Today’s VERT Alert addresses Microsoft’s October 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1127 as soon as coverage is completed. In-The-Wild & Disclosed CVEs CVE-2024-43573 A vulnerability in the Windows MSHTML…
Tag: Blog RSS Feed
Nearly Half of UK Companies Are Missing Essential Cybersecurity Skills
Cybersecurity skill gaps and shortages are often cited as a major reason that many organizations fail to implement effective security tools and practices. The UK’s Department for Science, Innovation, and Technology (DSIT) conducts an annual survey of the cybersecurity labor…
Justifying Compliance Tools Before a Breach Occurs
Breaches, be they accidental, careless, or malicious, are an inevitability for most companies. Depending on the industry, the consequences could range from something as minor as a little public embarrassment to hefty fines, lawsuits, expensive remediation actions, and loss of…
Are Your Containers Secure? Answer These 5 Questions and Find Out
What Is Container Security? Container security involves protecting containerized environments and the applications they run. As containers package applications and their dependencies, they offer consistency across different environments. However, this also raises security concerns, such as ensuring the integrity of…
Tick Tock.. Operation Cronos Arrests More LockBit Ransomware Gang Suspects
International law enforcement agencies have scored another victory against the LockBit gang, with a series of arrests and the seizure of servers used within the notorious ransomware group’s infrastructure. As Europol has detailed in a press release, international authorities have…
Major Database Security Threats and How to Prevent Them
Human nature tells us that we’ll go for the low-hanging fruit before climbing a tree. Since threat actors are (after all) human, the same applies to them. Since databases are particularly vulnerable to many lower-level attacks, they are constantly at…
Tripwire Patch Priority Index for September 2024
Tripwire’s September 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the list are patches for Microsoft Excel, Visio, and Publisher that resolve remote code execution, elevation of privilege, and security feature bypass vulnerabilities. Next are…
Key Takeaways from the 2024 Crypto Crime Mid-Year Update
We’re over halfway through the year, and ChainAnalysis has released parts one and two of their 2024 Crypto Crime Mid-Year Update . The update provides valuable insight into the cryptocurrency and cybersecurity landscape, so let’s look at the key takeaways…
Monitoring Your Files for Security and Compliance
Have you ever stopped to consider all of the components that comprise a working automobile? Even a cursory examination reveals more parts than might be considered when we turn the ignition key. However, many of these components are useless when…
The Growing Threat Of Fake Job Applicants
It cannot be denied that the rise of remote work has opened up many opportunities for both employers and job seekers. Despite this, however, it has also presented a plethora of challenges when it comes to recruiting in the cybersecurity…
Data Security Best Practices for Cloud CRM Systems as Adoption Surges
For the past few years, the CRM market has witnessed steady growth and it is projected to reach $89 billion by 2024. Estimates are that this growth will continue into the foreseeable future. Essentially, CRM systems have come to stay…
CISA Warns of Hackers Targeting Industrial Systems with “Unsophisticated Methods” Amid Lebanon Water Hack Claims
The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that malicious hackers continue to be capable of compromising industrial control systems (ICS) and other operational technology (OT) using “unsophisticated methods” – suggesting that much more still needs to be…
Understanding Network Attacks: Types, Trends, and Mitigation Strategies
At a time when digital connectivity is the lifeblood of all business operations, the specter of network attacks is greater than ever. As entities depend on complex network infrastructures, malefactors exploit vulnerabilities with growing sophistication and frequency. Understanding the diverse…
Navigating the Privacy Paradox: How Organizations Can Secure Customer Data While Ensuring Convenience
Privacy and convenience have always been at odds, especially regarding digital onboarding or online sign-ups. For modern organizations, striking a balance between the two has become increasingly important. At the same time, a recent report said 53% of customers suggest…
Warnings After New Valencia Ransomware Group Strikes Businesses and Leaks Data
A new ransomware operation has started to leak information it claims has been stolen from organisations it has compromised around the world. In recent days Valencia Ransomware has posted on its dark web leak site’s so-called “Wall of shame” links…
The Relation Between Breaches and Stock Price Drops
When discussing the consequences of a data breach for organizations, we usually consider three types of damage: financial, legal, and, somewhat more tenuously, reputational. But what about stock prices? One would assume that stock price—an indicator of a business’s overall…
