Tag: Blog RSS Feed

VERT Threat Alert: October 2024 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s October 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1127 as soon as coverage is completed. In-The-Wild & Disclosed CVEs CVE-2024-43573 A vulnerability in the Windows MSHTML…

Justifying Compliance Tools Before a Breach Occurs

Breaches, be they accidental, careless, or malicious, are an inevitability for most companies. Depending on the industry, the consequences could range from something as minor as a little public embarrassment to hefty fines, lawsuits, expensive remediation actions, and loss of…

Are Your Containers Secure? Answer These 5 Questions and Find Out

What Is Container Security? Container security involves protecting containerized environments and the applications they run. As containers package applications and their dependencies, they offer consistency across different environments. However, this also raises security concerns, such as ensuring the integrity of…

Major Database Security Threats and How to Prevent Them

Human nature tells us that we’ll go for the low-hanging fruit before climbing a tree. Since threat actors are (after all) human, the same applies to them. Since databases are particularly vulnerable to many lower-level attacks, they are constantly at…

Tripwire Patch Priority Index for September 2024

Tripwire’s September 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the list are patches for Microsoft Excel, Visio, and Publisher that resolve remote code execution, elevation of privilege, and security feature bypass vulnerabilities. Next are…

Key Takeaways from the 2024 Crypto Crime Mid-Year Update

We’re over halfway through the year, and ChainAnalysis has released parts one and two of their 2024 Crypto Crime Mid-Year Update . The update provides valuable insight into the cryptocurrency and cybersecurity landscape, so let’s look at the key takeaways…

Monitoring Your Files for Security and Compliance

Have you ever stopped to consider all of the components that comprise a working automobile? Even a cursory examination reveals more parts than might be considered when we turn the ignition key. However, many of these components are useless when…

The Growing Threat Of Fake Job Applicants

It cannot be denied that the rise of remote work has opened up many opportunities for both employers and job seekers. Despite this, however, it has also presented a plethora of challenges when it comes to recruiting in the cybersecurity…

The Relation Between Breaches and Stock Price Drops

When discussing the consequences of a data breach for organizations, we usually consider three types of damage: financial, legal, and, somewhat more tenuously, reputational. But what about stock prices? One would assume that stock price—an indicator of a business’s overall…

Aligning Your Cybersecurity Strategy with the NIST CSF 2.0

So, you’re considering integrating the NIST CSF 2.0 (National Institute of Standards and Technology Cybersecurity Framework) into your cybersecurity practices. Congratulations! You’ve taken the first step toward improving your organization’s cybersecurity posture. However, you may need clarification about the best…

The Latest Email Scams: Key Trends to Look Out For

Amid the numerous instruments that have augmented our digital communication and commerce experiences over time, email remains a staple for everything, from confirming purchases to life-changing events like the authorization of financial aid. It comes as no surprise that email…

NESA Standard Ensures Security of UAE’s Cyberspace

To allay dependence on oil revenue and expand the private sector, the United Arab Emirates (UAE) has committed, in recent years, to establishing a knowledge-based economy. Consequently, they have become a formidable competitor in Information Communication Technology (ICT). As the…

England and Wales Report a Spike in Computer Misuse

The Office for National Statistics (ONS) most recent Crime Survey for England and Wales (CSEW) has revealed that computer misuse cases rose 37% in the year ending March 2024, bucking a general trend of decline. The CSEW first started tracking…

What’s Changed in CIS Critical Security Controls v8.1?

The CIS Critical Security Controls (CIS Controls) are a set of best practices designed to help organizations protect themselves from the most common cyber attacks. First developed in 2008, the controls define the minimum level of cybersecurity any organization that…

Navigating the Cloud Chaos: 2024’s Top Threats Revealed

Misconfigurations (when cloud computing assets are set up incorrectly, leaving them vulnerable to unauthorized access, data breaches, and operational disruptions) and inadequate change control top the list of cloud security threats in 2024, rising from third place the year before.…

Mitigating Alert Fatigue in SecOps Teams

Security Operations Teams (SOCs) today are under attack by the very mechanisms meant to help them. A recent industry study revealed a few startling facts: SOCs spend a third of their workday hunting down false positives. Even then, SOCs only…

WordPress Plugin and Theme Developers Told They Must Use 2FA

Developers of plugins and themes for WordPress.org have been told they are required to enable two-factor authentication (2FA) from October 1st. The move is intended to enhance security, helping prevent hackers from gaining access to accounts through which malicious code…

This Senate Bill Could Improve Voting Machine Security

The upcoming election has brought up conversations about the security of our voting infrastructure. While recent developments have somewhat shifted attention toward more visceral threats such as “death threats against county clerks, polling-place violence, and AI-fueled disinformation,” the protection of…

