Category: Blog RSS Feed

Today’s VERT Alert addresses Microsoft’s September 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1123 as soon as coverage is completed. In-The-Wild & Disclosed CVEs CVE-2024-38217 Windows uses the Mark of the…

Read more →

Achieving Sarbanes-Oxley (SOX) Act compliance is becoming more difficult. While the Act is primarily a financial reporting regulation, it requires all publicly traded companies operating in the United States to maintain the integrity, accuracy, and reliability of financial reporting, which…

Read more →

Traditional cybersecurity solutions are constantly being supplemented and enhanced by new technology and practices. Industry leaders know that keeping up with digital security advancements is the best way to ensure the success of every company and that customers rely on…

Read more →

I worry that a lot of my blog posts reveal that I’m getting older and older as the days go by, but I wanted to talk about teasmades and security automation. For those of you outside of the UK, and…

Read more →

What is the Cicada ransomware? Cicada (also known as Cicada3301) is sophisticated ransomware written in Rust that has claimed more than 20 victims since its discovery in June 2024. Why is the ransomware called Cicada? The criminals behind Cicada appear…

Read more →

With the adoption of AI in almost every sphere of our lives and its unending advancement, cyberattacks are rapidly increasing. Threat actors with malicious intent use AI tools to create phishing emails and other AI-generated content to bypass traditional security…

Read more →

I know when to log out Know when to log in Get things done In the spirit of David Bowie, let’s explore how to navigate the labyrinth of privileged access management without getting “Under Pressure.” No one wants to mistype…

Read more →

There are many good business, security, and compliance reasons for leveraging the extensive rule and policy engines of Fortra’s Tripwire Enterprise (TE) to implement Security Configuration Management (SCM) capabilities, which have been documented very well in other blogs. In contrast,…

Read more →

Change is relentless. Technology evolves at breakneck speed, and security practitioners face a constant barrage of updates, system tweaks, and new tools. This relentless stream of modifications can create a clutter of information, making it challenging to pinpoint what is…

Read more →

File Integrity Monitoring (FIM) is a cybersecurity process that involves continuously monitoring files and systems to identify any unauthorized changes. FIM solutions maintain file integrity by comparing a file or system’s current state to a known, trusted baseline and flagging…

Read more →

Tripwire’s August 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, Adobe and Google. First on the list are patches for Microsoft Edge and Google Chromium that resolve 12 vulnerabilities, including information disclosure, remote code execution, and memory…

Read more →

Who doesn’t fancy earning US $2.5 million? That’s the reward that’s on offer from the US Department and State and Secret Service for information leading to the arrest and/or conviction of a Belarusian man who allegedly was a key figure…

Read more →

When outsourcing the IT department was first introduced, many business owners hailed it as the solution to all their technology problems. The promise of reduced headcount, less overhead and sunk costs, as well as reduced management responsibilities, seemed like a…

Read more →

LinkedIn scams are rampant. Know why? Scammers play on trust, which is why they love exploiting professional networks that have earned a trustworthy reputation. In a lot of ways, it’s the last place you’d expect. Unfortunately, given the incredibly high…

Read more →

Effectively acting as an invisible shield, the inner workings of IoT security are often taken for granted. However, we can focus and shine a light on the protocols and practices that provide the foundation of IoT security to help others…

Read more →

One of the most challenging aspects of working in cybersecurity can be the deceptively simple act of finding the best job that suits your skillset and best fits the employer’s expectations. Whether it is an entry-level position, a lateral move,…

Read more →

There is no doubt that we now live in an AI-driven, automation-powered world. Across industries and markets, leaders and professionals are achieving the utility of AI in their processes. The same applies to Governance, Risk, and Compliance (GRC) management, but…

Read more →

Cyber insurance has a strange past: AIG first took cyber insurance to market in 1997 despite a total lack of actuarial data to inform premiums or policies. Essentially, the industry ran on guesswork. Even today, the cyber insurance market is…

Read more →

Cybercrime is a major concern for individuals, businesses, and governments alike. As technology advances, so do the tactics and sophistication of those who seek to exploit it for nefarious purposes. Data shows that, on average, a cyber attack occurs every…

Read more →

The cyber threat landscape continues to be an unpredictable challenge for organizations as more of them embrace digitization. When it comes to maintaining stability and security in the age of rampant cyber attacks and record levels of data breaches plaguing…

Read more →