Over sixty credit unions across the United States have been taken offline following a ransomware attack at one of their technology providers - demonstrating once again the damage that can be caused by a supply-chain attack . There are a few moving parts here, so here’s a quick summary: Trellance - A provider of solutions and services used by credit unions, and the parent company of FedComp. FedComp - a provider of software and services that enable credit unions to operate around the world. Ongoing Operations - a unit of Trellance, which specialises in disaster recovery and business recovery ..read more

Tripwire's November 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the patch priority are patches for Microsoft Edge (Chromium-based) that resolve elevation of privilege, remote code execution, and spoofing vulnerabilities. Next on the patch priority list this month are patches for Microsoft Office and Excel that resolve 3 remote code execution and security feature bypass vulnerabilities. Next are patches that affect components of the core Windows operating system. These patches resolve over 25 vulnerabilities, including elevation of privilege ..read more

As the holiday shopping season kicks in, many are eager to secure early bird discounts and offers, preparing for the festive season. The convenience and speed of mobile devices has led to a growing number of individuals opting for mobile payments, whether conducted online or through contactless systems. The global mobile payment revenue is expected to reach $12.06 trillion by 2027 , and smartphone users are anticipated to surpass 7.7 billion by 2028 . As these figures soar, the importance of conducting secure transactions online becomes increasingly evident. Mobile payments encompass all ..read more

Once again companies are being warned to be wary of past employees who may turn rogue. 28-year-old Andrew Mahn, of Derry, New Hampshire, has pleaded guilty to charges that he illegally hacked the network of his former company, telecoms firm Motorola, after he successfully tricked current staff into handing over their login credentials Mahn, who had previously worked for Motorola as a RF Network Field Service Technician, was working at the Massachusetts Port Authority (Massport) in August 2020 when he began to send phishing emails to a total of 31 current Motorola employees. The email told ..read more

As we approach the holiday season, in addition to our busy work schedules, we need to plan for family visits, develop menus for special meals, and do a little shopping while the deals are good! It’s a lot to keep track of. Just remember it’s when you are distracted that you tend to put your digital security most at risk. Cybercriminals don’t take holidays. In fact, cyberattacks surge during this time of the year; they actively use all the distractions surrounding the holidays to target individuals and businesses. Here are some tips on how to ensure you and your family are well protected this ..read more

At our recent Energy and NERC Compliance Working Group, we took some time to share more about Fortra, the cybersecurity company that Tripwire is a part of. In case you missed it, Fortra is a rebranding of HelpSystems, an already established and trusted company that has acquired a few valuable cybersecurity companies along the way. One such company, Tripwire, is already a familiar name in the energy sector. These acquisitions elevate Fortra to a new level, not only expanding but also strengthening our product portfolio. Can Fortra be the right cybersecurity ally for your organization? Fortra is ..read more

Phishing is a longstanding danger of the digital world that most people are aware of. Whether it happens via email, text message, social media, or any other means, phishing presents a risk to all users. In recent years, the growing popularity of QR codes for all manner of operations has created an environment ripe for cybercriminals to take advantage of. All of the dangers of other sorts of phishing are just as present in the case of QR phishing , and the relative novelty of this particular type of attack means that targets are less likely to be wary of scanning QR codes from unknown sources ..read more

While the EU AI Act is poised to introduce binding legal requirements, there's another noteworthy player making waves—the National Institute of Standards and Technology's (NIST) AI Risk Management Framework (AI RMF) , published in January 2023. This framework promises to reshape the future of responsible AI uniquely and voluntarily, setting it apart from traditional regulatory approaches. Let's delve into the transformative potential of the NIST AI RMF and its global implications. Global Impact of the NIST AI Risk Management Framework NIST, a respected entity within the United States ..read more

Tripwire recently held its annual Energy and NERC Compliance Working Group. This year's attendees included more than 200 Tripwire customer utility personnel representing over 80 different registered entities from all across the US and Canada. The company sizes ranged from public utility districts and city municipalities to medium and larger-sized investor-owned utilities, including many of the Fortune 500 and 1000 power entities. Tripwire is looked to as one of the leading cybersecurity and compliance technology solutions in the marketplace, especially for utilities under NERC CIP compliance ..read more

In late September 2023, the US-based National Institute of Standards and Technology (NIST) published its Cybersecurity Framework Profile for Hybrid Satellite Networks, otherwise known as NIST IR 8441. This blog will explore the reasons behind NIST developing the framework, outline its intentions, and summarize its key points. What is a Hybrid Satellite Network? To understand IR 8441, we must first understand a Hybrid Satellite Network (HSN). NIST defines an HSN as a network that: “[Uses] independently owned and operated terrestrial and space components to realize a space system that may ..read more