Category: HelpSystems Blog

VERT Threat Alert: May 2023 Patch Tuesday Analysis – Cloned

Today’s VERT Alert addresses Microsoft’s May 2023 Security Updates, which include a new release notes format. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1055 on Wednesday, May 10th. In-The-Wild & Disclosed CVEs CVE-2023-29336 Up…

Supply Chain Compromise: The Risks You Need to Know

This piece was originally published on Fortra’s AlertLogic.com Blog. Thinking about your own network isn’t enough to keep your business safe and profitable. As more buyers, sellers, and partners collaborate ever more closely across the world, supply chain IT risks…

Tripwire Patch Priority Index for April 2023

Tripwire’s April 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft and Adobe. First on the patch priority list this month are patches for Microsoft Edge. These patches resolve over 15 vulnerabilities such as spoofing, type confusion, and…

An overview of the OSI model and its security threats

The Open Systems Interconnection (OSI) model is a conceptual framework developed by the International Standards Organization (ISO). It has been in use for over 40 years, and is cited in every computer network book. It is also a favorite resource…

3 Tips to Strengthen AWS Container Security

This piece was originally published on Fortra’s AlertLogic.com Blog. If you’re building an application, you want to ensure it’s reliable, consistent, and rapidly deployable in any cloud environment. That’s what containers are used for — packaging instructions into a digital…

Allowlisting and Blocklisting: What you need to know

The phone rings, displaying “Potential Spam,” warning of the possible downfall of accepting the call. We also have the option to set specific ringtones for the special people in our lives, so we audibly know immediately who’s calling. For other…

What is a WAF? (Web Application Firewall)

This piece was originally published on Fortra’s AlertLogic.com Blog. A Comprehensive Guide to Understanding WAFs: How it Works, Types, and Security Models Web applications drive digital transformation, remote work, employee productivity, and consumer interactions. The ability to connect to critical…

Explaining the PCI DSS Evolution & Transition Phase

The boon of online business and credit card transactions in the early 90s and 2000s resulted in an increasing trend of online payment fraud. Since then, securing business and online card transactions has been a growing concern for all business…

Root Cause Analysis for Deployment Failures

Root Cause Analysis (RCA) is a technique used to identify the underlying reasons for a problem, with the aim of trying to prevent it from recurring in the future. It is often used in change management processes to help identify…

Spring is the Perfect Season for a Digital Declutter

Spring is here! Who’s up for some digital spring cleaning? Digital de-cluttering helps you organize your life and has the bonus of reducing your vulnerability to common threats. But knowing where to begin can be hard; most of us leave…

Fortra: Your Cybersecurity Ally

It was just a short time ago that Fortra came into being, as the new face of HelpSystems. Fortra is a company that combines a group of cybersecurity products and services into one portfolio. As with all acquisitions, many customers…

A Day in the Life of a SOC Team

This piece was originally published on Fortra’s AlertLogic.com Blog. Managed detection and response (MDR) would be nothing without a SOC (security operations center). They’re on the frontline of our clients’ defenses — a living, breathing layer of intelligence and protection…

What Is Microsegmentation and 5 Compelling Security Use Cases

What Is Microsegmentation? Microsegmentation is a security technique that partitions a network into small, isolated sections to reduce the attack surface and reduce an organizations risk. Each microsegment is typically defined by specific security policies, accessible only to authorized users…

The U.S. Army Is Revamping Its Cybersecurity Approach

Military cybersecurity operations are shifting to a digital battlefield, where tools and technology work to save lives and increase efficiency. With these advancements comes the increased need for resilient measures to meet the needs of soldiers, leadership, and civilians alike.…

VERT Threat Alert: April 2023 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s April 2023 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1050 on Wednesday, April 12th. In-The-Wild & Disclosed CVEs CVE-2023-28252 A vulnerability in the Common Log File System…

30 Ransomware Prevention Tips

Dealing with the aftermath of ransomware attacks is like Russian roulette. Submitting the ransom might seem like it’s the sole option for recovering locked data. Ransomware also continues to evolve as a threat category within the past year, with old…

Securing your Digital Life: MFA, Password Managers and Risk

In security, there are always tensions; the balancing act between security, convenience, and functionality. While these three, often competing interests cause many people to become frustrated, there are some simple steps that can ease the security struggle: Any Multi-Factor Authentication…

Tripwire Patch Priority Index for March 2023

Tripwire’s March 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Google and Microsoft. First on the patch priority list this month is a patch for Microsoft Office Outlook that resolves a critical elevation of privilege vulnerability (CVE-2023-23397) that…