Aligning Your Cybersecurity Strategy with the NIST CSF 2.0
So, you’re considering integrating the NIST CSF 2.0 (National Institute of Standards and Technology Cybersecurity Framework) into your cybersecurity practices. Congratulations! You’ve taken the first step toward improving your organization’s cybersecurity posture. However, you may need clarification about the best…
The Latest Email Scams: Key Trends to Look Out For
Amid the numerous instruments that have augmented our digital communication and commerce experiences over time, email remains a staple for everything, from confirming purchases to life-changing events like the authorization of financial aid. It comes as no surprise that email…
Solar Cybersecurity And The Nuances Of Renewable Energy Integration
The modern age of renewable energy has seen a surge in solar panels and wind turbines. While these systems enhance sustainability, their digital technologies carry risks. Cybersecurity professionals must know the relevant nuances when integrating renewable systems. How Solar Energy…
The Role of Zero Trust Architecture in Enhancing SSO Security
Securing virtual identities and entry points has become a critical priority as cyber threats grow more sophisticated. A Single Sign-On (SSO) system offers ease and allows multi-functionality with a single set of identity verification, but they are enticing targets for…
NESA Standard Ensures Security of UAE’s Cyberspace
To allay dependence on oil revenue and expand the private sector, the United Arab Emirates (UAE) has committed, in recent years, to establishing a knowledge-based economy. Consequently, they have become a formidable competitor in Information Communication Technology (ICT). As the…
England and Wales Report a Spike in Computer Misuse
The Office for National Statistics (ONS) most recent Crime Survey for England and Wales (CSEW) has revealed that computer misuse cases rose 37% in the year ending March 2024, bucking a general trend of decline. The CSEW first started tracking…
What’s Changed in CIS Critical Security Controls v8.1?
The CIS Critical Security Controls (CIS Controls) are a set of best practices designed to help organizations protect themselves from the most common cyber attacks. First developed in 2008, the controls define the minimum level of cybersecurity any organization that…
Navigating the Cloud Chaos: 2024’s Top Threats Revealed
Misconfigurations (when cloud computing assets are set up incorrectly, leaving them vulnerable to unauthorized access, data breaches, and operational disruptions) and inadequate change control top the list of cloud security threats in 2024, rising from third place the year before.…
Mitigating Alert Fatigue in SecOps Teams
Security Operations Teams (SOCs) today are under attack by the very mechanisms meant to help them. A recent industry study revealed a few startling facts: SOCs spend a third of their workday hunting down false positives. Even then, SOCs only…
WordPress Plugin and Theme Developers Told They Must Use 2FA
Developers of plugins and themes for WordPress.org have been told they are required to enable two-factor authentication (2FA) from October 1st. The move is intended to enhance security, helping prevent hackers from gaining access to accounts through which malicious code…
This Senate Bill Could Improve Voting Machine Security
The upcoming election has brought up conversations about the security of our voting infrastructure. While recent developments have somewhat shifted attention toward more visceral threats such as “death threats against county clerks, polling-place violence, and AI-fueled disinformation,” the protection of…
Common Phishing Attacks and How to Protect Against Them
Phishing is a malicious attempt to deceive individuals into divulging sensitive information such as usernames, passwords, credit card numbers, or other personal data. These attacks are typically carried out by masquerading as a trustworthy entity in electronic communications. Phishing can…
VERT Threat Alert: September 2024 Patch Tuesday Analysis
Today’s VERT Alert addresses Microsoft’s September 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1123 as soon as coverage is completed. In-The-Wild & Disclosed CVEs CVE-2024-38217 Windows uses the Mark of the…
SOX Compliance in the Age of Cyber Threats
Achieving Sarbanes-Oxley (SOX) Act compliance is becoming more difficult. While the Act is primarily a financial reporting regulation, it requires all publicly traded companies operating in the United States to maintain the integrity, accuracy, and reliability of financial reporting, which…
Examining the Intersection of Cybersecurity and Automation in 5 Different Industries
Traditional cybersecurity solutions are constantly being supplemented and enhanced by new technology and practices. Industry leaders know that keeping up with digital security advancements is the best way to ensure the success of every company and that customers rely on…
Security Automation – As Easy As Making Tea?
