Tag: Blog RSS Feed

As businesses transition to hybrid and multi-cloud setups, vulnerabilities arising from misconfigurations and security gaps are escalating, attracting attention from bad actors. In response, the US National Security Agency (NSA) issued a set of ten recommended mitigation strategies, published earlier…

Read more →

The experience of seeing a doctor has transformed dramatically, thanks in part to the emergence of telemedicine. This digital evolution promises convenience and accessibility but brings with it a host of cybersecurity risks that were unimaginable up until a few…

Read more →

Police have successfully infiltrated and disrupted the fraud platform “LabHost”, used by more than 2,000 criminals to defraud victims worldwide. A major international operation, led by the UK’s Metropolitan Police, has seized control of LabHost, which has been helping cybercriminals…

Read more →

I’m always surprised – and a little disappointed – at how far we have to go before supply chain cybersecurity gets the respect and attention it deserves. I sat down this week with a new client who wanted some help…

Read more →

Cybersecurity has always been a complex field. Its adversarial nature means the margins between failure and success are much finer than in other sectors. As technology evolves, those margins get even finer, with attackers and defenders scrambling to exploit them…

Read more →

Generative AI has exploded in popularity across many industries. While this technology has many benefits, it also raises some unique cybersecurity concerns. Securing AI must be a top priority for organizations as they rush to implement these tools. The use…

Read more →

Security configurations are an often ignored but essential factor in any organization’s security posture: any tool, program, or solution can be vulnerable to cyberattacks or other security incidents if the settings are not configured correctly. Staying on top of all…

Read more →

In the first quarter of every year, organizations around the world release reports summing up data breach trends from the previous twelve months. And every year, these reports say broadly the same thing: data breach numbers have gone up again.…

Read more →

The number of endpoints in an organization often exceeds the number of employees. Managing these often disparate entities is more than a full-time job. Moreover, keeping them secure is equally difficult, yet securing all of your endpoints against cyber threats…

Read more →

What’s going on? A relatively new strain of ransomware called DragonForce has making the headlines after a series of high-profile attacks. Like many other ransomware groups, DragonForce attempts to extort money from its victims in two ways – locking companies…

Read more →

Let’s start the second quarter of the year with boosting our security posture by adopting two-factor authentication methods on our accounts to make them more secure. Two-factor authentication (2FA) is an identity and access management security method that requires two…

Read more →

As digital threats increase, we see more professionals transition into cybersecurity. Some come from previous technical roles, and some do not. However, because cybersecurity is primarily a problem-solving industry, those who switch from other high-pressure, high-performance positions are often best…

Read more →

In today’s digital landscape, it is important for organizations to depend upon the tools they use for cybersecurity. Large businesses can employ many security solutions, practices, and policies that must combine to create a robust and layered security strategy. While…

Read more →

Google has issued a security advisory to owners of its Android Pixel smartphones, warning that it has discovered someone has been targeting some devices to bypass their built-in security . What makes the reported attacks particularly interesting is that traditional…

Read more →

Google has issued a security advisory to owners of its Android Pixel smartphones, warning that it has discovered someone has been targeting some devices to bypass their built-in security . What makes the reported attacks particularly interesting is that traditional…

Read more →

Security and compliance – a phrase often uttered in the same breath as if they are two sides of the same coin, two members of the same team, or two great tastes that go great together. As much as I…

Read more →

In any organization, unrestricted access to systems and resources poses significant security risks. Recent cybersecurity events have shown that attackers will target any organization of any size. The most common attack vector is through unauthorized access to a legitimate account,…

Read more →

Tripwire’s March 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, Google, and Apple. First on the patch priority list are patches for Windows Kernel and Multiple Apple products. These CVEs (CVE-2024-21338, CVE-2024-23296, CVE-2024-23225) have been added to…

Read more →

The National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) was published in 2014 for the purpose of providing cybersecurity guidance for organizations in critical infrastructure. In the intervening years, much has changed about the threat landscape, the kinds…