Distributed Energy Resources and Grid Security

As the United States government, the energy industry, and individual consumers work toward cleaner and more sustainable energy solutions, it is crucial to consider how new and advancing technologies affect, and are affected by, cybersecurity concerns. ­­­­Increasing use of smart…

The impact of Quantum Computing on cybersecurity

Quantum computers can solve highly complex problems faster than any of its predecessors. We are currently in a period of a quantum revolution. Many organizations are currently investing in the quantum computer industry, and it is predicted that the quantum…

5 Secure Ways to Avoid Crypto Theft in 2023

The rise in popularity of cryptocurrencies has brought about significant concerns regarding wallet vulnerabilities and digital theft among individuals and businesses transacting in the market. While the meteoric rise in the value of cryptocurrency has attracted legitimate investors, it has…

How to Secure Your Mobile Device: 8 Tips for 2023

The rapidly changing technology and portability of mobile devices have forced people to rely heavily on those products. With their increased functionalities, mobile devices carry out a number of our day-to-day activities, such as surfing the web, booking appointments, setting…

VIN Cybersecurity Exploits and How to Address Them in 2023

Cybersecurity is no longer the exclusive domain of computers, servers, and handheld devices. As wireless connectivity grows, it makes many daily activities more convenient, but it also means that cars may be vulnerable to cyberattacks. Connected, Autonomous, Shared and Electric…

5 Key Components of Cybersecurity Hardening

Hardening in Cybersecurity Cybersecurity hardening is a comprehensive approach to keeping your organization safe from intruders, and mitigating risk. By reducing your attack surface, vulnerability is reduced in tandem. Hardening (or system hardening) considers all flaws and entry points potentially…

Key Findings: UK Cybersecurity Breaches Survey 2022

The cybersecurity landscape is continuously evolving. It has led businesses to question how they are protecting themselves and their consumers from data breaches. Since 2014, the Department for Digital, Culture, Media and Sport (DCMS) has commissioned the Cybersecurity Breaches Survey…

A Look at The 2023 Global Automotive Cybersecurity Report

From its inception, the automotive industry has been shaped by innovation and disruption. In recent years, these transformations have taken shape in rapid digitization, ever-growing Electric Vehicle (EV) infrastructure, and advanced connectivity. These shifts have redirected the automotive industry, meeting…

What are Rootkits? How to prevent them

A Rootkit is a malicious program composed of malware that is created to provide prolonged root-level or privileged-level access to a computer. It remains hidden in the computer system while maintaining control of the system remotely. Rootkits have the ability…

What is CSAF (Common Security Advisory Framework)?

The world of security advisories is disjointed, with disparate systems holding critical documentation in various formats. To make matters more challenging, despite living in a digital-first era, most of these documents are not legible for machines and must be parsed,…

VERT Threat Alert: March 2023 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s March 2023 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1046 on Wednesday, March 15th. In-The-Wild & Disclosed CVEs CVE-2023-24880 Up first this month is a publicly disclosed…

What actually is database integrity?

If you were to poll the folks in a typical office about which aspect of the infamous CIA Triad was most important to them, you would likely get different answers from different people. While confidentiality, integrity, and availability are all…

ISO27001 Updates: Change is afoot

If you blinked, you might have missed it… On October 25th 2022, the new standard for the Information Security Management System, ISO27001 was released. Without fuss, and without fanfare. But, to quote a famous movie, “There was a great disturbance…

TSA tells US aviation industry to boost its cybersecurity

The US Transportation and Security Administration (TSA) has issued new requirements for airport and aircraft operators who, they say, are facing a “persistent cybersecurity threat.” The agency’s new directive compels the aviation industry to improve their defences against malicious hackers…

What Are Parameter Tampering Attacks?

APIs will continue to drive business and accelerate digital transformation this year to the extent that nearly no other technology can; according to the 19th Developer Economics survey by Slashdata, almost 90% of all developers use APIs. This makes them…

What to Know About Business Email Compromise (BEC) Scams

Business email compromise (BEC) is a dangerous type of email spoofing that targets businesses, aiming to damage them in some way. Overall, BEC “is one of the most financially damaging online crimes,” according to a joint Cybersecurity Advisory by the…

What is Malware as a Service (MaaS)?