I worry that a lot of my blog posts reveal that I’m getting older and older as the days go by, but I wanted to talk about teasmades and security automation. For those of you outside of the UK, and…
Cicada Ransomware – What You Need To Know
What is the Cicada ransomware? Cicada (also known as Cicada3301) is sophisticated ransomware written in Rust that has claimed more than 20 victims since its discovery in June 2024. Why is the ransomware called Cicada? The criminals behind Cicada appear…
Employee Cybersecurity Awareness Training Strategies for AI-Enhanced Attacks
With the adoption of AI in almost every sphere of our lives and its unending advancement, cyberattacks are rapidly increasing. Threat actors with malicious intent use AI tools to create phishing emails and other AI-generated content to bypass traditional security…
Let’s Dance: Securing Access with PIM and PAM to Prevent Breaches
I know when to log out Know when to log in Get things done In the spirit of David Bowie, let’s explore how to navigate the labyrinth of privileged access management without getting “Under Pressure.” No one wants to mistype…
The Power of Tripwire Enterprise SCM Policies
There are many good business, security, and compliance reasons for leveraging the extensive rule and policy engines of Fortra’s Tripwire Enterprise (TE) to implement Security Configuration Management (SCM) capabilities, which have been documented very well in other blogs. In contrast,…
Navigating Change: Three Levels to Filter Out the Noise in Tech Environments
Change is relentless. Technology evolves at breakneck speed, and security practitioners face a constant barrage of updates, system tweaks, and new tools. This relentless stream of modifications can create a clutter of information, making it challenging to pinpoint what is…
Guardians of the Files: Tracing the Evolution of File Integrity Monitoring
File Integrity Monitoring (FIM) is a cybersecurity process that involves continuously monitoring files and systems to identify any unauthorized changes. FIM solutions maintain file integrity by comparing a file or system’s current state to a known, trusted baseline and flagging…
Tripwire Patch Priority Index for August 2024
Tripwire’s August 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, Adobe and Google. First on the list are patches for Microsoft Edge and Google Chromium that resolve 12 vulnerabilities, including information disclosure, remote code execution, and memory…
2.5 Million Reward Offered For Cyber Criminal Linked To Notorious Angler Exploit Kit
Who doesn’t fancy earning US $2.5 million? That’s the reward that’s on offer from the US Department and State and Secret Service for information leading to the arrest and/or conviction of a Belarusian man who allegedly was a key figure…
Change Management and File Integrity Monitoring – Demystifying the Modifications in Your Environment
When outsourcing the IT department was first introduced, many business owners hailed it as the solution to all their technology problems. The promise of reduced headcount, less overhead and sunk costs, as well as reduced management responsibilities, seemed like a…
A Guide on 5 Common LinkedIn Scams
LinkedIn scams are rampant. Know why? Scammers play on trust, which is why they love exploiting professional networks that have earned a trustworthy reputation. In a lot of ways, it’s the last place you’d expect. Unfortunately, given the incredibly high…
The Invisible Shield: Exploring the Silent Guardians of IoT Security
Effectively acting as an invisible shield, the inner workings of IoT security are often taken for granted. However, we can focus and shine a light on the protocols and practices that provide the foundation of IoT security to help others…
Life in Cybersecurity: Expert Tips and Insights from a Cybersecurity Recruiter
