|Why Is It Important to Invest in OT Cybersecurity for 2022?|
|Sat, 15 Jan 2022 04:01:00 +0000|
As we enter 2022, it’s important that organizations invest in cybersecurity for their operational technology (OT) systems. Why? One of the reasons is that Industry 4.0 can sometimes introduce more risk for OT. This is evident in several Industry 4.0 market trends. For example, there’s digital twin infrastructure. That’s where you make a digital copy […]… Read More
The post Why Is It Important to Invest in OT Cybersecurity for 2022? appeared first on The State of Security.
|How Should Organizations Tackle Their Data Privacy Requirements?|
|Sat, 15 Jan 2022 04:00:00 +0000|
Data is among the most valuable assets that need to be safeguarded at all costs. But in the digitally-driven business world, cybercrimes are prevalent, making data protection and data privacy a main focal point. The increasing use of technology and the growing exposure to evolving cyber threats have dramatically changed the data security and privacy […]… Read More
The post How Should Organizations Tackle Their Data Privacy Requirements? appeared first on The State of Security.
|Malicious USB drives are being posted to businesses|
|Thu, 13 Jan 2022 14:47:17 +0000|
A notorious cybercrime gang, involved in a series of high profile ransomware attacks, has in recent months been sending out poisoned USB devices to US organisations. As The Record reports, the FBI has warned that FIN7 – the well-organised cybercrime group believed to behind the Darkside and BlackMatter ransomware operations – has been mailing out […]… Read More
The post Malicious USB drives are being posted to businesses appeared first on The State of Security.
|The 5 Stages of a Credential Stuffing Attack|
|Thu, 13 Jan 2022 04:00:00 +0000|
Collecting Credentials Many of us are fond of collecting things, but not everyone is excited about Collections #1-5. In 2019, these Collections, composed of ca. 932 GB of data containing billions of email addresses and their passwords, made their way around the Internet. These collections weren’t breaches but compilations of emails and passwords that had […]… Read More
|VERT Threat Alert: January 2022 Patch Tuesday Analysis|
|Tue, 11 Jan 2022 23:50:11 +0000|
Today’s VERT Alert addresses Microsoft’s January 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-981 on Wednesday, January 12th. In-The-Wild & Disclosed CVEs CVE-2022-21919 This vulnerability was a bypass to CVE-2021-34484, released by the same researcher, Abdelhamid Naceri. The researcher first tweeted about the bypass on October […]… Read More
The post VERT Threat Alert: January 2022 Patch Tuesday Analysis appeared first on The State of Security.
|What Is FIM (File Integrity Monitoring)?|
|Tue, 11 Jan 2022 10:52:38 +0000|
Change is prolific in organizations’ IT environments. Hardware assets change. Software programs change. Configuration states change. Some of these modifications are authorized insofar as they occur during an organization’s regular patching cycle, while others cause concern by popping up unexpectedly. Organizations commonly respond to this dynamism by investing in asset discovery and secure configuration management […]… Read More
|Behind the Community Defense Model with the Center for Internet Security (CIS)|
|Mon, 10 Jan 2022 16:26:29 +0000|
In this episode, Curtis Dukes, executive vice president and general manager of the Center for Internet Security (CIS), explains the need for their Community Defense Model. He also details their process for designing their models as a non-profit organization. Spotify: https://open.spotify.com/show/5UDKiGLlzxhiGnd6FtvEnmStitcher: https://www.stitcher.com/podcast/the-tripwire-cybersecurity-podcastRSS: https://tripwire.libsyn.com/rssYouTube: https://www.youtube.com/playlist?list=PLgTfY3TXF9YKE9pUKp57pGSTaapTLpvC3 Every cybersecurity practitioner knows that there are some guidelines that are […]… Read More
The post Behind the Community Defense Model with the Center for Internet Security (CIS) appeared first on The State of Security.
|Tripwire Patch Priority Index for December 2021|
|Mon, 10 Jan 2022 09:45:21 +0000|
Tripwire’s December 2021 Patch Priority Index (PPI) brings together important vulnerabilities for Apache, Ubuntu Linux Kernel, and Microsoft. First on the patch priority list this month are patches for Apache Log4j2 vulnerabilities, most importantly for the Log4j2 “LogShell” remote code execution vulnerability. There are many attack vectors via various software applications due to Log4j2’s widespread […]… Read More
|How Will ISO 27701 and the GDPR Affect Your Organization?|
|Mon, 10 Jan 2022 04:01:00 +0000|
Companies today face increasing pressure to implement strong cybersecurity controls. While the U.S. has no comprehensive cybersecurity law, many organizations still fall under state, international, or industry regulations. Two of the most prominent controlling publications are the General Data Protection Regulation (GDPR), and the ISO 27701 standard. One has the force of law, and the […]… Read More
The post How Will ISO 27701 and the GDPR Affect Your Organization? appeared first on The State of Security.
