Category: Blog RSS Feed

In the modern digital landscape, cybersecurity is paramount, making the differentiation between vulnerability scanning and penetration testing essential for safeguarding organizational assets. Vulnerability scanning offers a broad sweep for potential security weaknesses, serving as an early warning system. Penetration testing…

Read more →

With cybersecurity, the digital battlegrounds stretch across the vast expanse of the internet. On the one side, we have increasingly sophisticated and cunning adversaries. On the other, skilled cybersecurity practitioners who are desperate to protect their companies’ assets at all…

Read more →

Tripwire’s April 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. Firsts on the list are patches for Microsoft Edge (Chromium-based) and Chromium that resolve 2 spoofing vulnerabilities. Next on the patch priority list this month is a…

Read more →

In 1971, Ray Tomlison developed the first email service while working at The Defense Advanced Research Projects Agency (DARPA) . This development changed how we communicated. However, even though this was an exceptional tool, it was not very user-friendly, requiring…

Read more →

Supply chain attacks are a serious and growing threat to businesses across all industries. However, these attacks pose an even greater risk for manufacturers in critical infrastructure sectors. One pernicious form of supply chain attack is spoofing, where attackers impersonate…

Read more →

Statista shows a near doubling of data compromises between last year (3,205) and the year before (1,802). Cybercriminals go where the data goes, and there is more need than ever for effective database security measures. These tactics differ from network…

Read more →

Most people remember the iconic movie Terminator, in which the cyborg T-800 was dispatched back in time from the year 2029 with the mission to eliminate Sarah Connor. She was destined to give birth to the future leader of the…

Read more →

What’s going on? A wave of cheap, crude, amateurish ransomware has been spotted on the dark web – and although it may not make as many headlines as LockBit , Rhysida , and BlackSuit , it still presents a serious…

Read more →

Alexandre Dumas’s timeless novel “The Three Musketeers” immortalized the ideal of unyielding solidarity, the enduring motto “All for one and one for all.” In the face of ever-evolving threats in the digital realm, the European Union echoes this spirit with…

Read more →

Tech leaders taking cybersecurity seriously is something of a double-edged sword. While it’s undoubtedly good that organizations are waking up to the genuine threat cyberattacks pose, it’s depressing that they must siphon off so many resources to protect themselves rather…

Read more →

Budgetary and resource constraints play a huge role in cyberattacks on smaller organizations. Amidst a strained global economy, many under-resourced organizations like non-profits, local governments, and hospitals struggle to keep their heads above water – they simply don’t have the…

Read more →

In 2023, companies lost about $4.45 million on average because of data breaches. As cyber threats advance, securing endpoints is more important than ever. An advanced Host-based Intrusion Detection System (HIDS) provides a sturdy remedy to improve endpoint security .…

Read more →

As businesses transition to hybrid and multi-cloud setups, vulnerabilities arising from misconfigurations and security gaps are escalating, attracting attention from bad actors. In response, the US National Security Agency (NSA) issued a set of ten recommended mitigation strategies, published earlier…

Read more →

The experience of seeing a doctor has transformed dramatically, thanks in part to the emergence of telemedicine. This digital evolution promises convenience and accessibility but brings with it a host of cybersecurity risks that were unimaginable up until a few…

Read more →

Police have successfully infiltrated and disrupted the fraud platform “LabHost”, used by more than 2,000 criminals to defraud victims worldwide. A major international operation, led by the UK’s Metropolitan Police, has seized control of LabHost, which has been helping cybercriminals…

Read more →

I’m always surprised – and a little disappointed – at how far we have to go before supply chain cybersecurity gets the respect and attention it deserves. I sat down this week with a new client who wanted some help…

Read more →

Cybersecurity has always been a complex field. Its adversarial nature means the margins between failure and success are much finer than in other sectors. As technology evolves, those margins get even finer, with attackers and defenders scrambling to exploit them…

Read more →

Generative AI has exploded in popularity across many industries. While this technology has many benefits, it also raises some unique cybersecurity concerns. Securing AI must be a top priority for organizations as they rush to implement these tools. The use…

Read more →

Security configurations are an often ignored but essential factor in any organization’s security posture: any tool, program, or solution can be vulnerable to cyberattacks or other security incidents if the settings are not configured correctly. Staying on top of all…