One of the most challenging aspects of working in cybersecurity can be the deceptively simple act of finding the best job that suits your skillset and best fits the employer’s expectations. Whether it is an entry-level position, a lateral move,…
How Automation and AI are Transforming GRC Management
There is no doubt that we now live in an AI-driven, automation-powered world. Across industries and markets, leaders and professionals are achieving the utility of AI in their processes. The same applies to Governance, Risk, and Compliance (GRC) management, but…
Global Cyber Insurance Premiums Decline Despite Ransomware Surge
Cyber insurance has a strange past: AIG first took cyber insurance to market in 1997 despite a total lack of actuarial data to inform premiums or policies. Essentially, the industry ran on guesswork. Even today, the cyber insurance market is…
Forensic Cyberpsychology: Profiling the Next-Generation Cybercriminal
Cybercrime is a major concern for individuals, businesses, and governments alike. As technology advances, so do the tactics and sophistication of those who seek to exploit it for nefarious purposes. Data shows that, on average, a cyber attack occurs every…
Tips to Help Leaders Improve Cyber Hygiene
The cyber threat landscape continues to be an unpredictable challenge for organizations as more of them embrace digitization. When it comes to maintaining stability and security in the age of rampant cyber attacks and record levels of data breaches plaguing…
Understanding Managed Service Providers (MSPs): Choosing the Right Provider
The demand for robust security, transparency, and accountability is at an all-time high, and many businesses are relying on managed service providers (MSPs) to manage their IT infrastructure, ensure data security, or provide seamless operational support. Concurrently, MSPs must continuously…
UK Businesses Face New Cyber-Attacks Every 44 Seconds in Q2 2024
In the second quarter of 2024, UK businesses faced cyber-attacks every 44 seconds, highlighting the persistent nature of cyber threats and the critical need for robust cybersecurity protocols. This frequency of attacks shines the spotlight on the ongoing challenge UK…
Securing Infrastructure as Code: Best Practices for State Management
IT infrastructure management is a complex task. Over the years, various methods have been used to better manage corporate environments. Whether it is network monitoring, asset control, application monitoring, or any of the other infrastructure management obligations, different solutions have…
10 Authentication Trends in 2024 and Beyond
What Is Authentication? Authentication is the process of verifying the identity of a user or system. It is a critical component of security, ensuring that only authorized individuals or entities can access sensitive information or systems. There are several methods…
Fast Forward or Freefall? Navigating the Rise of AI in Cybersecurity
It has been only one year and nine months since OpenAI made ChatGPT available to the public, and it has already had a massive impact on our lives. While AI will undoubtedly reshape our world, the exact nature of this…
Exploring the Impact of NIST SP 800-53 on Federal IT Systems
NIST SP 800-53 is a framework developed by the National Institute of Standards and Technology (NIST) that provides guidelines and best practices for securing federal information systems and protecting the privacy of individuals whose information these systems handle. The Special…
Ransomware Kingpin Who Called Himself “J P Morgan” Extradited to the United States
An investigation dating back almost ten years has seen the extradition this week to the United States of a man suspected to be the head of one the world’s most prolific Russian-speaking cybercriminal gangs. The UK’s National Crime Agency (NCA)…
Updates and Evolution of the NIST Cybersecurity Framework: What’s New?
