Author: Admin

Security researchers have disclosed a serious and wide-ranging API vulnerability stemming from the incorrect implementation of Elastic Stack, which could create serious business risk for customers. Elastic Stack is a popular collection of open source search, analytics and data aggregation products, including Elasticsearch. Salt Security claimed that nearly every provider customer is affected by the vulnerability — which relates to design implementation flaws rather than a bug in Elastic Stack code itself. Its Salt Labs…

In this episode, Patrick Miller, Founder of Ampere Industrial Security, discusses what utilities and other industrial companies need to consider when it comes to the goldmines of data they’re collecting from their machines and customers. He also explains why security and privacy needs to be incorporated in these operations by design. Spotify: https://open.spotify.com/show/5UDKiGLlzxhiGnd6FtvEnmStitcher: https://www.stitcher.com/podcast/the-tripwire-cybersecurity-podcastRSS: https://tripwire.libsyn.com/rssYouTube: https://www.youtube.com/playlist?list=PLgTfY3TXF9YKE9pUKp57pGSTaapTLpvC3 Tim Erlin: On the latest Tripwire cybersecurity podcast, I had the opportunity to speak with Patrick Miller, who is the…

As we emerge from the pandemic, hybrid working has proven hugely popular for individuals and organisations alike: staff enjoy increased flexibility and reduced commuting, and organisations benefit from lower overheads and greater productivity. Plus, the environmental benefits of homeworking are unmistakable.  However, hybrid working also provides greater opportunities for cyber criminals. It introduces new security vulnerabilities, makes staff more susceptible to phishing attacks, and makes it harder for security teams to respond to incidents.  Although the past 18 months have seen new working practices become normal for many organisations, security strategies are still struggling to adapt.  Detecting data breaches has always been a challenge. Even with staff…

Ransomware is making headlines once again, as cybercriminals target high-profile organizations. A prominent example is Colonial Pipeline, a Texas-based oil pipeline system that shut down its entire fuel distribution following an attack in May.  The attack resulted from a single compromised password used by hackers to gain entry into Colonial Pipeline’s networks. The hackers attacked successfully using ransomware. Ransomware is a constantly evolving attack tool used by cybercriminals. In addition to costing agencies time and…

CIS Control 6 merges some aspects of CIS Control 4 (admin privileges) and CIS Control 14 (access based on need to know) into a single access control management group. Access control management is a critical component in maintaining information and system security, restricting access to assets based on role and need. It is important to grant, refuse, and remove access in a standardized, timely, and repeatable way across an entire organization. Privileged accounts, such as…

CIS Control 6 merges some aspects of CIS Control 4 (admin privileges) and CIS Control 14 (access based on need to know) into a single access control management group. Access control management is a critical component in maintaining information and system security, restricting access to assets based on role and need. It is important to grant, refuse, and remove access in a standardized, timely, and repeatable way across an entire organization. Privileged accounts, such as…

Microsoft discovered new custom malware, dubbed FoggyWeb, used by the Nobelium cyberespionage group to implant backdoor in Windows domains. Microsoft Threat Intelligence Center (MSTIC) researchers have discovered a new custom malware, dubbed FoggyWeb used by the Nobelium APT group to deploy additional payloads and steal sensitive info from Active Directory Federation Services (AD FS) servers. FoggyWeb is a post-exploitation backdoor used by the APT group to remotely exfiltrate the configuration database of compromised Active Directory Federation…