Common Phishing Attacks and How to Protect Against Them

Phishing is a malicious attempt to deceive individuals into divulging sensitive information such as usernames, passwords, credit card numbers, or other personal data. These attacks are typically carried out by masquerading as a trustworthy entity in electronic communications. Phishing can…

VERT Threat Alert: September 2024 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s September 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1123 as soon as coverage is completed. In-The-Wild & Disclosed CVEs CVE-2024-38217 Windows uses the Mark of the…

SOX Compliance in the Age of Cyber Threats

Achieving Sarbanes-Oxley (SOX) Act compliance is becoming more difficult. While the Act is primarily a financial reporting regulation, it requires all publicly traded companies operating in the United States to maintain the integrity, accuracy, and reliability of financial reporting, which…

Cicada Ransomware – What You Need To Know

What is the Cicada ransomware? Cicada (also known as Cicada3301) is sophisticated ransomware written in Rust that has claimed more than 20 victims since its discovery in June 2024. Why is the ransomware called Cicada? The criminals behind Cicada appear…

The Power of Tripwire Enterprise SCM Policies

There are many good business, security, and compliance reasons for leveraging the extensive rule and policy engines of Fortra’s Tripwire Enterprise (TE) to implement Security Configuration Management (SCM) capabilities, which have been documented very well in other blogs. In contrast,…

Tripwire Patch Priority Index for August 2024

Tripwire’s August 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, Adobe and Google. First on the list are patches for Microsoft Edge and Google Chromium that resolve 12 vulnerabilities, including information disclosure, remote code execution, and memory…

A Guide on 5 Common LinkedIn Scams

LinkedIn scams are rampant. Know why? Scammers play on trust, which is why they love exploiting professional networks that have earned a trustworthy reputation. In a lot of ways, it’s the last place you’d expect. Unfortunately, given the incredibly high…

How Automation and AI are Transforming GRC Management

There is no doubt that we now live in an AI-driven, automation-powered world. Across industries and markets, leaders and professionals are achieving the utility of AI in their processes. The same applies to Governance, Risk, and Compliance (GRC) management, but…

Tips to Help Leaders Improve Cyber Hygiene

The cyber threat landscape continues to be an unpredictable challenge for organizations as more of them embrace digitization. When it comes to maintaining stability and security in the age of rampant cyber attacks and record levels of data breaches plaguing…

10 Authentication Trends in 2024 and Beyond

What Is Authentication? Authentication is the process of verifying the identity of a user or system. It is a critical component of security, ensuring that only authorized individuals or entities can access sensitive information or systems. There are several methods…

Exploring the Impact of NIST SP 800-53 on Federal IT Systems

NIST SP 800-53 is a framework developed by the National Institute of Standards and Technology (NIST) that provides guidelines and best practices for securing federal information systems and protecting the privacy of individuals whose information these systems handle. The Special…

VERT Threat Alert: August 2024 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s August 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1119 as soon as coverage is completed. In-The-Wild & Disclosed CVEs CVE-2024-38178 CVE-2024-38178 describes a vulnerability in the…

Understanding Social Engineering Tactics: 8 Attacks to Watch Out For

Social engineering is a dangerous weapon many cybercriminals use to achieve their nefarious goals. It leverages psychological manipulation to deceive individuals into divulging confidential or personal information. Unlike traditional hacking, which relies on exploiting software vulnerabilities, social engineering targets human…

Scams: Understanding vulnerabilities and protective strategies

Many people don’t realize that scams are complicated events orchestrated by scammers, which often include myriad persuasive techniques and take advantage of our individual characteristics and circumstances. While each scam varies in complexity, they typically progress through three broad stages,…

Tripwire Patch Priority Index for July 2024

Tripwire’s July 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the list are patches for Microsoft Office and Outlook that resolve remote code execution and spoofing vulnerabilities. Next are patches that affect components of the…

Hurricane Season Scams: What you need to know

Cybercriminals are notorious for their opportunism. No situation is off limits: whether they exploit conflict and human suffering, blackmail vulnerable individuals by threatening to leak therapy notes, or even bring healthcare organizations to their knees, cybercriminals will stop at nothing…

3 Types of Bot Attacks to Guard Against

Bot attacks constitute a major danger to businesses and individuals. For five consecutive years, the percentage of global web traffic connected to bad bots has increased, reaching 32% in 2023, a 1.8% increase from 30.2% in 2022, while human traffic…

Cybersecurity: The Unsung Hero of SOX Compliance

The Sarbanes-Oxley Act of 2002 (SOX) was enacted to restore public confidence in the wake of major corporate and accounting scandals. The legislation aims to protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the…