The NIST Cybersecurity Framework (CSF), published by the US National Institute of Standards and Technology (NIST), is a widely used set of guidelines for mitigating organizational cybersecurity risks. It contains recommendations and standards to help organizations identify and detect cyberattacks…
VERT Threat Alert: August 2024 Patch Tuesday Analysis
Today’s VERT Alert addresses Microsoft’s August 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1119 as soon as coverage is completed. In-The-Wild & Disclosed CVEs CVE-2024-38178 CVE-2024-38178 describes a vulnerability in the…
Understanding Social Engineering Tactics: 8 Attacks to Watch Out For
Social engineering is a dangerous weapon many cybercriminals use to achieve their nefarious goals. It leverages psychological manipulation to deceive individuals into divulging confidential or personal information. Unlike traditional hacking, which relies on exploiting software vulnerabilities, social engineering targets human…
Find Your Best Fit: Solving the Cybersecurity Framework Puzzle
We recently presented the webcast “Find Your Best Fit, Solving the Cybersecurity Framework Puzzle.” Tyler Reguly, who is a senior manager of research and development at Fortra and a former professor at his alma mater, Fanshawe College, served as the…
Scams: Understanding vulnerabilities and protective strategies
Many people don’t realize that scams are complicated events orchestrated by scammers, which often include myriad persuasive techniques and take advantage of our individual characteristics and circumstances. While each scam varies in complexity, they typically progress through three broad stages,…
Over $40 Million Recovered and Arrests Made Within Days After Firm Discovers Business Email Compromise Scam
According to the FBI, billions of dollars have been lost through Business Email Compromise (BEC) attacks in recent years, so you may well think that there is little in the way of good news. However, it has been revealed this…
Have You Heard About the New PCI 4.0 Section 1.2 Spec? Tripwire Makes Compliance Easy
If you’ve been keeping up with the Payment Card Industry Data Security Standard (PCI DSS), you’ll know it has a new specification that revolves around network security controls. Let’s dig into the details. A Little Back Story It helps to…
Reliable Baseline Management with Fortra’s Tripwire Enterprise
When performing a security assessment, many folks will focus on asset management. This is an important first step, as it often reveals assets in the environment that were previously unknown. The next step in determining how to best secure the…
Tripwire Patch Priority Index for July 2024
Tripwire’s July 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the list are patches for Microsoft Office and Outlook that resolve remote code execution and spoofing vulnerabilities. Next are patches that affect components of the…
Hurricane Season Scams: What you need to know
Cybercriminals are notorious for their opportunism. No situation is off limits: whether they exploit conflict and human suffering, blackmail vulnerable individuals by threatening to leak therapy notes, or even bring healthcare organizations to their knees, cybercriminals will stop at nothing…
3 Types of Bot Attacks to Guard Against
Bot attacks constitute a major danger to businesses and individuals. For five consecutive years, the percentage of global web traffic connected to bad bots has increased, reaching 32% in 2023, a 1.8% increase from 30.2% in 2022, while human traffic…
Cybersecurity: The Unsung Hero of SOX Compliance
The Sarbanes-Oxley Act of 2002 (SOX) was enacted to restore public confidence in the wake of major corporate and accounting scandals. The legislation aims to protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the…
$75 Million Record-Breaking Ransom Paid To Cybercriminals, Say Researchers
The staggering sum of US $75 million has reportedly been paid to a ransomware gang in what is believed to be the largest known ransom payment made by a cyber attack victim since records began. Researchers at Zscaler claim in…
#TripwireBookClub – From its Origins to its Future: How AI Works
In our continuing series of book reviews, the Fortra team read How AI Works: From Sorcery to Science by Ronald T. Kneusel. The book is advertised as unraveling “the mysteries of artificial intelligence, without the complex math and unnecessary jargon.”…
8 Daily Practices to Avoid Cybersecurity Burnout
Burnout happens when job demands such as workload, time pressure, and difficult clients are high, as well as when job resources, including quality leadership, autonomy and decision authority, recognition, and strong relationships, are lacking. The field of cybersecurity is particularly…
Re-Extortion: How Ransomware Gangs Re-Victimize Victims
