Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

December 2022

The Future of Connected, Autonomous, Shared, and Electric (CASE) Vehicles is Upon Us.

The popularity of electric vehicles is partly a response to the desire of achieving sustainability and carbon footprint reduction. Automobile manufacturers are making substantial investments to tackle emissions issues, create environment-friendly vehicles, and align with Environmental, Social, and Governance (ESG) requirements. To achieve brand edge and investment appeal, automakers market ESG as a business strategy.

2022 in Cybersecurity - That's a Trap

Are you sitting comfortably? Then let us begin… No, this isn’t the start of some Christmas fairy tale… it’s how I begin reading most reports which cover the last 12 months in Cybersecurity, and there are quite a few to look at. But for me, the one I value most is the ENSIA Threat landscape (ETL) report, which is now in its tenth year.

Are passwords really as safe as we think?

Passwords are the most basic and common authentication method used to secure access to systems. But the process of using and maintaining secure passwords for numerous platforms can be quite tedious. According to Verizon`s 2020 Data Breach Investigation Report, weak, and re-used passwords resulted in 81% of data breaches. Apart from that, there are many more vulnerabilities and risks related to passwords, passwords are an increasingly unsuitable authentication option.

Don't click too quick! FBI warns of malicious search engine ads

The FBI is warning US consumers that cybercriminals are placing ads in search engine results that impersonate well-known brands, in an attempt to spread ransomware and steal financial information. In a public service announcement issued this week, the FBI describes how cybercriminals are purchasing ads that show up at the very top of search engine results, often purporting to link to a legitimate company's website.

Simple Steps to Avoid Phishing Attacks During This Festive season

There’s usually a surge in online activities during festive periods. People place gift orders and send funds to loved ones, and organizations roll out offers that reflect the spirit of the festivity. Threat actors will usually take advantage of this activity to sneak past your defenses. By convincingly impersonating any of these legitimate offers, they can gain access to an organization's network, and wreak havoc.

Insight into The 2022 Vulnerability Management Report

This year marks the release of the first 2022 Vulnerability Management Report from Fortra. The report, which was conducted in September 2022, is based on a comprehensive survey of over 390 cybersecurity professionals with the goal of gaining insights into the latest trends, key challenges, and vulnerability management solution preferences.

Tripwire & Towerline: Easing the burden of the NERC CIP audit process

When we speak of necessary evils, some images readily spring to mind. A dental appointment, automobile insurance, and many others. In cybersecurity, audits fit this image quite well. There are many uncomfortable aspects of audits, including the need to maintain accurate records, as well as finding the time to perform all the work required to satisfy the auditors.

Beware a Swarm of Scams this Holiday Season

Call her Linda Leesburg. Fresh out of graduate school and starting her first serious job, she decided to buy some kitchen utensils and related items, including a dish set, cookware, silverware and a coffee maker, to outfit the kitchen of her new apartment. She could easily buy these products at a local store, but she discovered a store online that offered them at an unusually low price.

How FIM Protects Assets in a Borderless World

Recent advancements in the digital landscape have led to a new kind of paradigm, one where enterprise perimeters are no longer clearly defined or limited. The rapid uptake of remote working, cloud, and IoT led to these prominent shifts, resulting in users, applications, and data no longer residing exclusively within the perimeters of the enterprise. This has led to enterprise perimeters becoming “borderless”.

National Cyber Security Centre (NCSC) annual review 2022: Highlights and thoughts

The National Cyber Security Centre (NCSC) is the UK’s technical authority for cybersecurity. Established in 2016, it has worked to improve online safety and security, and has brought clarity and insight to an increasingly complex online world. In its 6th annual review, it gives insights to its understanding of the cyber environment affecting the UK. One of the most important roles of the NCSC is to identify, monitor, and analyse key cybersecurity threats, risks, and vulnerabilities.

Latest Cyber Guidance for Retailers from NCSC

The National Cyber Security Centre (NCSC) recently published important cybersecurity guidance to help protect retailers, which comes right as the holiday shopping season is in full swing. Retail organizations are no strangers to cyber attacks. In fact, some recent large-scale retail industry cyber attacks have included popular brands such as Guess, Under Armour, CVS Health, Home Depot, and Target.

How to deal with cyberattacks this holiday season

The holiday season has arrived, and cyberattacks are expected to increase with the upcoming celebratory events. According to The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) 2022 Holiday Season Threat Trends and summary report, ransomware and phishing attacks are expected to increase in retail. With the FIFA World Cup 2022, many cybersecurity experts have advised heightened caution about online impersonation scams and phishing campaigns.