Read more →

On an ordinary day, you’re casually surfing the web and downloading some PDF files. The document icons seem pretty legitimate, so you click without a second thought. But, to your surprise, nothing happens. A closer look reveals that what you…

Read more →

In the intricate landscape of cybersecurity, Digital Forensics and Incident Response (DFIR) stand as the sentinels guarding against the onslaught of digital threats. It involves a multifaceted approach to identifying, mitigating, and recovering from cybersecurity incidents . In the physical…

Read more →

I’ll start this one with an apology – I’ve been watching a lot of the TV show The Bear (which I’d highly recommend!) and thus been thinking a lot about kitchen processes and the challenges of making everything come together…

Read more →

What Is Browser Security? Browser security is a set of measures and processes intended to protect users and their data when using web browsers. This includes mechanisms to prevent unauthorized access, safeguard against malicious software and other browser security threats…

Read more →

With $109.5 billion of growth expected between now and 2030, the global AI cybersecurity market is booming – and it’s not hard to see why. According to a recent survey of security professionals, three-quarters ( 75% ) have observed an…

Read more →

Nemesis Market, a notorious corner of the darknet beloved by cybercriminals and drug dealers, has been suddenly shut down after German police seized control of its systems. Germany’s Federal Criminal Police (known as the BKA) has announced that it has…

Read more →

In our interconnected world, the real estate industry has embraced technology to revolutionize its operations, enhance customer experiences, and streamline business processes. Yet, while this technological evolution has brought immense benefits to the property sector, it has also attracted the…

Read more →

In an era characterized by relentless digital transformation and interconnectedness, cybersecurity has evolved into a complex and dynamic battleground. Businesses, governments, and individuals find themselves locked in a perpetual struggle against a relentless flood of evolving threats. From sophisticated cybercriminal…

Read more →

Modern cybersecurity has reached an exceptional level, particularly with the integration of AI technology . The complexity of cyberattacks and their methodologies has also increased significantly, even surpassing human comprehension . This poses a considerable challenge for cybersecurity professionals who…

Read more →

The United States Federal Trade Commission (FTC) has warned the public to be cautious if contacted by people claiming to be… FTC staff. In a warning published on its website , the FTC said that scammers were using its employees’…

Read more →

Thanks to the burgeoning supply chain, a host of IoT and work-from-home devices, and an expanding cloud presence, organizations are constantly ingesting new hardware into their IT environments. With each new line of code comes a fresh chance for a…

Read more →

Security and compliance are often tightly intertwined. The main difference is that sometimes security can outpace compliance efforts. While it is easy to infer that a more secure system exceeds a compliance requirement, an auditor should not be expected to…

Read more →

Australian organizations find themselves navigating a minefield of supply chain risks, with a surge in incidents stemming from multi-party breaches. These breaches are often caused by vulnerabilities in cloud or software providers and are emerging as a challenge that demands…

Read more →

The demand for innovative threat detection and intelligence approaches is more pressing than ever. One such paradigm-shifting technology gaining prominence is Federated Learning (FL). This emerging concept harnesses the power of collaborative intelligence, allowing disparate entities to pool their insights…

Read more →

Any time the television news presents a story about cybersecurity, there is always a video of a large data center with thousands of blinking lights. Even most cybersecurity blogs will include an image of many lights on the front panels…

Read more →

An affiliate of the LockBit ransomware gang has been sentenced to almost four years in jail after earlier pleading guilty to charges of cyber extortion and weapons charges. 34-year-old Mikhail Vasiliev, who has dual Russian and Canadian nationality, was arrested…

Read more →

What Is a Host-Based Intrusion Detection System (HIDS)? A host-based intrusion detection system, or HIDS , is a network application that monitors suspicious and malicious behavior, both internally and externally. The HIDS’ job is to flag any unusual patterns of…

Read more →

According to the Verizon 2023 Data Breach Investigations Report , Basic Web Application Attacks accounted for nearly one-fourth of the entire breach data set. Although not the most sophisticated threats in the bunch, common web attacks like credential stuffing and…

Read more →

Today’s VERT Alert addresses Microsoft’s March 2024 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1097 as soon as coverage is completed. In-The-Wild & Disclosed CVEs There were no in-the-wild or disclosed…

