Blog

Blog

Dark Overlord collaborator imprisoned for trading stolen identities

A Canadian man has been handed a three year prison sentence after being found guilty of buying and selling over 1700 stolen identities on a dark web marketplace. 29-year-old Slava Dmitriev, who went by the online handle of "GoldenAce", bought and sold individuals' personal private information, including social security numbers, on the AlphaBay dark...
Blog

What Data Privacy Day 2022 Means for Individuals

Data Privacy Day (DPD) is January 28. Sounds exciting, right? I'm sure you've got the pinata stuffed and the presents on the way. What is DPD about? It's all about me! We generally don't like to use this phrase. It's considered selfish and arrogant, leading others to dislike us. But in the case of data privacy, it’s acceptable. Personally, I’m...
Blog

Cybersecurity Laws – Get Ready Today to Save Some Money Tomorrow

It looks likely that the UK will join a growing number of nations promoting cybersecurity’s importance for businesses including the introduction of new laws. Amongst the proposals being considered are adding new powers to the UK Cyber Security Council that could significantly change the reporting requirements associated with security incidents. From...
Blog

ICS Security: What It Is and Why It's a Challenge for Organizations

Industrial control systems (ICS) are specific kinds of assets and associated instrumentation that help to oversee industrial processes. According to the National Institute of Standards and Technology, there are three common types of ICS. These are supervisory control and data acquisition (SCADA) systems, which help organizations to control dispersed...
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of January 17, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of January 17, 2022. We’ve also included the comments from a few folks here at Tripwire VERT. Root-Level RCE Vulnerability...
Blog

ISO27001:2021 – A New Way of Working

It has been a long time coming! The upgrade to the international standard for information security management systems, ISO27001:2013, is here (almost). Hallelujah! If you're reading this article, then there's a reasonable assumption that you know what ISO27001 is and you're not going to be too worried about the back story. But let's all be clear...
Blog

Kubernetes Incident Response: Building Your Strategy

Kubernetes is the popular container orchestration platform developed by Google to manage large-scale containerized applications. Kubernetes manages microservices applications over a distributed cluster of nodes. It is very resilient and supports scaling, rollback, zero downtime, and self-healing containers.The primary aim of Kubernetes is to mask the...
Blog

Jail for prolific romance fraudster who fleeced besotted lonely hearts

To his victims, he was "Tony Eden," a middle-aged white man looking for romance online while working overseas for a drilling company. In reality, he was a school caretaker named Osagie Aigbonohan. Originally from Lagos, Nigeria, he was part of a criminal gang with links to the notorious "Black Axe" group. Southwark Crown Court in London sentenced...
Blog

Designing a 100-Day Sprint for OT Cybersecurity: What to Consider

As we begin a new year, many organizations will enter a “goal-setting and strategic planning” season. During this time, individuals are re-energized and motivated to record new accomplishments for their professional development. Traditional corporate goal setting aligns with fiscal calendars and forces companies and individuals to build goals in...
Blog

How to Fulfill Multiple Compliance Objectives Using the CIS Controls

Earlier this year, I wrote about what’s new in Version 8 of the Center for Internet Security’s Critical Security Controls (CIS Controls). An international consortium of security professionals first created the CIS Controls back in 2008. Since then, the security community has continued to update the CIS Controls to keep pace with the evolution of...
Blog

The Supply Chain Needs Better Cybersecurity and Risk Management

The supply chain is under a historic amount of pressure, but the strain on its cybersecurity and risk management may be in even worse condition. As 2021 draws to a close, the global supply chain is in a state comparable to rush-hour traffic in bad weather. Everything seems to be backed up whether due to supply and demand issues, wait times at...
Blog

Why Is It Important to Invest in OT Cybersecurity for 2022?

As we enter 2022, it’s important that organizations invest in cybersecurity for their operational technology (OT) systems. Why? One of the reasons is that Industry 4.0 can sometimes introduce more risk for OT. This is evident in several Industry 4.0 market trends. For example, there’s digital twin infrastructure. That’s where you make a digital...
Blog

How Should Organizations Tackle Their Data Privacy Requirements?

Data is among the most valuable assets that need to be safeguarded at all costs. But in the digitally-driven business world, cybercrimes are prevalent, making data protection and data privacy a main focal point. The increasing use of technology and the growing exposure to evolving cyber threats have dramatically changed the data security and privacy...
Blog

Malicious USB drives are being posted to businesses

A notorious cybercrime gang, involved in a series of high profile ransomware attacks, has in recent months been sending out poisoned USB devices to US organisations. As The Record reports, the FBI has warned that FIN7 – the well-organised cybercrime group believed to behind the Darkside and BlackMatter ransomware operations - has been mailing...
Blog

The 5 Stages of a Credential Stuffing Attack

Collecting Credentials Many of us are fond of collecting things, but not everyone is excited about Collections #1-5. In 2019, these Collections, composed of ca. 932 GB of data containing billions of email addresses and their passwords, made their way around the Internet. These collections weren't breaches but compilations of emails and passwords...
Blog

VERT Threat Alert: January 2022 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s January 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-981 on Wednesday, January 12th. In-The-Wild & Disclosed CVEs CVE-2022-21919 This vulnerability was a bypass to CVE-2021-34484, released by the same researcher, Abdelhamid Naceri. The...