Tripwire’s January 2025 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the list are patches for the Microsoft office platform, including Word, Access, Visio, Excel, OneNote, and Outlook. These patches resolve 13 issues such as remote…
Tag: Blog RSS Feed
How the Proposed HISAA Law Could Reshape Cybersecurity Compliance
It’s been a tough year for the healthcare sector. Throughout 2024, cybercriminals have unleashed a barrage of attacks on a vast number of healthcare organizations – with disconcerting levels of success. FBI research revealed that healthcare is now the US’s…
How Lack of Cybersecurity Training Makes Small Businesses Easy Targets
Small businesses may think they don’t need to implement cybersecurity training programs because larger enterprises with more revenue are more profitable for bad actors. However, small businesses lacking essential security measures are prime targets due to the ease of access…
CIS Control 04: Secure Configuration of Enterprise Assets and Software
Key Takeaways for Control 4 Most fresh installs of operating systems or applications come with preconfigured settings that are usually insecure or not properly configured with security in mind. Use the leverage provided by multiple frameworks such as CIS Benchmarks…
Tackling the New CIS Controls
In the early part of 2024, the Center for Internet Security (CIS) released the latest version of the well-respected Critical Security Controls (CSC). The new version, 8.1, adds contours to the prior versions, making it more comprehensive and timely in…
Identifying and Responding to Investment Scams
Investment scams are a growing problem. Modern cybercriminals are increasingly using this technique to swindle money out of unsuspecting victims. It’s easy to understand why: investment scams are remarkably effective. Research from Barclays even found that they accounted for a…
Industry Optimism Grows as TSA Proposes Balanced Cybersecurity Measures
The Transportation Security Administration (TSA) has proposed new rules requiring those under its jurisdiction to follow specific cyber risk management (CRM) requirements, report cybersecurity incidents in a certain timeframe, and address physical security concerns. This is positive news for the…
Best Practices for Securing Your SaaS Environment
Can you imagine a modern working world without Software-as-a-Service ( SaaS) applications? Productivity, communication, and project management solutions have transformed the modern workplace, enabling hybrid and remote working, helping to cut costs, and offering unprecedented opportunities for collaboration and innovation.…
New Law Could Mean Prison for Reporting Data Leaks
The Turkish government is proposing a controversial new cybersecurity law that could make it a criminal act to report on data breaches. The new legislation proposes penalties for various cybersecurity-related offences. But they key one which has people concerned is…
Understanding Microsoft’s CVSS v3.1 Ratings and Severity Scores
Recently, I looked at Microsoft’s assigned CVSS v3.1 scores for Patch Tuesday vulnerabilities alongside the Microsoft assigned severity ratings. I wanted to revisit these numbers and see just how closely CVSS aligns with Microsoft’s opinion of severity. Disclaimer: I’m aware…