Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In today’s dynamic IT environments, securing and maintaining the integrity of your systems is critical. Fortra’s Tripwire Enterprise is a robust tool designed to help organizations ensure compliance and security by continuously monitoring the configuration and behavior of their IT assets. When deploying Tripwire, a common question arises: should you prioritize monitoring applications, operating systems, or both?

Ransomware has become more than a threat—it's a calculated assault on industries, wielding AI-driven precision to bypass traditional defenses. Attackers adapt faster than ever, turning cybersecurity into a high-stakes race where falling behind isn't an option. As we step into 2025, organizations face an urgent need to outthink and outmaneuver these evolving adversarial attacks.

The US Coast Guard has been urged to improve the cybersecurity infrastructure of the Maritime Transportation System (MTS), which includes ports, waterways, and vessels essential for transporting over $5.4 trillion worth of goods annually.

Modern factories are increasingly relying on Industrial Internet of Things (IIoT) solutions. This shift is beneficial in many regards, including higher efficiency and transparency, but it also introduces unique cybersecurity concerns. Better vulnerability management for IIoT systems is essential if companies hope to make the most of this technology. The White House’s 2024 cybersecurity report named critical infrastructure risks and supply chain exploits as two of the top threats facing the U.S.

By now, we should all be pretty well acquainted with phishing scams. They've been around for a very long time—nearly 30 years, in fact—and are the primary focus of most security awareness training programs and initiatives. Despite this, phishing remains remarkably effective, with over 90% of successful cyberattacks beginning with a phishing email. Why? Because these scams are constantly evolving. To protect against the next wave of phishing scams, it's important to understand them.

Today, I will be going over Control 2 from version 8.1 of the top 18 CIS Controls – Inventory and Control of Software Assets. I will go over the seven safeguards and offer my thoughts on what I’ve found.

Building a vulnerability management (VM) program from the ground up is no small feat. It requires technical expertise, organizational buy-in, and a clear roadmap. In recent months, I’ve been working with a client who had to discard their legacy approach and start afresh. We came to realize just how many components have to come together to get a decent start on a VM project while also showing value along the way.

In early December 2024, the UK's National Cyber Security Center (NCSC) released its eighth Annual Review. While the report's primary focus is to recap the NCSC's activities over the past year, it also offers invaluable insights into how the UK thinks about and plans to act on cybersecurity. In this article, we'll look at a few of its key takeaways.

QR codes have revolutionized digital interactions, offering quick access to websites and services and adding a layer of security to many apps. These quick and seemingly innocent codes are everywhere — however, their widespread use has made them a prime target for scammers. The corruption QR codes leaves everyone vulnerable. However, there are simple methods to protect against this threat.

British legal professionals have seen a "significant surge" in data breaches, according to new research from NetDocuments, a firm that provides a cloud-based content management platform for the legal sector. The firm has described how it analysed data from the UK regulator the Information Commissioner's Office (ICO), and discovered that the number of data breaches in the country's legal sector had grown by 39% between Q3 2023 and Q2 2024 to 2,284 cases, compared to 1,633 the same period 12 months earlier.