Read more →

Protecting sensitive data and other assets requires an organization to be adaptable and stay informed on things like the digital landscape and threat trends. While some aspects of security are within an organization’s control, it can be extremely difficult to…

Read more →

Using security tools to monitor activities on IP based endpoints and the resulting changes that occur pose one of the most formidable challenges to security and regulatory compliance efforts, thanks to its potential to disrupt established security measures and protocols.…

Read more →

Historically, cyber-attacks were labor-intensive, meticulously planned, and needed extensive manual research. However, with the advent of AI , threat actors have harnessed their capabilities to orchestrate attacks with exceptional efficiency and potency. This technological shift enables them to execute more…

Read more →

If you have been optimistically daydreaming that losses attributed to cybercrime might have reduced in the last year, it’s time to wake up. The FBI’s latest annual Internet Crime Complaint Center (IC3) report has just been published and makes for…

Read more →

Energy efficiency and availability is a major concern for all countries and governments. The electric grid is a vital sector, and any malfunctions will create ripple effects on any nation’s economy. As the grid is heavily dependent on cyber-enabled technologies…

Read more →

In 2024, transformation is reshaping industries, and the financial sector stands at a crucial juncture. The Softcat Business Tech Priorities Report , a comprehensive survey encompassing over 4,000 customers across various sectors, sheds light on this transformation. Significantly, cybersecurity has…

Read more →

In today’s expanding cyber threat landscape, infiltrating a system goes beyond unauthorized access or malware installation. To achieve their ultimate objectives, cybercriminals need to maintain an undetected presence in the system or network to control or extract data according to…

Read more →

Distributed Denial of Service (DDoS) attacks occur when adversaries overwhelm a connected target’s resources, aiming to make it unavailable. Learning the best strategies to protect from DDoS attacks is critical to energy grid cybersecurity. A well-planned DDoS attack on the…

Read more →

Agriculture, a fundamental aspect of human civilization, plays an important role in global economic stability, contributing 4% to the global GDP . This sector not only provides food, but also supplies vital raw materials for various industries and drives economic…

Read more →

In the intricate realm of cybersecurity, the relentless surge of cyber threats demands a constant reassessment of defensive strategies. Amidst this dynamic landscape, a subtle yet indispensable player takes center stage — Security Configuration Management (SCM) . This blog embarks…

Read more →

Tripwire’s February 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, ConnectWise, and Google. First on the patch priority list are patches for ConnectWise ScreenConnect, Microsoft Exchange Server, Microsoft Windows SmartScreen, and Microsoft Windows Internet Shortcut files. These…

Read more →

The most recent book that we’ve read over here is Black Hat GraphQL: Attacking Next Generation APIs written by Dolev Farhi and Nick Aleks . The book is described as being for, “anyone interested in learning how to break and…

Read more →

What’s happened? The US government warned healthcare organizations about the risk of being targeted by the ALPHV BlackCat ransomware after a surge in attacks. I thought ALPHV BlackCat had been taken down by the cops? Well remembered. Shortly before Christmas,…

Read more →

The financial services sector faces unprecedented cybersecurity challenges in today’s digital age. With the industry being a prime target for cybercriminals , understanding and adhering to cybersecurity regulations has never been more crucial. This article delves into the labyrinth of…

Read more →

What is the greatest cyber risk in the world right now? Ransomware? Business Email Compromise? Maybe AI? Well, the last one is pretty close. According to the World Economic Forum, misinformation and disinformation are the most severe global risks of…

Read more →

Cybersecurity is a pressing topic of concern for most organizations today, as any amount of sensitive data or digital assets can present a security risk. Understanding the digital landscape, threat trends, and the way they change over time is an…

Read more →

Scammers are increasingly resourceful when coming up with scam techniques. But they often rely on long-standing persuasion techniques for the scam to work. So, you may hear about a new scam that uses a novel narrative, but there is a…

