Category: The State of Security

VERT Threat Alert: October 2022 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s October 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1025 on Wednesday, October 12th. In-The-Wild & Disclosed CVEs CVE-2022-41033 A vulnerability in the Windows COM+ Event System…

VERT Threat Alert: October 2022 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s October 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1025 on Wednesday, October 12th. In-The-Wild & Disclosed CVEs CVE-2022-41033 A vulnerability in the Windows COM+ Event System…

The State of Security: Poland

Poland is getting ready for the upcoming Presidential elections in August 2023 amidst a turbulent geopolitical and economic environment. The war in Ukraine has placed the country in the epicenter of the events, becoming home to more than 3.5 million…

4 tips to achieve Data Compliance

Data compliance is a crucial and essential factor in organizations that should be carefully followed for data management. Data compliance is more than maintaining relevant standards and regulations and ensuring that the data is secured. The substantial amount of data…

The State of Security: Poland

Poland is getting ready for the upcoming Presidential elections in August 2023 amidst a turbulent geopolitical and economic environment. The war in Ukraine has placed the country in the epicenter of the events, becoming home to more than 3.5 million…

4 tips to achieve Data Compliance

Data compliance is a crucial and essential factor in organizations that should be carefully followed for data management. Data compliance is more than maintaining relevant standards and regulations and ensuring that the data is secured. The substantial amount of data…

See Yourself in Cyber: 4 Steps to Stay Safe

As threats to technology and private information become more frequent, the President of the United States and Congress have proclaimed October to be Cybersecurity Awareness Month. This initiative aims to assist people in protecting themselves online. Government and business are…

UK Construction: Cybersecurity Experts Defend Joint Ventures

After years of falling behind, the construction industry has realised the importance of its data. Construction-related businesses invested a remarkable 188% more in cybersecurity in 2018–19. Data leaks and cyberattacks have jolted sectors worldwide, affecting everyone. 55% of UK businesses…

See Yourself in Cyber: 4 Steps to Stay Safe

As threats to technology and private information become more frequent, the President of the United States and Congress have proclaimed October to be Cybersecurity Awareness Month. This initiative aims to assist people in protecting themselves online. Government and business are…

Major Database Security Threats & How You Can Prevent Them

Organizations and businesses must use a range of measures, protocols, and tools to protect their databases from cybercriminals. If breached, malicious actors can gain access to sensitive information that they can use for financial gain. Security teams must adapt and…

Major Database Security Threats & How You Can Prevent Them

Organizations and businesses must use a range of measures, protocols, and tools to protect their databases from cybercriminals. If breached, malicious actors can gain access to sensitive information that they can use for financial gain. Security teams must adapt and…

SecTor 2022: The IoT Hack Lab is Back!

Last year, it was great to be back at SecTor after everything was canceled in 2020. The capacity was reduced, but the Hack Lab was still plenty busy and we loved having everyone come by and visit our table and…

Overheard at the SANS Security Awareness Summit 2022

People have become the primary attack vector for cyber attackers around the world. As the Verizon Data Breach Investigations Report 2022 indicates, it is humans rather than technology that now represent the greatest risk to organizations. According to the SANS…

Tripwire Patch Priority Index for August 2022

Tripwire’s August 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the patch priority list this month are patches for Microsoft Office, Outlook, and Excel that resolve 4 vulnerabilities, including denial of service, remote code execution,…

Defense in Depth: 4 Essential Layers of ICS Security

It is always said that security is never a one-size-fits-all solution.  This is true not only because of the apparent infinite varieties of equipment in each individual organization, but also, and perhaps more importantly, the different ways that every organization…

SecTor 2022: The IoT Hack Lab is Back!

Last year, it was great to be back at SecTor after everything was canceled in 2020. The capacity was reduced, but the Hack Lab was still plenty busy and we loved having everyone come by and visit our table and…

A Traveller’s Guide to Staying Cyber safe

With the massive increase in mobile device sales worldwide, it is easy to imagine that the number of people using the internet while travelling has also increased significantly in recent years. With this growth in online activity comes a greater…

SecTor 2022: The Power of the Pico

I’m excited to share that I will be speaking at SecTor this year in the tools track. While the SecTor schedule is not yet finalized, I’m currently listed as speaking at 10:15am on October 6th. The talk, The Power of…

Tripwire Patch Priority Index for August 2022

Tripwire’s August 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the patch priority list this month are patches for Microsoft Office, Outlook, and Excel that resolve 4 vulnerabilities, including denial of service, remote code execution,…

Defense in Depth: 4 Essential Layers of ICS Security

It is always said that security is never a one-size-fits-all solution.  This is true not only because of the apparent infinite varieties of equipment in each individual organization, but also, and perhaps more importantly, the different ways that every organization…

A Traveller’s Guide to Staying Cyber safe

With the massive increase in mobile device sales worldwide, it is easy to imagine that the number of people using the internet while travelling has also increased significantly in recent years. With this growth in online activity comes a greater…

SecTor 2022: The Power of the Pico

I’m excited to share that I will be speaking at SecTor this year in the tools track. While the SecTor schedule is not yet finalized, I’m currently listed as speaking at 10:15am on October 6th. The talk, The Power of…

FBI warns of criminals attacking healthcare payment processors

Millions of dollars have been stolen from healthcare companies after fraudsters gained access to customer accounts and redirected payments. In a newly-published advisory directed at the healthcare payment industry, the FBI warns that cybercriminals are using a cocktail of publicly-available…

