Blog

Blog

Defending Aircraft Networks Against Cybersecurity Breaches

The aviation industry is both vast and complex. More than 45,000 flights and 2.9 million passengers travel through U.S. airspace every day, requiring high-tech tools and extensive communications networks. All of that data and complexity makes the sector a prime target for cybercriminals. Worryingly, only 49% of non-governmental organizations have...
Blog

Using DevSecOps for Efficient IT Security

DevSecOps is the key to achieving effective IT security in software development. By taking a proactive approach to security and building it into the process from the start, DevSecOps ensures improved application security. It also allows organizations to rapidly develop application security with fewer bottlenecks and setbacks. Some critical aspects...
Blog

Lockdown Mode: Apple to protect users from targeted spyware attacks

Apple has previewed a new feature which aims to harden high-risk users from the serious threat of being spied upon by enemy states and intelligence agencies. "Lockdown Mode" is scheduled to arrive later this year with the release of Apple iOS 16 and macOS Ventura. It's an optional feature for users who believe their computers and smartphones face a...
Blog

PCI 4.0: The wider meanings of the new Standard

The new PCI DSS Standard, version 4.0, contains all the steps, best practices, and explanations required for full compliance. In fact, even an organization that does not process cardholder data could follow the PCI Standard to implement a robust cybersecurity program for any of its important data. In our series about how the new standard differs...
Blog

The True Cost of a Security Breach

There have been many articles about the cost of a security breach. With the emergence of privacy regulations that assign penalties based on a business’ profit, or those that calculate a value for each compromised record, it is possible to calculate the cost of a breach based on those metrics. However, it would seem that these hard numbers are not...
Blog

The Need of Privacy Certifications for Lawyers

The widespread adaptability and integration of tools and the professionals who can effectively use them to comply with the law will significantly impact the careers of both lawyers and other legal personnel. One of the fastest-growing areas in the legal profession in the United States is Privacy Law. Privacy certifications endorse attorneys as...
Blog

Black Basta ransomware - what you need to know

What is Black Basta? Black Basta is a relatively new family of ransomware, first discovered in April 2022. Although only active for the past couple of months, the Black Basta ransomware is thought to have already hit almost 50 organisations - first exfiltrating data from targeted companies, and then encrypting files on the firm's computer systems....
Blog

What you need to know about PCI 4.0: Requirements 10, 11 and 12

As we continue our review of the 12 Requirements of PCI DSS version 4.0, one has to stop and consider, is it possible to have a favorite section of a standard? After all, most guidance documents, as well as regulations are seen as tedious distractions from the importance of getting the job done. However, depending on a person’s position and function...
Blog

Penetration Testing in 2022: Key Trends and Challenges

Just when you thought that we couldn’t be any more integrated with (and dependent on) technology, the Covid pandemic swooped in to prove otherwise. The rise in the use of applications and devices to perform even basic functions pushed companies and end-users to keep pace. Of course, one group of people always seem to be ready: cybercriminals. Cyber...
Blog

The Role of IAM in Maintaining Cloud Security

Cloud computing is an effective solution for large and small companies across every industry. There has been rapid adoption due in large part to its accessibility, flexibility, and reliability. The cloud environment brings a significant amount of benefits, but at the same time, it can expose businesses to various alarming cybersecurity risks. A...
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of June 20, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of June 20, 2022. I’ve also included some comments on these stories. Over a Dozen Flaws Found in Siemens' Industrial Network...
Blog

How to Protect Your Remote Workforce from a Cyberattack

Earlier this year, an industry report stated that 79% of businesses remain concerned about the security risks of an increasingly remote workforce. Cyberattacks are on the rise since the COVID-19 pandemic, in part because many organizations fail to put in place adequate cybersecurity measures and procedures. In addition, there is a worldwide...
Blog

COVID Text Scam Warning from National Health Service (NHS)

The UK's National Health Service (NHS) has warned the public about a spate of fake messages, sent out as SMS text messages, fraudulently telling recipients that they have been exposed to the Omicron variant of COVID-19. In a tweet, the NHS said that it had seen reports of text messages that claimed to come from the NHS, telling recipients that they...
Blog

What you need to know about PCI 4.0: Requirements 5, 6, 7, 8 and 9

In Part 1 of this series, we reviewed the first four sections of the new PCI standards. As we continue our examination of PCI DSS version 4.0, we will consider what organizations will need to do in order to successfully transition and satisfy this update. Requirements 5 through 9 are organized under two categories: Maintain a Vulnerability...
Blog

NIST SP 800-161r1: What You Need to Know

Modern goods and services rely on a supply chain ecosystem, which are interconnected networks of manufacturers, software developers, and other service providers. This ecosystem provides cost savings, interoperability, quick innovation, product feature diversity, and the freedom to pick between rival providers. However, due to the many sources of...
Blog

Q1 2022 Phishing Threat Trends and Intelligence Report

In 2022, phishing attacks have not only increased substantially, but they have also taken a new turn of events. According to the Agari and PhishLabs Quarterly Threat Trends & Intelligence report, phishing attacks are gradually being delivered through a wide range of online platforms. The classic email phishing attack technique has increased...