Read more →

In the first quarter of every year, organizations around the world release reports summing up data breach trends from the previous twelve months. And every year, these reports say broadly the same thing: data breach numbers have gone up again.…

Read more →

The number of endpoints in an organization often exceeds the number of employees. Managing these often disparate entities is more than a full-time job. Moreover, keeping them secure is equally difficult, yet securing all of your endpoints against cyber threats…

Read more →

What’s going on? A relatively new strain of ransomware called DragonForce has making the headlines after a series of high-profile attacks. Like many other ransomware groups, DragonForce attempts to extort money from its victims in two ways – locking companies…

Read more →

Let’s start the second quarter of the year with boosting our security posture by adopting two-factor authentication methods on our accounts to make them more secure. Two-factor authentication (2FA) is an identity and access management security method that requires two…

Read more →

As digital threats increase, we see more professionals transition into cybersecurity. Some come from previous technical roles, and some do not. However, because cybersecurity is primarily a problem-solving industry, those who switch from other high-pressure, high-performance positions are often best…

Read more →

In today’s digital landscape, it is important for organizations to depend upon the tools they use for cybersecurity. Large businesses can employ many security solutions, practices, and policies that must combine to create a robust and layered security strategy. While…

Read more →

Google has issued a security advisory to owners of its Android Pixel smartphones, warning that it has discovered someone has been targeting some devices to bypass their built-in security . What makes the reported attacks particularly interesting is that traditional…

Read more →

Google has issued a security advisory to owners of its Android Pixel smartphones, warning that it has discovered someone has been targeting some devices to bypass their built-in security . What makes the reported attacks particularly interesting is that traditional…

Read more →

Security and compliance – a phrase often uttered in the same breath as if they are two sides of the same coin, two members of the same team, or two great tastes that go great together. As much as I…

Read more →

In any organization, unrestricted access to systems and resources poses significant security risks. Recent cybersecurity events have shown that attackers will target any organization of any size. The most common attack vector is through unauthorized access to a legitimate account,…

Read more →

Tripwire’s March 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, Google, and Apple. First on the patch priority list are patches for Windows Kernel and Multiple Apple products. These CVEs (CVE-2024-21338, CVE-2024-23296, CVE-2024-23225) have been added to…

Read more →

The National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) was published in 2014 for the purpose of providing cybersecurity guidance for organizations in critical infrastructure. In the intervening years, much has changed about the threat landscape, the kinds…

Read more →

On an ordinary day, you’re casually surfing the web and downloading some PDF files. The document icons seem pretty legitimate, so you click without a second thought. But, to your surprise, nothing happens. A closer look reveals that what you…

Read more →

In the intricate landscape of cybersecurity, Digital Forensics and Incident Response (DFIR) stand as the sentinels guarding against the onslaught of digital threats. It involves a multifaceted approach to identifying, mitigating, and recovering from cybersecurity incidents . In the physical…

Read more →

I’ll start this one with an apology – I’ve been watching a lot of the TV show The Bear (which I’d highly recommend!) and thus been thinking a lot about kitchen processes and the challenges of making everything come together…

Read more →

What Is Browser Security? Browser security is a set of measures and processes intended to protect users and their data when using web browsers. This includes mechanisms to prevent unauthorized access, safeguard against malicious software and other browser security threats…

Read more →

With $109.5 billion of growth expected between now and 2030, the global AI cybersecurity market is booming – and it’s not hard to see why. According to a recent survey of security professionals, three-quarters ( 75% ) have observed an…

Read more →

Nemesis Market, a notorious corner of the darknet beloved by cybercriminals and drug dealers, has been suddenly shut down after German police seized control of its systems. Germany’s Federal Criminal Police (known as the BKA) has announced that it has…

Read more →

In our interconnected world, the real estate industry has embraced technology to revolutionize its operations, enhance customer experiences, and streamline business processes. Yet, while this technological evolution has brought immense benefits to the property sector, it has also attracted the…

Read more →

In an era characterized by relentless digital transformation and interconnectedness, cybersecurity has evolved into a complex and dynamic battleground. Businesses, governments, and individuals find themselves locked in a perpetual struggle against a relentless flood of evolving threats. From sophisticated cybercriminal…