Malware as a Service is the unlawful lease of software and hardware from the Dark Web to carry out cyber attacks. The threat actors who use this service are provided with botnet services and technical support by the MaaS owners.…

Stop Working in Silos: Integrating with APIs

Is your security tool an island? Does it do its singular task with little more to offer than what it says on the package? Too many security offerings behave as singular entities, forcing you to constantly perform task switching to…

Tripwire Patch Priority Index for February 2023

Tripwire’s February 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the patch priority list this month is a patch for Microsoft Defender for Endpoint that resolves a security feature bypass vulnerability. Next are patches for…

10 Database Security Best Practices You Should Know

Around 39 billion records were compromised between January and December of last year, according to Flashpoint’s 2022 A Year in Review report. While this result is quite staggering, it also sends a clear message of the need for effective database…

Social Engineering: Definition & 6 Attack Types

We all know about the attacker who leverages their technical expertise to infiltrate protected computer systems and compromise sensitive data. This type of malicious actor ends up in the news all the time. But they’re not the only ones making…

Key tips for helping secure your digital life

The key to protecting your digital life Even those who consider themselves well educated about security threats – and do everything they have been taught to do – can still end up as a victim. The truth is that with…

Social Engineering: Definition & 5 Attack Types

We all know about the attacker who leverages their technical expertise to infiltrate protected computer systems and compromise sensitive data. This type of malicious actor ends up in the news all the time. But they’re not the only ones making…

Deepfakes: What they are and tips to spot them

Deepfakes are forged images, audio, and videos that are created using Artificial Intelligence (AI), and Machine Learning technologies. According to the World Economic Forum (WEF), deepfake videos are increasing at an annual rate of 900%, and recent technological advances have…

Fake ChatGPT apps spread Windows and Android malware

OpenAI’s ChatGPT chatbot has been a phenomenon, taking the internet by storm. Whether it is composing poetry, writing essays for college students, or finding bugs in computer code, it has impressed millions of people and proven itself to be the…

Public or Private Cloud: Choices to Consider

Organizations are progressively moving towards a predominantly cloud-based computing environment. What this means is that essentially all of their back-end infrastructure, systems, and client-facing applications can be accessed and distributed through the cloud. Modern cloud computing goes a step further…

Why Application Dependencies Are Critical for Cloud Security

Application dependencies occur when technology components, applications, and servers depend on each other to provide a business solution or service. Developers have a specific technology stack in mind when building solutions. This can typically include operating systems, database engines, and…

How do mail filters work?

Mail filters play a huge role in protecting organizations from cyberattacks. Even though their task is quite small, they are very important for an organization’s ability to deter many malicious phishing and spam emails before delivery to a person’s inbox.…

How to achieve and maintain data compliance in 2023

The Compliance Landscape Only those hiding from the news, prospects, and customers can miss the data security and privacy challenges that are occurring. More businesses are relying on data analytics (garnered from data collection) for more and improved service and…

A Guide on 5 Common LinkedIn Scams

The fact that scammers haunt Facebook and Twitter is not surprising. Even so, digital criminals don’t stop with just those two platforms. They’re also known to stalk users on LinkedIn where connections carry greater professional gravity. Fortunately, users can stay…

Four of the Oldest Tricks in Scammers’ Books

As the world grows increasingly digital and dependent on the internet, cyberthreats are constantly evolving to clash with newer and more rigid security features. Despite cybercriminals’ propensity for finding new and innovative ways to take advantage of their targets, however,…

How to achieve and maintain data compliance in 2023

The Compliance Landscape Only those hiding from the news, prospects, and customers can miss the data security and privacy challenges that are occurring. More businesses are relying on data analytics (garnered from data collection) for more and improved service and…

A Guide on 5 Common LinkedIn Scams

The fact that scammers haunt Facebook and Twitter is not surprising. Even so, digital criminals don’t stop with just those two platforms. They’re also known to stalk users on LinkedIn where connections carry greater professional gravity. Fortunately, users can stay…

VERT Threat Alert: February 2023 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s February 2023 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1042 on Wednesday, February 15th. In-The-Wild & Disclosed CVEs CVE-2023-21823 The first vulnerability in the list this week…

Cybersecurity Is Necessary for Mission-Critical Energy Grids

Today’s energy sector is undergoing massive change, especially as more utilities try to usher in clean or renewable energy alternatives like solar, geothermal, hydroelectric, and wind power. In addition to the clean energy transition, grid modernization is another major shift…

How to protect organizations against Brute Force Attacks

A brute force attack is an attempt to reveal passwords and login credentials in order to gain access to network resources. These attacks are mainly done with the purpose of gaining unauthorized, and undetected access to compromise systems. Threat actors…

Social Networking Without Selling Yourself

A truism about the free tools online is that if you aren’t paying for the service, then you are the product. Take your grocery store’s “club” card program. You sign up and give them your name and phone number, and…