Category: Blog RSS Feed

“Sextortion” scams represent some of cybercriminals’ most brazen attempts to extract money from unwitting victims. These extortion techniques rely on fear and shame to get targets to pay up. Similar to individualized ransomware attacks, if the party refuses to pay…

Read more →

Today’s VERT Alert addresses Microsoft’s July 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1114 as soon as coverage is completed. In-The-Wild & Disclosed CVEs CVE-2024-38112 A vulnerability in the Windows MSHTML…

Read more →

The Defense Information Systems Agency (DISA) is a Department of Defense (DoD) service provider that supplies a global information-sharing architecture for all DoD members “from the President on down.” Their cybersecurity measures are among the best in the world. As…

Read more →

Each day, it seems that we hear of another healthcare organization being compromised by a cyber attack. It is clear that the healthcare industry is the new favorite target amongst cybercriminals. Fortunately, vigorous efforts are available to combat these threats.…

Read more →

The IT and OT systems that support not only federal governmental agencies but also national critical infrastructure must be protected, but developing a security strategy effective against threats is no easy feat. It can be difficult to cover all of…

Read more →

What’s happening? Security researchers have warned that a new ransomware group has taken an unusual twist on the traditional method of extorting money from its corporate victims. So what’s different this time? Whereas many ransomware attacks see a company’s company’s…

Read more →

In Part 1, the existing global regulations around IoT were introduced. In this part, the challenge of complying with these rules is examined. The IoT Security Challenge Securing the Internet of Things (IoT) presents complex challenges that stem primarily from…

Read more →

The Sarbanes-Oxley Act (SOX), enacted by the United States Congress in 2002, is a landmark piece of legislation that aims to improve transparency, accountability, and integrity in financial reporting and corporate governance. The act was a response to high-profile corporate…

Read more →

Contrary to what one might expect, creating a File Integrity Monitoring (FIM) system is pretty easy. Practically anyone with a modicum of Python, Perl, or development skills can write an app or script to gather a file’s checksum, compare it…

Read more →

Tripwire’s June 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the list are patches for Microsoft Edge (Chromium-based) and Chromium that resolve use after free, heap buffer overflow, and out of bounds write vulnerabilities Next…

Read more →

Containerization has revolutionized application development, deployment, and management – and for good reason. The ability to automatically wrap an application and its dependencies into a single, easily deployable package helps developers focus on what they do best: writing code. Widely…

Read more →

Cybersecurity frameworks are blueprints for security programs. Typically developed by governmental organizations, industry groups, or international bodies, they take the guesswork out of developing defense strategies, providing organizations with standards, guidelines, and best practices to help them manage and reduce…

Read more →

There’s some possibly good news on the ransomware front. Companies are becoming more resilient to attacks, and the ransom payments extorted from businesses by hackers are on a downward trend. That’s one of the findings of insurance broker Marsh, which…

Read more →

As the 2024 Olympic Games in Paris approach, organizers are intensifying cybersecurity measures in response to warnings from experts and law enforcement agencies about a likely surge in cyberattacks. The Games, set to start on 26 July this year, are…

Read more →

As we pass the halfway mark of 2024, data breaches remain on the rise. Cybercriminals are finding more and more inventive ways to infiltrate organizations, exploiting vulnerabilities in networks, software, and human behavior. From phishing schemes and ransomware attacks to…

Read more →

Zero Trust maturity might be one of the least understood security buzzwords of our era. The term “Zero Trust” was originally coined over a decade ago and described the principle of not assigning digital trust to any entity, ever, for…

Read more →

Artificial Intelligence ( AI) is now integrated into almost every available technology. It powers numerous real-world applications, from facial recognition to language translators and virtual assistants. AI offers significant benefits for businesses and economies by boosting productivity and creativity. However,…

Read more →

The Internet of Things (IoT) refers to the global network of physical devices connected to the internet, capable of collecting and sharing data. IoT devices range from everyday household items to sophisticated industrial tools. By integrating sensors and communication hardware,…

Read more →

I recently came across the ” Johari Window Model” and thought this would be a good way to gain inspiration to explain the conundrum faced by many cybersecurity customers. The table below shows us the breakdown of the stages that…

Read more →

In the past four years, cyberattacks have more than doubled. Cybercriminals are leveraging emerging technologies like artificial intelligence (AI) to facilitate more sophisticated attacks. Geopolitical tumult has increased cyber risk. Couple these factors with a near-ubiquitous desire for businesses to…

Read more →