Ransomware has evolved significantly since its inception. Initially, these attacks were relatively simple: malware would encrypt a victim’s files, and the attacker would demand a ransom for the decryption key. However, as cybersecurity measures improved, so did ransomware gangs’ tactics.…
Navigating PCI DSS 4.0: Your Guide to Compliance Success
The transition to PCI DSS 4.0 is here. The transition period from PCI DSS 3.2 ended on March 31, 2024, so businesses in all sectors must focus on aligning their practices with the new requirements. This blog will guide you…
SEXi / APT Inc Ransomware – What You Need To Know
SEXi? Seriously? What are you talking about this time? Don’t worry, I’m not trying to conjure images in your mind of Rod Stewart in his iconic leopard print trousers. Instead, I want to warn you about a cybercrime group that…
The Dual Impact of AI on Power Grids: Efficiency and Vulnerability
Artificial intelligence (AI) has emerged as a promising solution to modernize power grids. The technology, alongside other upgrades like Internet of Things (IoT) connectivity, could make energy infrastructure more reliable and sustainable. However, AI power grids also pose significant cybersecurity…
Securing Diverse Environments: Security Configuration Management
In our technologically advanced era, where cyber threats and data breaches are constantly evolving, it’s crucial for companies to focus on Security Configuration Management (SCM) to protect their resources and information. Whether dealing with infrastructure, cloud services, industrial installations, or…
The Importance of Ethics in Cybersecurity
Cybersecurity has become an integral part of our daily lives, impacting everyone around the world. However, the question arises: are rules and regulations alone sufficient to make cyberspace secure? Ethics, which are the principles that guide our decisions and help…
5 Phased Approach to Vulnerability Management: Best Practices
Vulnerability management is a foundational cornerstone for reducing your organization’s cyber risk, but what are vulnerabilities and why is it important to create a strong vulnerability management program? The National Institute of Science and Technology ( NIST) defines a vulnerability…
MitM Attacks: Understanding the Risks and Prevention Strategies
As our interactions with the digital world grow, connections will be established within seconds, leading to more online attacks. One type of attack we may be exposed to is known as a Man-in-the-Middle (MitM) — a technique cyber attackers use…
What are the Current Trends in Cloud Technology?
In recent years, cloud technology has become integral to business operations. Compared to on-premises infrastructure, it allows for improved scalability and flexibility, cost savings, collaboration, security, and data loss prevention. The cloud computing market is set to reach $679 billion…
What are the Current Trends in Cloud Technology?
In recent years, cloud technology has become integral to business operations. Compared to on-premises infrastructure, it allows for improved scalability and flexibility, cost savings, collaboration, security, and data loss prevention. The cloud computing market is set to reach $679 billion…
HardBit Ransomware – What You Need to Know
What’s happened? A new strain of the HardBit ransomware has emerged in the wild. It contains a protection mechanism in an attempt to prevent analysis from security researchers. HardBit? I think I’ve heard of that before. Quite possibly. HardBit first…
Looking for a Job in Cyber? Tips and Advice From the Pros
A career in cybersecurity can be rewarding, challenging, and, frankly, lucrative. But it’s not the easiest industry to break into: the skills required for a cybersecurity role are both niche and specific, the bar for entry is relatively high, and…
Low-Hanging Fruits Vs. Those at the Top of the Tree: Cybersecurity Edition
Companies often go for high-end cybersecurity solutions because dealing with complex problems looks impressive. The appeal of fancy tech and advanced security challenges gives them a sense of achievement and a chance to show off their skills – and says…
The Role Regulators Will Play in Guiding AI Adoption to Minimize Security Risks
With Artificial Intelligence (AI) becoming more pervasive within different industries, its transformational power arrives with considerable security threats. AI is moving faster than policy, whereas the lightning-quick deployment of AI technologies has outpaced the creation of broad regulatory frameworks, raising…
5 Tips for Spotting and Avoiding Pig Butchering Scams
Pig butchering scams came onto the scene a few years ago and have been gaining momentum ever since. A unique take on an old classic, pig butchering is a typical investment scam with a romantic or relationship-based twist. The large…
