The FIN7 APT group has been targeting businesses with malicious USB drives and Teddy Bears sent to the victims, the FBI warns. The FBI is warning of a new wave of attacks carried out by the FIN7 APT group that is sending to the victims devices acting as a keyboard (HID Emulator USB) when plugged into a computer. “Recently, the cybercriminal grou

As employers rapidly respond to the need to protect their workforces from potential exposure and spread of the novel coronavirus, also known as COVID-19, many organizations are making the very difficult decision to pivot to a work-from-home model. This means employees will be connecting to corporate networks from whichever device is available: laptops, phone

There’s an interesting trend that I have personally noticed over the past few years: organizations are starting to take cybersecurity more seriously. With the multitude of high-profile data breaches, organizations are starting to realize that cybersecurity is a significant risk to the business. This allows CISOs and other similar titles with leadership respo

Outside the coronavirus pandemic and its related healthcare and economic fallout, climate change and cybersecurity are seen by many as the two most urgent problems facing our planet now and in the near future. They are two distinct and separate problems, to be sure. There are some areas, however, where security and climate change overlap, interlock, and infl

The skills gap is weighing heavily on the minds of digital security team members. In a survey of 342 security professionals, Tripwire found that 83% of infosec personnel felt more overworked in 2020 than they did a year earlier. An even greater percentage (85%) stated that it had become more difficult for their organizations to hire skilled security professi

Together with the National Cybersecurity Center of Excellence (NCCoE), the National Institute of Standards and Technology (NIST) has released a series of practice guides that focuses on data integrity: the property that data has not been altered in an unauthorized manner. Tripwire is very proud to have contributed and collaborated with other technology vendo

In an ever-evolving security world, we to need to secure more with even fewer resources. While the cybersecurity skills gap increases, leaving “350,000 U.S. cybersecurity jobs unfilled yearly,” it is vital to work together to protect our environments and educate others. Creating a customer community can do just that. Having a digital space with l

In recent years, various attacks have been performed to highlight security concerns about evolving smart cars. In particular, remote hacks took a lot of attention in 2015 when two security researchers hijacked the car’s infotainment system and demonstrated how to manipulate smart car functions. Such attacks elevate the risks associated with the smart car sys

Threat modeling is a process by which potential threats can be identified, enumerated and prioritized, all from a hypothetical attacker’s point of view. The purpose of threat modeling is to provide defenders with a systematic analysis of the probable attacker’s profile, the most likely attack vectors and the assets most desired by an attacker. Ef

The recently published IBM X-Force Threat Intelligence Index 2020 pointed out that over 8.5 billion records were compromised in 2019, a figure that’s more than 200 percent greater than the number of records lost in 2018. It also determined that scanning and exploitation of vulnerabilities have increased from just 8 percent of attacks in 2018 to nearly

byPaul DucklinA trio of researchers from Singapore just published a paper detailing a number of security holes they discovered in Bluetooth chips from several different vendors.The good news is that they disclosed the holes responsibly back in 2019 and waited 90 days – a sort-of industry standard period popularised by Google’s Project Zero team &

It’s that time of year again, where we look back at, and reflect on, the previous 12 months. In that spirit, here’s the BH Consulting review of 2019. The roundup we present is our take on cybersecurity, data protection and privacy issues.  As regular readers will know, we don’t aim to be a website of record when it comes to chronicling the latest malware out

Security is a busy field, and 2019 was no exception. Following last week’s blog looking back at the first six months of the year, here’s the second part covering cybersecurity, data protection and privacy stories that emerged between July and December.  July Summertime and the living wasn’t easy if your company was called BA or Marriott. The UK Information C

As cybersecurity gets more attention in businesses and organisations, the need for a Chief Information Security Officer (CISO) has come into focus. In the past, many organisations tackled security piecemeal, as a series of point-in-time exercises, but some now realise they need a dedicated resource to manage their security on a consistent, ongoing basis. Man

The Irish Government has published its five-year plan for ensuring its infrastructure and computer networks are “resilient, safe and secure”. The new National Cyber Security Strategy 2019-2024 is an update to the first strategy which was published in 2015. Here’s our analysis of the plan. The 60-page strategy paper [PDF] sets out a series of 20 measures unde