Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Organizational leaders have generally viewed cybersecurity as a costly yet essential business function and recognize that Chief Information Security Officers (CISOs) and other cyber leaders make strategic decisions to safeguard the company's digital assets. Still, until recently, these higher-level executives have never sought to make sense of the technical cyber activities in a broader business context, believing their value to be too complex to discern. ‍

In the previous post, we’ve discussed how passive OS identification can be done based on different network protocols. We’ve also used the OSI model to categorize the different indicators and prioritize them based on reliability and granularity. In this post, we will focus on the network and transport layers and introduce a machine learning OS identification model based on TCP/IP header values.

We closed out 2023 by rolling out more enhancements to the Vanta platform, including Updates to Automated Tests, 8 new integrations, GDPR with EU-US Data Privacy Framework, and more: ‍ ‍

Note: These vulnerabilities remain under active exploitation, and Kroll experts are investigating. If further details are uncovered by our team, updates will be made to the Kroll Cyber Risk blog. Two zero-day vulnerabilities have been discovered in Ivanti Connect Secure (ICS), formerly known as Pulse Connect Secure and Ivanti Policy Secure gateways.

At Tripwire's recent Energy and NERC Compliance Working Group, we had the opportunity to speak with the Manager of Gas Measurement, Controls, & Cybersecurity at a large energy company. More specifically, we focused on SCADA and field assets of gas Operational Technology. The experience at the management level of such an organization provided a wealth of knowledge for the attendees.

A WordPress plugin used on over 300,000 websites has been found to contain vulnerabilities that could allow hackers to seize control. Security researchers at Wordfence found two critical flaws in the POST SMTP Mailer plugin. The first flaw made it possible for attackers to reset the plugin's authentication API key and view sensitive logs (including password reset emails) on the affected website. A malicious hacker exploiting the flaw could access the key after triggering a password reset.

Cyber extortion is a category of cybercrime that involves digitally threatening or coercing someone to do something against their will. Cyber extortion typically disables an organization’s operations or exposes an entity’s valuable assets such as confidential data, intellectual property or infrastructure systems. A cybercriminal will then threaten organizations or individuals to pay a ransom to prevent further cyber attacks or regain access to their sensitive files or operations.