Read more →

Have you ever considered that even before you enjoy the first sip of your favorite morning beverage, you have probably interacted with at least half of the 16 critical infrastructure sectors that keep a nation running? In one way or…

Read more →

Although attacks on small and medium-sized businesses (SMBs) rarely hit the headlines, they remain a serious threat. Unlike their corporate counterparts, many SMBs lack the tools, skills, and mitigation services they need to combat modern threats. Understanding that forewarned is…

Read more →

Navigating the information superhighway is like threading your car through traffic on a dangerous rush hour freeway. The journey is full of perils that can prevent you from getting where you need to go and turn the trip into a…

Read more →

A huge reward is being offered for information leading to the identification or location of any of the leaders of the LockBit ransomware gang. The bounty offer comes from the US State Department, following this week’s disruption of the criminal…

Read more →

Many of the breaches of the past ten years have taken advantage of weak or nonexistent security settings. Conversely, for example, companies that configured their Docker application to the CIS recommended security settings for container users and privileges were not…

Read more →

Last year, the Securities and Exchange Commission adopted rules on cybersecurity risk management that focused on transparency. Much of the adopted rules were focused on investors, but the rules also underscored the importance of the impact to customers when cybersecurity…

Read more →

As we are well into 2024 now, we at Fortra want to continue our commitment to empowering you all with the knowledge and tools needed to protect you, your organization, and even your family. This year, we will be looking…

Read more →

Over the years, PayPal has earned a reputation for being a secure and easy way to send and receive money. However, no payment system is entirely immune to scams , and cybercriminals often exploit these platforms due to their widespread…

Read more →

Today, almost every organization is engaged with a third-party vendor at some level when offering products or services. Take, for instance, an e-commerce business that may not be able to function properly unless multiple third-party integrations are involved, such as…

Read more →

The digital landscape is ever-changing, causing cybersecurity to often feel like a moving target. Thankfully, the NSA 2023 Cybersecurity Report arrives to provide critical information and context to help organizations keep their peace of mind. This comprehensive report, drawing insights…

Read more →

A recent report from Duke University’s Sanford School of Public Policy has shed light on a concerning issue – data brokers are selling vast amounts of highly sensitive information about American military service members. This includes private data about active-duty…

Read more →

Good news for organisations who have fallen victim to the notorious Rhysida ransomware . A group of South Korean security researchers have uncovered a vulnerability in the infamous ransomware. This vulnerability provides a way for encrypted files to be unscrambled.…

Read more →

Today’s VERT Alert addresses Microsoft’s February 2024 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1093 as soon as coverage is completed. In-The-Wild & Disclosed CVEs CVE-2024-21351 This CVE describes a bypass…

Read more →

With all the technology we have today, installing software updates has become a near-daily, full-time activity. Patch management for large-scale enterprise IT systems can be one of the most stressful parts of an IT professional’s job. In today’s large and…

Read more →

Today’s BEC attacks are more nuanced, more accessible, less technically demanding, and consequently, more dangerous than ever before. In our report, 2023 BEC Trends, Targets, and Changes in Techniques , we take a hard look at the anatomy of Business…

Read more →

In the ever-evolving landscape of cybersecurity, businesses and individuals find themselves in a relentless battle against the surge of cybercrime, which continues to escalate in complexity and frequency. Despite the significant investments in cutting-edge cybersecurity solutions, the financial toll of…

Read more →

New research shows a 704% increase in deepfake “face swap” attacks from the first to the second half of 2023. A report from biometric firm iProov warns that “face-swapping” fraudsters are increasingly using off-the-shelf tools to create manipulated images and…

Read more →

In recent times, the remarkable advancement of AI has revolutionized our technological landscape. Its profound benefits have not only enhanced the efficiency of our daily operations but also induced transformative shifts across industries. The impact of AI has made our…

Read more →

Last year, text scammers prowling around on messaging platforms like WhatsApp sent a staggering 19 million messages in December alone. When ploys like these can rake up over $10 million in a matter of months, it’s easy to see why.…

Read more →

Technology has recently been evolving at the speed of light. We have seen the onset of increased cyber threats across all industries. Gone are the times when threat actors had a specific goal and target. We now live in an…

