REvil is one of the most notorious ransomware groups in the world. Also known as Sodin and Sodinokibi, REvil has made a name for itself extorting large amounts of money from businesses, operating as a ransomware-as-a-service (RAAS) business model that sees it share its profits with affiliates who break into networks and negotiate with victims on the group’s behalf.

CIS Control 6 merges some aspects of CIS Control 4 (admin privileges) and CIS Control 14 (access based on need to know) into a single access control management group. Access control management is a critical component in maintaining information and system security, restricting access to assets based on role and need. It is important to grant, refuse, and remove access in a standardized, timely, and repeatable way across an entire organization.

The skills gap continues to challenge organizations’ ability to fulfill their evolving cybersecurity requirements. Tripwire confirmed this back in 2020 when it partnered with Dimensional Research to survey 342 security professionals. Indeed, 83% of respondents told Tripwire that they felt more overworked going into 2020 than they did a year earlier.

In today’s world with cyber attacks hitting the headlines daily, cybersecurity is at the forefront of many business owners’ minds, but implementing the right solutions and knowing what to do to reduce your risk is a big challenge for decision makers in these organizations. The task is even harder for small- to medium-sized businesses (SMB) that tend to lack extensive budgets and resources needed for implementing the most effective and high-brow cybersecurity solutions on the market.

“Say ‘Ta,’” said Mamma Bear. “Ta,” said Baby Bear. He then dropped the mug of blackcurrant juice by accident. “What have you done?” exclaimed Daddy Bear. “The carpet is RUINED!!” Baby Bear felt a great sense of something disturbing, and this wasn’t a thousand voices suddenly being silenced. This was much deeper. This hurt, and Daddy Bear’s face was angry, disappointed. He was panicking about some purple stuff on the carpet.

The US Government has underlined once again that it continues to strongly discourage organisations hit by ransomware from giving in to extortion demands. In an updated advisory, the Department of Treasury’s Office of Foreign Assets Control (OFAC) has called upon businesses not to pay ransoms, and to focus on cybersecurity measures that can prevent or mitigate ransomware attacks.

Knowing who has credentials, how those credentials are granted, and how they are being used is the foundation of any secure environment. It begins with user accounts and the credentials they use. Maintaining a thorough inventory of all accounts and verifying any changes to those accounts as authorized and intentional vs unintended is paramount to establishing a secure environment and this includes service accounts.

The General Data Protection Regulation (GDPR) Act is a broad set of data privacy rules that define how an organization must handle and protect the personal data of citizens of the European Union (EU). The Regulation also outlines the way that organizations can report a data breach. Articles 33 and 34 outline the requirements for breach notification; however, most businesses are still unaware of their responsibilities.

Data breaches have reached a fever pitch over the last few years. The rapid frequency of successful attacks coupled with the rising costs to businesses has raised attention at the highest levels of global governments. In the past, breaches were relatively “localized,” that is, they affected the targeted company only. However, the newer attacks have disrupted entire supply chains.

Cybersecurity has become a critical concern in every business sector nowadays due to organizations’ growing dependency on technologies. Research by Immersive Lab reported that in 2019 there were more than 20,000 new vulnerabilities. Not only that, TechRepublic reported that global companies experienced a 148% spike in ransomware attacks after COVID-19 hit the world. So, for most organizations, the question isn’t who will be the target of a cyber attack.

In 2021, there are two words that can send a cold chill down the spine of any Cybersecurity professional and business leader; Phishing and Ransomware. Research carried out by the Data Analytics and training company CybSafe, identified that 22% of all cyber incidents reported in the first quarter of 2021 were ransomware attacks. According to the figures obtained from the Information Commissioners Office, they are up by 11% compared to 2020.

The events of 2020 helped to accelerate the convergence between information technology (IT) and operational technology (OT) for many organizations. As reported by Help Net Security, for instance, two-thirds of IT and OT security professionals said in a 2020 survey that their IT and OT networks had become more interconnected in the wake of the pandemic.

Tripwire Enterprise (TE) is at its heart a baselining engine. It’s been built to take information, create a baseline of it, and show when that baseline has changed. (It’s called a “version” in TE terms.) TE starts with a baseline version designated by an organization’s security teams. At some point, a change version with new information (file, registry entry, RSoP, command output, or data captured in some other way) emerges.