Read more →

Modern cybersecurity has reached an exceptional level, particularly with the integration of AI technology . The complexity of cyberattacks and their methodologies has also increased significantly, even surpassing human comprehension . This poses a considerable challenge for cybersecurity professionals who…

Read more →

The United States Federal Trade Commission (FTC) has warned the public to be cautious if contacted by people claiming to be… FTC staff. In a warning published on its website , the FTC said that scammers were using its employees’…

Read more →

Thanks to the burgeoning supply chain, a host of IoT and work-from-home devices, and an expanding cloud presence, organizations are constantly ingesting new hardware into their IT environments. With each new line of code comes a fresh chance for a…

Read more →

Security and compliance are often tightly intertwined. The main difference is that sometimes security can outpace compliance efforts. While it is easy to infer that a more secure system exceeds a compliance requirement, an auditor should not be expected to…

Read more →

Australian organizations find themselves navigating a minefield of supply chain risks, with a surge in incidents stemming from multi-party breaches. These breaches are often caused by vulnerabilities in cloud or software providers and are emerging as a challenge that demands…

Read more →

The demand for innovative threat detection and intelligence approaches is more pressing than ever. One such paradigm-shifting technology gaining prominence is Federated Learning (FL). This emerging concept harnesses the power of collaborative intelligence, allowing disparate entities to pool their insights…

Read more →

Any time the television news presents a story about cybersecurity, there is always a video of a large data center with thousands of blinking lights. Even most cybersecurity blogs will include an image of many lights on the front panels…

Read more →

An affiliate of the LockBit ransomware gang has been sentenced to almost four years in jail after earlier pleading guilty to charges of cyber extortion and weapons charges. 34-year-old Mikhail Vasiliev, who has dual Russian and Canadian nationality, was arrested…

Read more →

What Is a Host-Based Intrusion Detection System (HIDS)? A host-based intrusion detection system, or HIDS , is a network application that monitors suspicious and malicious behavior, both internally and externally. The HIDS’ job is to flag any unusual patterns of…

Read more →

According to the Verizon 2023 Data Breach Investigations Report , Basic Web Application Attacks accounted for nearly one-fourth of the entire breach data set. Although not the most sophisticated threats in the bunch, common web attacks like credential stuffing and…

Read more →

Today’s VERT Alert addresses Microsoft’s March 2024 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1097 as soon as coverage is completed. In-The-Wild & Disclosed CVEs There were no in-the-wild or disclosed…

Read more →

Protecting sensitive data and other assets requires an organization to be adaptable and stay informed on things like the digital landscape and threat trends. While some aspects of security are within an organization’s control, it can be extremely difficult to…

Read more →

Using security tools to monitor activities on IP based endpoints and the resulting changes that occur pose one of the most formidable challenges to security and regulatory compliance efforts, thanks to its potential to disrupt established security measures and protocols.…

Read more →

Historically, cyber-attacks were labor-intensive, meticulously planned, and needed extensive manual research. However, with the advent of AI , threat actors have harnessed their capabilities to orchestrate attacks with exceptional efficiency and potency. This technological shift enables them to execute more…

Read more →

If you have been optimistically daydreaming that losses attributed to cybercrime might have reduced in the last year, it’s time to wake up. The FBI’s latest annual Internet Crime Complaint Center (IC3) report has just been published and makes for…

Read more →

Energy efficiency and availability is a major concern for all countries and governments. The electric grid is a vital sector, and any malfunctions will create ripple effects on any nation’s economy. As the grid is heavily dependent on cyber-enabled technologies…

Read more →

In 2024, transformation is reshaping industries, and the financial sector stands at a crucial juncture. The Softcat Business Tech Priorities Report , a comprehensive survey encompassing over 4,000 customers across various sectors, sheds light on this transformation. Significantly, cybersecurity has…

Read more →

In today’s expanding cyber threat landscape, infiltrating a system goes beyond unauthorized access or malware installation. To achieve their ultimate objectives, cybercriminals need to maintain an undetected presence in the system or network to control or extract data according to…