|Can We Lighten the Cybersecurity Load for Heavy Industries?|
|Mon, 10 Jan 2022 04:00:00 +0000|
One of the biggest problems with the IT / OT convergence in critical infrastructure is that much of the legacy hardware cannot simply be patched to an acceptable compliance level. Recently, Sean Tufts, the practice director for Industrial Control Systems (ICS) and Internet of Things (IoT) security at Optiv, offered his perspectives on where the industry […]… Read More
The post Can We Lighten the Cybersecurity Load for Heavy Industries? appeared first on The State of Security.
|Attack Misuses Google Docs Comments to Spew Out “Massive Wave” of Malicious Links|
|Fri, 07 Jan 2022 14:46:49 +0000|
Security researchers say they have seen a “massive wave” of malicious hackers exploiting the comment feature in Google Docs to spread malicious content into the inboxes of unsuspecting targeted users. According to a blog post published by Avanan, the comments functionality of Google Docs, as well as its fellow Google Workplace web-based applications Google Sheets […]… Read More
The post Attack Misuses Google Docs Comments to Spew Out “Massive Wave” of Malicious Links appeared first on The State of Security.
|Key Considerations for Canada’s Forthcoming National Cyber Security Strategy|
|Thu, 06 Jan 2022 04:01:00 +0000|
On December 16, Prime Minister Justin Trudeau released mandate letters tasking his ministers of national defense, foreign affairs, public safety, and industry to develop a new “National Cyber Security Strategy.” He specifically highlighted the need for the strategy to “articulate Canada’s long-term strategy to protect our national security and economy, deter cyber threat actors, and […]… Read More
The post Key Considerations for Canada’s Forthcoming National Cyber Security Strategy appeared first on The State of Security.
|The Best of Both Worlds: Pairing Tripwire ExpertOps with Technical Account Management|
|Thu, 06 Jan 2022 04:00:00 +0000|
This won’t come as a surprise to anyone who’s spoken to me for more than five minutes, but I am a Doctor Who fan. In fact, “fan” is being kind. I’m hopelessly obsessed with the show to the point that more than one ‘Who’ actor has a restraining order out on me. The lead character, […]… Read More
The post The Best of Both Worlds: Pairing Tripwire ExpertOps with Technical Account Management appeared first on The State of Security.
|Tips, Advice, and Insights on Achieving Buy-in for Cybersecurity Projects|
|Wed, 05 Jan 2022 04:01:00 +0000|
A CISO’s job can be one of the most stressful in cybersecurity. It can sometimes feel like an avalanche of responsibilities, all in the pursuit of keeping an organization safe. The problem more often than not comes down to the issue of obtaining funding for new technology that can make the job easier. In reality, CISOs can’t […]… Read More
The post Tips, Advice, and Insights on Achieving Buy-in for Cybersecurity Projects appeared first on The State of Security.
|Integrity: A Key Facet of Zero Trust|
|Wed, 05 Jan 2022 04:00:00 +0000|
On May 12, The White House published its Executive Order (EO) on Improving the Nation’s Cybersecurity. The directive outlined a set of focus areas intended to improve cybersecurity for the federal government and critical infrastructure sectors including information sharing, supply chain security, endpoint detection and response, and cloud security. Of particular emphasis was the need […]… Read More
|Securing Smart Cities: What You Need to Know|
|Tue, 04 Jan 2022 04:04:00 +0000|
Due to urbanization, which involves a complex set of economic, demographic, social, cultural, technological, and environmental processes, governments are developing smart cities to address some of the challenges unique to urban areas. This development occurs through the transmission of data using wireless technology and the cloud. Smart cities are powered by technologies such as the Internet […]… Read More
|Not IT vs OT, but IT and OT|
|Tue, 04 Jan 2022 04:01:00 +0000|
IT environments have always been considered the forefront when it comes to cybersecurity, and OT environments have been the forefront when it comes to physical security. As more and more cyber threats are taking place, and with an increasing number recently focused on OT environments, everyone seems to be concerned with how to upscale and […]… Read More
|Improving Edge Computing Security in 2022|
|Fri, 31 Dec 2021 04:00:00 +0000|
More organizations are turning their eyes to edge computing as cloud adoption reaches new heights. Experts predict there will be 55 billion edge devices by 2022 as latency and resilience demands grow and 5G makes these networks possible. While this growth is impressive, it raises several security concerns. Edge computing expands attack surfaces, and data […]… Read More
|Will Zero Trust Shape the Future of Cloud Security?|
|Thu, 30 Dec 2021 04:00:00 +0000|
Zero trust is everywhere, and it will change the way we undertake security. Just as zero trust concepts are shaping the data center and our networks, they will shape cloud environments, as well. Many of the challenges of cloud security arose because we moved workloads to the cloud with no clear idea of how to […]… Read More
The post Will Zero Trust Shape the Future of Cloud Security? appeared first on The State of Security.
|Protect Your Organization by Cultivating a Culture of Cybersecurity Awareness|
|Wed, 29 Dec 2021 04:00:00 +0000|
The cybersecurity market offers excellent solutions and services to combat the threats that are exploited by cybercriminals. However, are these tools enough to fully protect an organization? It is clear that human error is a strong attack vector for many popular cybercrimes, so the best way to augment any security program is to create a cyber-aware workforce. After […]… Read More
The post Protect Your Organization by Cultivating a Culture of Cybersecurity Awareness appeared first on The State of Security.