Addressing Client-Side Risks in PCI DSS 4.0
It seems like such a short time ago that the Security Standards Council released the newest version of the Payment Card Industry Data Security Standard (PCI DSS). It has been a full year, and version 4.0 is now in effect.…
RansomHub Ransomware – What You Need To Know
What’s RansomHub? Despite first appearing earlier this year, RansomHub is already considered one of the most prolific ransomware groups in existence. It operates a ransomware-as-a-service (RaaS) operation, meaning that a central core of the group creates and maintains the ransomware…
Navigating Compliance: A Guide to the U.S. Government Configuration Baseline
For cybersecurity professionals tasked with defending the public sector, tackling the U.S. Government Configuration Baseline (USGCB) is just another hurdle to a safer federal tomorrow. Part of a wide collection of necessary federal government compliance requirements, it hones in on…
Sextortion Scams – How They Persuade and What to Watch for
“Sextortion” scams represent some of cybercriminals’ most brazen attempts to extract money from unwitting victims. These extortion techniques rely on fear and shame to get targets to pay up. Similar to individualized ransomware attacks, if the party refuses to pay…
VERT Threat Alert: July 2024 Patch Tuesday Analysis
Today’s VERT Alert addresses Microsoft’s July 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1114 as soon as coverage is completed. In-The-Wild & Disclosed CVEs CVE-2024-38112 A vulnerability in the Windows MSHTML…
A Deeper Dive into DISA’s Cybersecurity Initiatives
The Defense Information Systems Agency (DISA) is a Department of Defense (DoD) service provider that supplies a global information-sharing architecture for all DoD members “from the President on down.” Their cybersecurity measures are among the best in the world. As…
Guarding Health: Errol Weiss on Protecting the Healthcare Sector from Cyber Threats
Each day, it seems that we hear of another healthcare organization being compromised by a cyber attack. It is clear that the healthcare industry is the new favorite target amongst cybercriminals. Fortunately, vigorous efforts are available to combat these threats.…
GAO Urges Stronger Federal Cybersecurity Measures Amid Rising Threats
The IT and OT systems that support not only federal governmental agencies but also national critical infrastructure must be protected, but developing a security strategy effective against threats is no easy feat. It can be difficult to cover all of…
Volcano Demon Ransomware Group Rings Its Victims To Extort Money
What’s happening? Security researchers have warned that a new ransomware group has taken an unusual twist on the traditional method of extorting money from its corporate victims. So what’s different this time? Whereas many ransomware attacks see a company’s company’s…
IoT Security Regulations: A Compliance Checklist – Part 2
In Part 1, the existing global regulations around IoT were introduced. In this part, the challenge of complying with these rules is examined. The IoT Security Challenge Securing the Internet of Things (IoT) presents complex challenges that stem primarily from…
Cybersecurity Best Practices for SOX Compliance
The Sarbanes-Oxley Act (SOX), enacted by the United States Congress in 2002, is a landmark piece of legislation that aims to improve transparency, accountability, and integrity in financial reporting and corporate governance. The act was a response to high-profile corporate…
Superior Integrity Monitoring: Getting Beyond Checkbox FIM
Contrary to what one might expect, creating a File Integrity Monitoring (FIM) system is pretty easy. Practically anyone with a modicum of Python, Perl, or development skills can write an app or script to gather a file’s checksum, compare it…
Tripwire Patch Priority Index for June 2024
Tripwire’s June 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the list are patches for Microsoft Edge (Chromium-based) and Chromium that resolve use after free, heap buffer overflow, and out of bounds write vulnerabilities Next…
A Look at Container Security Through the Lens of DevOps
Containerization has revolutionized application development, deployment, and management – and for good reason. The ability to automatically wrap an application and its dependencies into a single, easily deployable package helps developers focus on what they do best: writing code. Widely…
Cybersecurity Frameworks: What Do the Experts Have to Say?
Cybersecurity frameworks are blueprints for security programs. Typically developed by governmental organizations, industry groups, or international bodies, they take the guesswork out of developing defense strategies, providing organizations with standards, guidelines, and best practices to help them manage and reduce…