Read more →

Distributed Denial of Service (DDoS) attacks occur when adversaries overwhelm a connected target’s resources, aiming to make it unavailable. Learning the best strategies to protect from DDoS attacks is critical to energy grid cybersecurity. A well-planned DDoS attack on the…

Read more →

Agriculture, a fundamental aspect of human civilization, plays an important role in global economic stability, contributing 4% to the global GDP . This sector not only provides food, but also supplies vital raw materials for various industries and drives economic…

Read more →

In the intricate realm of cybersecurity, the relentless surge of cyber threats demands a constant reassessment of defensive strategies. Amidst this dynamic landscape, a subtle yet indispensable player takes center stage — Security Configuration Management (SCM) . This blog embarks…

Read more →

Tripwire’s February 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, ConnectWise, and Google. First on the patch priority list are patches for ConnectWise ScreenConnect, Microsoft Exchange Server, Microsoft Windows SmartScreen, and Microsoft Windows Internet Shortcut files. These…

Read more →

The most recent book that we’ve read over here is Black Hat GraphQL: Attacking Next Generation APIs written by Dolev Farhi and Nick Aleks . The book is described as being for, “anyone interested in learning how to break and…

Read more →

What’s happened? The US government warned healthcare organizations about the risk of being targeted by the ALPHV BlackCat ransomware after a surge in attacks. I thought ALPHV BlackCat had been taken down by the cops? Well remembered. Shortly before Christmas,…

Read more →

The financial services sector faces unprecedented cybersecurity challenges in today’s digital age. With the industry being a prime target for cybercriminals , understanding and adhering to cybersecurity regulations has never been more crucial. This article delves into the labyrinth of…

Read more →

What is the greatest cyber risk in the world right now? Ransomware? Business Email Compromise? Maybe AI? Well, the last one is pretty close. According to the World Economic Forum, misinformation and disinformation are the most severe global risks of…

Read more →

Cybersecurity is a pressing topic of concern for most organizations today, as any amount of sensitive data or digital assets can present a security risk. Understanding the digital landscape, threat trends, and the way they change over time is an…

Read more →

Scammers are increasingly resourceful when coming up with scam techniques. But they often rely on long-standing persuasion techniques for the scam to work. So, you may hear about a new scam that uses a novel narrative, but there is a…

Read more →

Have you ever considered that even before you enjoy the first sip of your favorite morning beverage, you have probably interacted with at least half of the 16 critical infrastructure sectors that keep a nation running? In one way or…

Read more →

Although attacks on small and medium-sized businesses (SMBs) rarely hit the headlines, they remain a serious threat. Unlike their corporate counterparts, many SMBs lack the tools, skills, and mitigation services they need to combat modern threats. Understanding that forewarned is…

Read more →

Navigating the information superhighway is like threading your car through traffic on a dangerous rush hour freeway. The journey is full of perils that can prevent you from getting where you need to go and turn the trip into a…

Read more →

A huge reward is being offered for information leading to the identification or location of any of the leaders of the LockBit ransomware gang. The bounty offer comes from the US State Department, following this week’s disruption of the criminal…

Read more →

Many of the breaches of the past ten years have taken advantage of weak or nonexistent security settings. Conversely, for example, companies that configured their Docker application to the CIS recommended security settings for container users and privileges were not…

Read more →

Last year, the Securities and Exchange Commission adopted rules on cybersecurity risk management that focused on transparency. Much of the adopted rules were focused on investors, but the rules also underscored the importance of the impact to customers when cybersecurity…

Read more →

As we are well into 2024 now, we at Fortra want to continue our commitment to empowering you all with the knowledge and tools needed to protect you, your organization, and even your family. This year, we will be looking…

Read more →

Over the years, PayPal has earned a reputation for being a secure and easy way to send and receive money. However, no payment system is entirely immune to scams , and cybercriminals often exploit these platforms due to their widespread…

Read more →

Today, almost every organization is engaged with a third-party vendor at some level when offering products or services. Take, for instance, an e-commerce business that may not be able to function properly unless multiple third-party integrations are involved, such as…

Read more →

The digital landscape is ever-changing, causing cybersecurity to often feel like a moving target. Thankfully, the NSA 2023 Cybersecurity Report arrives to provide critical information and context to help organizations keep their peace of mind. This comprehensive report, drawing insights…

