming year: how will cybersecurity affect us, what major cyber threats will dominate the landscape, and, where shall we allocate cybersecurity budgets? Above all, what can we do to secure our businesses and protect our tangible and...

Today’s VERT Alert addresses Microsoft’s December 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1034 on Wednesday, December 14th. In-The-Wild & Disclosed CVEs CVE-2022-44698 This vulnerability allows a malicious individual to bypass SmartScreen, which does a reputation check based...