Most fresh installs of operating systems or applications come with pre-configured settings that are usually insecure or not properly configured with security in mind. Use the leverage provided by multiple frameworks such as CIS Benchmarks or NIST NCP to find out if your organization needs to augment or adjust any baselines to become better aligned with policies your organization is trying to adhere to.

As part of our upcoming attendance at the International Cyber Expo & International Security Expo, we were lucky enough to sponsor The Cyber Security Webinar Series with Nineteen Group and Grey Hare Media. Both Philip Ingram MBE and Emanuel Ghebreyesus, strategic account director for Tripwire, spoke about several topics including: You can read some of the highlights from their conversation below.

What are the limits of online privacy and law enforcement? Can we clearly define them, or is this a vague and blurred area of debate? The fact is that as technology advances, the real and the virtual worlds are increasingly converging. Actions (or inactions) in the cyberspace introduce risks and threats for people, especially the most vulnerable ones, i.e. children and elders.

Talk to cybersecurity experts about cybercrime on their network, and they will mention malicious activity like scans, attacks, events, and incidents. Probably at some point, they will slip into geek-speak with a vast array of confusing acronyms and jargon while explaining tactics and techniques by referencing infamous attacks, Internal protocols, and industry shorthand.

In a security advisory, Microsoft has warned that malicious hackers are exploiting an unpatched vulnerability in Windows to launch targeted attacks against organisations. The security hole, dubbed CVE-2021-40444, is a previously unknown remote code execution vulnerability in MSHTML, a core component of Windows which helps render web-based content. According to Microsoft, attacks exploiting the vulnerability have targeted companies via boobytrapped Microsoft Office documents.

For many years, there was a wide misunderstanding that encrypting some data is equivalent to protecting that data. If it’s encrypted, so the thinking goes, nobody else could access it, and it is therefore safe. While it is critical to encrypt data at rest as well as in transit, the job of protecting data goes much deeper.

The Internet of Things (IoT) includes items such as smart appliances, smartwatches, and medical sensors. For organizations to enjoy all of the benefits and convenience of IoT devices, enterprise customers must fully understand the potential risks and threats to their systems and the underlying data. IoT devices often lack built-in security controls, a situation which creates risks and threats for federal agencies and consumers.

To remain competitive in the digital age, organizations frequently introduce new hardware devices and software installations to their IT environments. The problem is that these assets might suffer from vulnerabilities that attackers could misuse, if unpatched, to change a device’s configuration or make unauthorized modifications to some of the organization’s important files.

Remember your first day on the job? You might groan just thinking about it, or maybe you are filled with the optimistic nostalgia of all the great things you set out to accomplish. It’s all a matter of your current perspective. One of the greatest apprehensions about that first day is meeting all of your new colleagues. Someone probably gave you a tour of the office, introducing you to all the new faces, as you wondered how you will remember all the names.

Data breaches are now part of doing business, with many companies having been affected. Data is very valuable to criminals because it is often used to commit fraudulent activities as well as to enhance the credibility of scams. Data that is stolen ranges from Social Security Numbers (SSNs) to other identification documents and payment details.

On May 13, Verizon released its Data Breach Investigations Report (DBIR) 2021. This annual publication serves many purposes. It yields context into what security analysts are seeing, for instance. But it also affects organizations’ security postures at an even higher level. Here’s Anthony Israel-Davis, research and development manager at Tripwire, with more: Of course, there are only so many initiatives that organizations can take on each year.

The FBI and CISA (the Cybersecurity and Infrastructure Security Agency) have jointly issued an advisory to organisations, warning about an increase in the number of attacks coinciding with weekends and holidays. With the Labor Day weekend rapidly approaching, the agencies have reminded businesses to be especially vigilant, remain diligent about their network defences, and “engage in preemptive threat hunting on their networks to search for signs of threat actors.”

Cloud technology is a powerful tool with unmeasurable potential. Across the globe, companies are harnessing the cloud to propel their business solutions. However, there are always some companies that cannot entirely shift their solutions to the cloud. Thanks to the hybrid cloud model, companies house some of their solutions on their on-premises servers and store the rest of them in the cloud. Most companies have adopted the hybrid cloud model, as it suits both conventional and new-age operations.

Today, I will be going over CIS Control 2 from version 8 of the top 18 CIS Controls – Inventory and Control of Software Assets. Version 7 of CIS Controls had 10 requirements, but in version 8, it’s simplified down to seven safeguards. I will go over those safeguards and offer my thoughts on what I’ve found.