Is this Jackie Brown or is it Tripwire? The reality is, it’s both. This is a powerful scene in Jackie Brown because it illustrates what Tripwire is all about in making sure that a golden image can be maintained via secure configuration management. But how would you know if it was changed?

Modern day Security Information and Event Management (SIEM) tooling enterprise security technology combine systems together for a comprehensive view of IT security. This can be tricky, so we’ve put together a simple SIEM tutorial to help you understand what a great SIEM provider will do for you. A SIEM’s responsibility is to collect, store, analyze, investigate and report on log and other data for incident response, forensics and regulatory compliance purposes.

Cybersecurity Infrastructure Security Agency (CISA) released Alert (AA20-302A) on October 28th called “Ransomware Activity Targeting the Healthcare and Public Health Sector.” This alert details TTPs associated with ongoing and possible imminent attacks against the Healthcare sector, and is a joint advisory in coordination with other U.S. Government agencies.

Several weeks ago, my good friend Katie Nickels (Director of Intelligence at Red Canary extraordinaire) and I were chatting about Ransomware. She was super interested and passionate about some new uses of a ransomware variant named “Ryuk” (first detected in 2018 and named after a manga/anime character) [1]. I was, to be honest, much less interested. It turns out, as usual, Katie was right; this was a big deal (although as you will see, I’m right too… still dull stuff!).

Bad bots are disrupting your website performance, reducing performance and speed. Bot activity, both good and bad, affects all industries including retail, online gambling and gaming and streaming. In our blog we discuss the detrimental impact of bots to your website performance and subsequently, the customer experience, with advice for detecting and mitigating bad bot activity.

APIs served as part of web and mobile applications are vital to enabling customers to interact with your business. However, it’s important to understand the impact on your business when these APIs are used in new, non-standard and potentially unintended ways. While APIs are usually written and intended for use with certain frontends (i.e. web application or mobile app), they are served publicly on the internet and are open to inspection by any interested party.

SMS phishing, or “Smishing,” is a mobile phishing attack that targets victims via the SMS messaging channel rather than through email. A natural evolution of the phishing phenomenon, smishing attacks attempt to dupe mobile users with phony text messages containing links to legitimate looking, but fraudulent, sites. These smishing sites try to steal credentials, propagate mobile malware, or perpetrate fraud.

The Federal Risk and Authorization Management Program (FedRAMP) is a compliance program established by the US government that sets a baseline for cloud products and services regarding their approach to authorization, security assessment, and continuous monitoring.

Netskope Threat Labs is warning users to be careful of spam messages being shared via Google Docs. The spam messages come in the form of a comment on a document or presentations and are sent by [email protected]. Both the comment and the document link the user to a spam or scam website. Because the messages are sent by Google Docs, it is likely that your spam filters do not detect and block these messages. In fact, docs.google.com may be explicitly allowed by your spam filters.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Once again the impact of this COVID pandemic claims another. Cast your minds back to earlier in the yearn (or was it last year now – feels like it) with the sudden burst in use of Zoom and House Party causing all sorts of issues.