Polymorphic and metamorphic malware constantly changes itself in order to avoid detection and persistently remain on the system. This adaptive behavior is the main distinctive attribute of these types of malware, which is also why they are harder to detect; it is also why they pose a great threat to systems. On the surface, the functionality of this sort of changing and mutating malware appears the same, but each has its own differences.

I’m going to jump on board the Artificial Intelligence/Machine Learning (AI/ML) bandwagon in this blog and talk about why I’m excited about some of the prospects for this being applied to the compliance and file integrity monitoring data that Tripwire has been specialising in for many years.

Gabrielle is a security engineer. She deploys tools to scan for threats and vulnerabilities, read logs, and manage the security risks for her company, but is all that data really helping? Sometimes, it seems like she works in a noise factory instead of a SOC. The cacophony of all the log and event data and vulnerability scans are pouring into the SIEM, and it’s Gabrielle’s job to listen to the symphony of data and find the out-of-tune notes.

The Artificial intelligence (AI) based language model, ChatGPT, has gained a lot of attention recently, and rightfully so. It is arguably the most widely popular technical innovation since the introduction of the now ubiquitous smart speakers in our homes that enable us to call out a question and receive an instant answer. But what is it, and why is it relevant to cyber security and data protection?

The US Cybersecurity and Infrastructure Security Agency (CISA), FBI, and others have issued a joint alert, advising organisations of the steps they should take to mitigate the threat posed by BianLian ransomware attacks. BianLian, which has been targeting different industry sectors since June 2022, is a ransomware developer, deployer and data extortion group which has predominantly targeted enterprises.

‘A ship in port is safe, but that's not what ships are built for,’ said Dr. Grace Hopper, Rear Admiral of the US Navy and a computer pioneer. As soon as the ship leaves the harbor, or even the dock, there are risks. Depending on conditions and purposes, the ship's crew might decide they are negligible, that they can be recovered from, or that the potential rewards are worth the risk. The same ideas can be applied to computers.

Zero Trust seems to no longer command the volume of articles that once set it up as a trend that promised a bright new future for security. This is in part because security is a journey. Rushed implementations and low returns often result in burnout with new technology, and generally the real work happens in the quiet stages when analysts and consultants are putting together the tooling and playbooks that deliver true value and not just a “checkbox outcome.”

While there are an estimated 30,000 daily cyber attacks on business websites, there are roughly ten times as many attacks against social media accounts every single day, equating to roughly 1.4 billion accounts every month. Social media attacks and scams have become pervasive problems, with threat actors finding innovative new ways to deceive users and steal their information.

2023 started much the same as the year before, with state legislatures producing an impressive list of privacy-related bills in the U.S. Twenty-three states introduced comprehensive privacy legislation, with many more targeted privacy bills being considered as well. Iowa's governor signed the sixth comprehensive privacy law to close out the quarter.

In our webinar, Insights for Navigating PCI DSS 4.0 Milestones, we discuss some of the challenges organizations face as they try to comprehend the new requirements of PCI DSS 4.0.