8 Daily Practices to Avoid Cybersecurity Burnout

Burnout happens when job demands such as workload, time pressure, and difficult clients are high, as well as when job resources, including quality leadership, autonomy and decision authority, recognition, and strong relationships, are lacking. The field of cybersecurity is particularly…

Re-Extortion: How Ransomware Gangs Re-Victimize Victims

Ransomware has evolved significantly since its inception. Initially, these attacks were relatively simple: malware would encrypt a victim’s files, and the attacker would demand a ransom for the decryption key. However, as cybersecurity measures improved, so did ransomware gangs’ tactics.…

The Dual Impact of AI on Power Grids: Efficiency and Vulnerability

Artificial intelligence (AI) has emerged as a promising solution to modernize power grids. The technology, alongside other upgrades like Internet of Things (IoT) connectivity, could make energy infrastructure more reliable and sustainable. However, AI power grids also pose significant cybersecurity…

Securing Diverse Environments: Security Configuration Management

In our technologically advanced era, where cyber threats and data breaches are constantly evolving, it’s crucial for companies to focus on Security Configuration Management (SCM) to protect their resources and information. Whether dealing with infrastructure, cloud services, industrial installations, or…

The Importance of Ethics in Cybersecurity

Cybersecurity has become an integral part of our daily lives, impacting everyone around the world. However, the question arises: are rules and regulations alone sufficient to make cyberspace secure? Ethics, which are the principles that guide our decisions and help…

5 Phased Approach to Vulnerability Management: Best Practices

Vulnerability management is a foundational cornerstone for reducing your organization’s cyber risk, but what are vulnerabilities and why is it important to create a strong vulnerability management program? The National Institute of Science and Technology ( NIST) defines a vulnerability…

What are the Current Trends in Cloud Technology?

In recent years, cloud technology has become integral to business operations. Compared to on-premises infrastructure, it allows for improved scalability and flexibility, cost savings, collaboration, security, and data loss prevention. The cloud computing market is set to reach $679 billion…

What are the Current Trends in Cloud Technology?

In recent years, cloud technology has become integral to business operations. Compared to on-premises infrastructure, it allows for improved scalability and flexibility, cost savings, collaboration, security, and data loss prevention. The cloud computing market is set to reach $679 billion…

HardBit Ransomware – What You Need to Know

What’s happened? A new strain of the HardBit ransomware has emerged in the wild. It contains a protection mechanism in an attempt to prevent analysis from security researchers. HardBit? I think I’ve heard of that before. Quite possibly. HardBit first…

Addressing Client-Side Risks in PCI DSS 4.0

It seems like such a short time ago that the Security Standards Council released the newest version of the Payment Card Industry Data Security Standard (PCI DSS). It has been a full year, and version 4.0 is now in effect.…

RansomHub Ransomware – What You Need To Know

What’s RansomHub? Despite first appearing earlier this year, RansomHub is already considered one of the most prolific ransomware groups in existence. It operates a ransomware-as-a-service (RaaS) operation, meaning that a central core of the group creates and maintains the ransomware…

Sextortion Scams – How They Persuade and What to Watch for

“Sextortion” scams represent some of cybercriminals’ most brazen attempts to extract money from unwitting victims. These extortion techniques rely on fear and shame to get targets to pay up. Similar to individualized ransomware attacks, if the party refuses to pay…

VERT Threat Alert: July 2024 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s July 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1114 as soon as coverage is completed. In-The-Wild & Disclosed CVEs CVE-2024-38112 A vulnerability in the Windows MSHTML…

A Deeper Dive into DISA’s Cybersecurity Initiatives

The Defense Information Systems Agency (DISA) is a Department of Defense (DoD) service provider that supplies a global information-sharing architecture for all DoD members “from the President on down.” Their cybersecurity measures are among the best in the world. As…

Cybersecurity Best Practices for SOX Compliance

The Sarbanes-Oxley Act (SOX), enacted by the United States Congress in 2002, is a landmark piece of legislation that aims to improve transparency, accountability, and integrity in financial reporting and corporate governance. The act was a response to high-profile corporate…

Tripwire Patch Priority Index for June 2024

Tripwire’s June 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the list are patches for Microsoft Edge (Chromium-based) and Chromium that resolve use after free, heap buffer overflow, and out of bounds write vulnerabilities Next…

A Look at Container Security Through the Lens of DevOps

Containerization has revolutionized application development, deployment, and management – and for good reason. The ability to automatically wrap an application and its dependencies into a single, easily deployable package helps developers focus on what they do best: writing code. Widely…

Cybersecurity Frameworks: What Do the Experts Have to Say?

Cybersecurity frameworks are blueprints for security programs. Typically developed by governmental organizations, industry groups, or international bodies, they take the guesswork out of developing defense strategies, providing organizations with standards, guidelines, and best practices to help them manage and reduce…