Digital attackers are sending around love-themed malicious emails in an attempt to infect recipients with the Nemty ransomware.If you’ve been kicking around in the world of IT security for more years than you’d like to admit, then you’ll surely remember the ILOVEYOU virus (also known as the “Love Bug” or “Loveletter”

During the past year, we have witnessed significant data breaches that have impacted industries ranging from hospitality to legal to social media. We have seen a continuation of financially motivated threats, such as business email compromise (BEC), which continue to plague corporate bank accounts. Ransomware has brought multiple cities, schools and universi

Not all attackers are trying to exfiltrate data. In security, we’re all familiar with CIA triad—confidentiality, availability, and integrity. While Exfiltration describes adversarial behavior with the goal of violating confidentiality, attackers may look to manipulate, interrupt, or destroy your systems and data. The Impact tactic describes techniques that a

If you want to become a digital forensic expert, be aware that when entering the field, you will be presented with an abundance of information that you will not know. It is a wonderfully challenging career path. Some believe that having the title of a cybersecurity professional (e.g. digital forensics expert, cybersecurity analyst, incident response commande

Over 10 million people who have stayed at MGM Resorts hotels – including Twitter boss Jack Dorsey and pop idol Justin Bieber – have had their personal details posted online by hackers.The security breach, publicised by ZDNet and security researcher Under the Breach, saw the records of 10,683,188 former guests – including names, postal addre

Security researchers observed samples of the AZORult trojan disguising themselves as fake ProtonVPN installers for distribution.Back in November 2019, malicious actors launched this attack campaign by registering the domain “protonvpn[.]store” with a registrar based in Russia.One iteration of the campaign used malvertising as its initial infectio

How Is YARA used?Historically, common detection methods have used file hashes (MD5, SHA1, and SHA256)—unique signatures based on the entire contents of the file—to identify malware. Modern threat actors have increased in sophistication to a point where every instance of a given malware will have a different hash, and that hash will vary from machine to machi

As if Puerto Rico wasn’t having a hard enough time as it attempts to recover from a recession, the damage caused by devastating hurricanes in recent years, and a damaging earthquake last month, it now finds itself being exploited by cybercriminals.According to media reports, the government of the US island territory has lost more than US $2.6 million a

What is cyber resilience? If you search the definition within the Oxford Dictionary, resilience alone is defined as “the capacity to recover quickly from difficulties; toughness.” If you narrow the definition down to cyber resilience, it shifts to maintaining vs recovery. As noted on Wikipedia, it becomes “the ability to provide and maintain an acceptable le

You’ve seen the high-level stats on the cybersecurity skills gap, but I’ll remind you of some of the main ones from the (ISC)2 Cybersecurity Workforce Study:In the United States, the cybersecurity workforce gap is nearly 500,000.The cybersecurity workforce needs to grow by 62% in order to meet the demands of U.S. businesses today.The global cybersecurity wor

Companies are facing increased and complex cybersecurity challenges in today’s interconnected digital economy. The cyber threats have become more sophisticated and may harm a company via innovative new forms of malware, through the compromise of global supply chains or by criminal and hostile state actors. The hard truth is that it is difficult to counter th

Each year on January 28, the United States, Canada, Israel and 47 European countries observe Data Privacy Day. The purpose of Data Privacy Day is to inspire dialogue on the importance of online privacy. These discussions also seek to inspire individuals and businesses to take action in an effort to respect privacy, safeguard data and enable trust.In observan

Listen and subscribe to our new podcast! Tripwire’s cybersecurity podcast features 20-minute conversations with the people who protect people from cyber threats. Hosted by Tripwire’s VP of Product Management and Strategy, Tim Erlin, each episode brings on a new guest to explore the evolving threat landscape, technology trends, and cybersecurity best practice

An investigation claims that the UK’s National Health Service, which was hit hard by the notorious WannaCry worm in 2017, has seen a marked fall in ransomware attacks since.A report published by Comparitech, based upon Freedom of Information requests, reveals the somewhat surprising news that since WannaCry there have only been six recorded ransomware

It may not be the most efficient way to steal data from an organisation, let alone the most practical, but researchers at Ben-Gurion University in Israel have once again detailed an imaginative way to exfiltrate information from an air-gapped computer.And this time they haven’t done it by listening to a PC’s fan, or watching the blinking LED ligh