Read more →

A recent report from Duke University’s Sanford School of Public Policy has shed light on a concerning issue – data brokers are selling vast amounts of highly sensitive information about American military service members. This includes private data about active-duty…

Read more →

Good news for organisations who have fallen victim to the notorious Rhysida ransomware . A group of South Korean security researchers have uncovered a vulnerability in the infamous ransomware. This vulnerability provides a way for encrypted files to be unscrambled.…

Read more →

Today’s VERT Alert addresses Microsoft’s February 2024 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1093 as soon as coverage is completed. In-The-Wild & Disclosed CVEs CVE-2024-21351 This CVE describes a bypass…

Read more →

With all the technology we have today, installing software updates has become a near-daily, full-time activity. Patch management for large-scale enterprise IT systems can be one of the most stressful parts of an IT professional’s job. In today’s large and…

Read more →

Today’s BEC attacks are more nuanced, more accessible, less technically demanding, and consequently, more dangerous than ever before. In our report, 2023 BEC Trends, Targets, and Changes in Techniques , we take a hard look at the anatomy of Business…

Read more →

In the ever-evolving landscape of cybersecurity, businesses and individuals find themselves in a relentless battle against the surge of cybercrime, which continues to escalate in complexity and frequency. Despite the significant investments in cutting-edge cybersecurity solutions, the financial toll of…

Read more →

New research shows a 704% increase in deepfake “face swap” attacks from the first to the second half of 2023. A report from biometric firm iProov warns that “face-swapping” fraudsters are increasingly using off-the-shelf tools to create manipulated images and…

Read more →

In recent times, the remarkable advancement of AI has revolutionized our technological landscape. Its profound benefits have not only enhanced the efficiency of our daily operations but also induced transformative shifts across industries. The impact of AI has made our…

Read more →

Last year, text scammers prowling around on messaging platforms like WhatsApp sent a staggering 19 million messages in December alone. When ploys like these can rake up over $10 million in a matter of months, it’s easy to see why.…

Read more →

Technology has recently been evolving at the speed of light. We have seen the onset of increased cyber threats across all industries. Gone are the times when threat actors had a specific goal and target. We now live in an…

Read more →

Kubernetes has emerged as the leading platform for orchestrating containerized applications. However, developers and administrators rely on an ecosystem of tools and platforms that have emerged around Kubernetes. One of these tools is Helm, a package manager that simplifies Kubernetes…

Read more →

Tripwire’s January 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, Apple, Google, and Atlassian. First on the patch priority list are patches for Apple, Google Chromium V8, and Atlassian Confluence Data Center and Server. These CVEs have…

Read more →

The 49ers and Kansas City Chiefs aren’t the only ones with a big game to play on February 11th; this year, cybercriminals and cyber defenders will be facing off behind the scenes in a Super Bowl-sized bout of their own.…

Read more →

The emergence of innovative Financial Technology (FinTech) has spearheaded rapid growth in the digital payments sector. In recent years, global payment revenues exceeded valuations of $2.2 trillion , with a steady Compound Annual Growth Rate (CAGR) expected in the next…

Read more →

Nearly four years ago, the Department of Defense released the Cybersecurity Maturity Model Certification (CMMC). This was created as a complement to NIST SP 800-171 , which focused on protecting Controlled Unclassified Information (CUI). If you are unfamiliar with what…

Read more →

One of the most important concerns for organizations of all sizes is protection against cyberattacks and other digital threats to security. These dangers can prove a major setback for a company, and many even pose an existential threat. In order…

Read more →

The IBM i is a midrange server that is used across many industries and businesses varying in sizes. Backed by its long history and support by IBM, a world-class innovator, the IBM i platform stands alone in the midrange server…

Read more →

In an era where digital transformation dictates the pace of business growth, APIs have become the cornerstone of modern enterprise architecture. APIs are not just technical tools; they are vital assets that drive business processes, enhance customer experiences, and open…

Read more →

In a newly published report , the UK’s National Cyber Security Centre (NCSC) has warned that malicious attackers are already taking advantage of artificial intelligence and that the volume and impact of threats – including ransomware – will increase in…

Read more →