Blog

Blog

VERT Threat Alert: October 2022 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s October 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1025 on Wednesday, October 12th. In-The-Wild & Disclosed CVEs CVE-2022-41033 A vulnerability in the Windows COM+ Event System service could allow malicious individuals to obtain SYSTEM...
Blog

Turning a Pico into a Human Interface Device (HID)

I just walked out of room 716 at SecTor here in Toronto, where I shared details on my Raspberry Pi Pico project. I’m happy that I was finally able to share this and even happier to announce that the GitHub repo is now open to the public. I won’t walk you through the code, but you can reach out to me if you have questions. So, what is the repo? As...
Blog

The State of Security: Poland

Poland is getting ready for the upcoming Presidential elections in August 2023 amidst a turbulent geopolitical and economic environment. The war in Ukraine has placed the country in the epicenter of the events, becoming home to more than 3.5 million refugees. The unprecedented energy crisis with prices soaring every day threaten to destabilize local...
Blog

4 tips to achieve Data Compliance

Data compliance is a crucial and essential factor in organizations that should be carefully followed for data management. Data compliance is more than maintaining relevant standards and regulations and ensuring that the data is secured. The substantial amount of data that is processed and used in organizations must be managed properly. All phases of...
Blog

What to Know about APIs, the “On-Ramps to the Digital World”

An application programming interface, or API, is a defined process that allows data to be shared between applications or programs. Each API consists of a set of rules that dictates how communication occurs between a client and a server or external program. The required request format, the authentication process, and the encryption of data all have...
Blog

CISA orders federal agencies to catalog their networks, and scan for bugs

You always want to know what is attached to your network. And whether it could be vulnerable or not. In any organisation it's normal for different devices, on- or off-prem, wired or wireless, to be constantly added or removed - and this can present an opportunity for malicious hackers to take advantage of improperly secured systems. In many cases,...
Blog

See Yourself in Cyber: 4 Steps to Stay Safe

As threats to technology and private information become more frequent, the President of the United States and Congress have proclaimed October to be Cybersecurity Awareness Month. This initiative aims to assist people in protecting themselves online. Government and business are working together to increase cybersecurity awareness on a national and...
Blog

UK Construction: Cybersecurity Experts Defend Joint Ventures

After years of falling behind, the construction industry has realised the importance of its data. Construction-related businesses invested a remarkable 188% more in cybersecurity in 2018–19. Data leaks and cyberattacks have jolted sectors worldwide, affecting everyone. 55% of UK businesses experienced a cyberattack in 2019 alone, and the average...
Blog

Foundational Activities for Secure Software Development

Follies The Broadway Tower in Worcestershire, England is a famous structure. It's inspiring, beautiful, and at 62 feet high, like other similar buildings, it's a folly. While it looks grand inside and out, it serves no purpose than to be a decoration. It’s all too easy to buy a set of policies and procedures, change the company name and some other...
Blog

IT admin admits sabotaging ex-employer's network in bid for higher salary

A 40-year-old man could face up to 10 years in prison, after admitting in a US District Court to sabotaging his former employer's computer systems. Casey K Umetsu, of Honolulu, Hawaii, has pleaded guilty to charges that he deliberately misdirected a financial company's email traffic and prevented customers from reaching its website in a failed...
Blog

Neither Pointless Nor Boring: Pop It and Lock It Down with CIS Controls

I’m delighted to share that I will be speaking for the first time at SecTor this year. The talk will be in Theatre 1 at 1:15pm on October 5th. In the session Neither Pointless Nor Boring: Pop It And Lock It Down With CIS Controls, I will be discussing the latest version of CIS Controls. There are 18 Controls in Version 8. We will review these before...
Blog

The UK Smart Grid: How It Started & How It’s Going

It’s no secret that if nations want to meet the Net Zero emission targets set by international organizations by 2050, there’s a lot of work to be done. In the UK, one of the key initiatives aimed at reducing emissions and increasing energy efficiency is the development of the Smart Grid. What Is the Smart Grid? In 2014, the Department of Energy...
Blog

How to Leverage NIST Cybersecurity Framework for Data Integrity

Together with the National Cybersecurity Center of Excellence (NCCoE), the National Institute of Standards and Technology (NIST) has released a series of practice guides that focuses on data integrity. Data integrity is the property that records have not been altered in an unauthorized manner. Tripwire is very proud to have contributed and...
Blog

The State of Cybersecurity has improved but is hardly flawless

For the record, it should be acknowledged from the start that there is no question that the cybersecurity landscape has improved over time, mostly courtesy of persistent increases in cyber spending year after year. Gartner estimates that the U.S. and the rest of the world will invest $172 billion in cybersecurity this year, up from $150 billion last...
Blog

Overheard at the SANS Security Awareness Summit 2022

People have become the primary attack vector for cyber attackers around the world. As the Verizon Data Breach Investigations Report 2022 indicates, it is humans rather than technology that now represent the greatest risk to organizations. According to the SANS 2022 Security Awareness Report, the top three security risks that security professionals...