Operation Power Off: 50 DDoS-services taken offline in international crackdown

Law enforcement agencies in the United States, UK, Netherlands, Poland, and Germany have brought down the most popular DDoS-for-hire services on the internet, responsible for tens of millions of attacks against websites. 50 of the world's biggest "booter" sites used to launch disruptive distributed denial-of-service attacks have been taken down as part of "Operation Power Off" - a joint action by the US Department of Justice, FBI, the UK's National Crime Agency, and their equivalents.

Six Tips for Safe Enterprise Networks

Network security is a significant topic that all organizations should consider as a major concern. Regardless of the industry, business, or scope of their operations, all enterprises need to have good network security practices in place to protect against cyberattacks. There are a plethora of different security solutions for different needs, and organizations have to figure out what will work best for them and use the resources that they require.

2023 Cybersecurity Almanac

As we walk towards the end of 2022, full-scale predictions are made about the trends for cybersecurity in the upcoming year: how will cybersecurity affect us, what major cyber threats will dominate the landscape, and, where shall we allocate cybersecurity budgets? Above all, what can we do to secure our businesses and protect our tangible and intangible assets from cybercriminals’ activities?

CISO interview with Darren Desmond, the CISO with the Automobile Association in the UK

Philip Ingram (PI) talked to Darren Desmond (DD). Darren currently works with the Automobile Association (AA) in the UK as the Chief Information Security Officer (CISO), joining in 2018. He started his professional career in the British Army's Royal Military Police, before a stint in the Special Investigation Branch, and Military Intelligence.

Cybersecurity challenges facing SMBs and steps to protect them

Businesses come in many different sizes, yet, they all share one similarity; the growing need for cybersecurity in today’s ever-changing technology landscape. While large companies with robust security infrastructure and experience may ward off many aspiring cybercriminals, small to medium-sized businesses (SMBs) prove to be ideal targets.

Tripwire Enterprise Use Cases: Advanced Control

During my time as a cybersecurity admin, I had the authority to decide what was going to be done, but I didn’t have the access to configure or install my own software. To make matters worse, despite having authority over the implementation, I was also held accountable for failures but again, without the necessary access to fix issues. This created a lot of tension between myself and the teams I relied upon to handle implementation details.

So You Want to Achieve NERC CIP-013-1 Compliance...

As the world is preparing for the winter of 2022, energy efficiency and availability becomes a major concern for all countries and governments. The electric grid is a vital sector, and any malfunctions will create ripple effects on any nation’s economy. As the grid is heavily dependent on cyber-enabled technologies and a vast chain of suppliers, contractors and partners, the ability to safeguard the availability and reliability of the grid is crucial.

Malicious hackers exploit Seoul Halloween tragedy in zero-day attack

Malicious hackers, hell-bent on infiltrating an organisation, have no qualms about exploiting even the most tragic events. Take, for instance, the horrific crowd crush that occurred in Seoul's nightlife district of Itaweon on 29 October, when over 150 people were killed during Halloween festivities.

Choosing the Right Industrial Cybersecurity Framework

It’s no surprise that industrial environments have become increasingly valuable targets for malicious behavior. The State of Security has featured many cybersecurity events across myriad industrial verticals, including but not limited to chemical manufacturing, transportation, power generation and petrochemical. Several of these industries have taken great strides in improving their defense posture, but this was primarily driven as a result of governmental regulatory compliance requirements.

How Do Cybercriminals Take Advantage of Instant Digital Payment Systems?

Digital payment systems are quickly becoming the norm. The speed and convenience of apps like PayPal and Apple Pay have led businesses and consumers to move away from cash, but this efficiency comes at a cost. These digital platforms are also attractive to cybercriminals. Mitigating any vulnerability starts with understanding how threat actors target it. With that in mind, here’s how cybercriminals take advantage of digital payment systems, and what you can do to stay safe.

How proper use of Identity and Access Management (IAM) can protect your organization from breaches.

In the world of security, authentication, and authorization methodologies are foundational aspects of defense. Authentication techniques protect against unlawful entry to systems through the verification of a user, and authorization either grants or denies the verified user’s access level.

How to Overcome Access Governance Challenges in Multi-Cloud Environments

Identity governance, also known as access governance, is an integral part of any enterprise data protection and compliance framework. Seamless and timely access to required systems or resources can significantly increase employees’ productivity and performance. However, excessive privileges or unmonitored user access can often lead to internal and external cybersecurity threats, such as insider attacks, data breaches, and unauthorized access.

Whoops! Researchers accidentally crash botnet used to launch DDoS and cryptomining campaigns

Researchers investigating a newly-discovered botnet have admitted that they "accidentally" broke it. In November, security experts at Akamai described a Golang-based botnet that they had discovered, hijacking PCs via SSH and weak credentials in order to launch distributed denial-of-service (DDoS) attacks and mine cryptocurrency.