Cybersecurity Threats to the US Water Industry

In an increasingly digital world, cybersecurity is a significant – and relevant – threat to individuals and companies alike. Cybercriminals are constantly devising new ways to steal information for personal gain through exploitation or ransom demands. It’s become unfortunately commonplace…

VERT Threat Alert: September 2022 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s September 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1021 on Wednesday, September 14th. In-The-Wild & Disclosed CVEs CVE-2022-23960 The first disclosed vulnerability this month is Spectre-BHB…

How to Correctly Classify Your Data in 2022

Data classification can feel like an overwhelming task, especially for organizations without a strong practice in place. As with any security approach, data classification is both crucial and tempting to avoid. Regardless of whether the value is recognized, there’s a…

WhatsApp Scams in 2022: What to Look out for

WhatsApp is ranked as the most popular mobile messenger app in the world.  In fact, there are two billion active users on the app. This is an incredibly large audience. Unfortunately, it is also a huge number of potential victims…

What Is the ISA/IEC 62443 Framework?

Cybersecurity threats to manufacturing and process plants are coming from a wide range of attack vectors, including supply chain, logistics, enterprise computing, remote connections, operator stations, programmable logic controllers, distributed control systems (DCSs), smart sensors, and new smart devices. Internet…

Everything You Need to Know About CI/CD and Security

CI/CD is a recommended technique for DevOps teams and a best practice in agile methodology. CI/CD is a method for consistently delivering apps to clients by automating the app development phases. Continuous integration, continuous delivery, and continuous deployment are the…

Key Points from the IBM Cost of a Data Breach Report 2022

The volume and impact of data breaches have accelerated largely in 2022, which has contributed to many adverse effects for businesses. Tc highlights several updated factors that have generated great costs across 17 countries and regions, and 17 industries. The…

Why Does Medical Imaging Equipment Need Better Cybersecurity?

Medical imaging cybersecurity needs to evolve to meet today’s security threats. Cyberthreats specifically targeting health care institutions have increased over recent years. More data is also at risk since patients have begun widely using telemedicine services. In addition to the…

Privacy in Q2 2022: US, Canada, and the UK

The second quarter of 2022 offered plenty of positing on privacy, both in the U.S. and internationally. In the U.S., we saw the addition of another state privacy law, and a spark of hope in privacy professionals’ eyes with the…

Black Hat USA 2022: Key Highlights

Arriving at the keynote hall for Black Hat 2022, I was immediately struck by the size of the crowd – after the seemingly endless pandemic hiatus, the cyber industry had come out in force.  The mood was one of enthusiasm,…

Email and cybersecurity: Fraudsters are knocking

Can you remember your first email? Either sending one, or receiving it? I certainly remember explaining to people what email was, and I also remember someone telling me they could live without their email server for “about a month before…

The State of Security: SIEM in 2022

The world of enterprise cybersecurity is exceedingly dynamic. In a landscape that is ever-changing, security professionals need to combat a class of evolving threat actors by deploying increasingly sophisticated tools and techniques. Today with enterprises operating in an environment that…

What is Configuration Drift?

In a previous post my colleague spoke about how ensuring devices on your network is a great way to minimize the attack surface of your infrastructure. Organizations like the Center for Internet Security (CIS) provide guidelines on how to best…

A 5 Step Checklist for Complying with PCI DSS 4.0

In March 2022, the Payment Card Industry Data Security Standard (PCI DSS) was updated with a number of new and modified requirements. Since their last update in 2018, there has been a rapid increase in the use of cloud technologies,…

Convergence and adoption of AI and ML countering the cyber threat

During the last few years, we have witnessed an increase in advanced cyber attacks. Cybercriminals utilize advanced technology to breach the digital boundary and exploit enterprises’ security vulnerabilities. No industry feels secure; security professionals do their utmost to close security…

3 Types of Network Attacks to Watch Out For

Cybersecurity is becoming more of a common term in today’s industry. It is being passed around executive meetings along with financial information and projected marketing strategies. Within the cybersecurity lexicon, there are some attack methods that are repeated enough to…

Cyber Threats – The New Norm in Data Security

“Data: We have never had so much of it, and it has never been so challenging to protect.” These are some of the opening words in the new survey published by ISMG and HelpSystems in the ‘Data Security Survey 2022’.…

VERT Threat Alert: August 2022 Patch Tuesday Analysis

Today’s Patch Tuesday VERT Alert addresses Microsoft’s August 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1015 on Wednesday, August 10th. In-The-Wild & Disclosed CVEs CVE-2022-34713 According to Microsoft, CVE-2022-34713 is a…

Weak Cybersecurity is taking a toll on Small Businesses

Life among America’s nearly 32 million small businesses has never been easy. According to the Small Business Administration, about 20% of small business startups fail in their first year and half succumb to failure within five years. Bigger businesses have…

Top trends in Application Security in 2022

The rising number of cyber attacks against software applications has emphasized how security must serve as an important factor in software development.  More than the traditional Software Development Lifecycle (SDLC) procedures, now security-integrated development lifecycles are being widely adapted. These…

Aviation Safety and Cybersecurity: Learning from Incidents

The aviation safety sector is the study and practice of managing aviation risks. It is a solid concentration of regulations, legal documents, investigations of accidents and near-miss aviation incidents. On top of them lie lessons learned and shared knowledge; reports,…