Read more →

Kubernetes has emerged as the leading platform for orchestrating containerized applications. However, developers and administrators rely on an ecosystem of tools and platforms that have emerged around Kubernetes. One of these tools is Helm, a package manager that simplifies Kubernetes…

Read more →

Tripwire’s January 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, Apple, Google, and Atlassian. First on the patch priority list are patches for Apple, Google Chromium V8, and Atlassian Confluence Data Center and Server. These CVEs have…

Read more →

The 49ers and Kansas City Chiefs aren’t the only ones with a big game to play on February 11th; this year, cybercriminals and cyber defenders will be facing off behind the scenes in a Super Bowl-sized bout of their own.…

Read more →

The emergence of innovative Financial Technology (FinTech) has spearheaded rapid growth in the digital payments sector. In recent years, global payment revenues exceeded valuations of $2.2 trillion , with a steady Compound Annual Growth Rate (CAGR) expected in the next…

Read more →

Nearly four years ago, the Department of Defense released the Cybersecurity Maturity Model Certification (CMMC). This was created as a complement to NIST SP 800-171 , which focused on protecting Controlled Unclassified Information (CUI). If you are unfamiliar with what…

Read more →

One of the most important concerns for organizations of all sizes is protection against cyberattacks and other digital threats to security. These dangers can prove a major setback for a company, and many even pose an existential threat. In order…

Read more →

The IBM i is a midrange server that is used across many industries and businesses varying in sizes. Backed by its long history and support by IBM, a world-class innovator, the IBM i platform stands alone in the midrange server…

Read more →

In an era where digital transformation dictates the pace of business growth, APIs have become the cornerstone of modern enterprise architecture. APIs are not just technical tools; they are vital assets that drive business processes, enhance customer experiences, and open…

Read more →

In a newly published report , the UK’s National Cyber Security Centre (NCSC) has warned that malicious attackers are already taking advantage of artificial intelligence and that the volume and impact of threats – including ransomware – will increase in…

Read more →

Artificial intelligence (AI) has been a hot topic of discussion this year among tech and cybersecurity professionals and the wider public. With the recent advent and rapid advancement of a number of publicly available generative AI tools—ChatGPT, Dall-E, and others—the…

Read more →

2023 saw two concerning attacks on public water systems, highlighting the fragility and risk to utility systems. In Pennsylvania, malicious hackers breached the Municipal Water Authority of Aliquippa system the night after Thanksgiving. The criminals were making a political statement:…

Read more →

When I attend a networking event and ask a business owner, “Who’s responsible for Information Security?” The usual reply is “IT”. But in today’s hyper-connected world, where digital landscapes are constantly evolving, and data breaches and cyberattacks are becoming alarmingly…

Read more →

The dynamism of Artificial Intelligence (AI) is transforming not only the tech landscape but also various sectors of human activity at breakneck speeds. Unfortunately, with any progress in technology, these advances aren’t only being applied in beneficial ways. The sad…

Read more →

US federal agencies have teamed up to release a cybersecurity best practice guidance for the water and wastewater sector (WWS). The Cybersecurity and Infrastructure Security Agency (CISA), United States Environmental Protection Agency (EPA), and Federal Bureau of Investigation (FBI) have…

Read more →

One of the most common factors that can lead to cybersecurity incidents is a security misconfiguration in software or application settings. The default settings that come with the implementation of these tools and solutions are often not configured securely, and…

Read more →

Imagine you’re on the tail end of installing a 100-line script. It’s five o’clock, and you’re ready to head out early for once. You run the startup script on a new server, and then – the fated error message. Something…

Read more →

To most people, the process of logging into a Microsoft Windows machine is a simple process of entering a username and a password. However, for a cybersecurity professional, the process is a carefully orchestrated mechanism. Unfortunately, throughout the history of…

Read more →

In the digital-first era, the internet is not simply a luxury; it’s a fundamental part of our daily lives. From business growth to personal connections, its impact is profound. However, this interconnectedness comes with a price: the rise of cybercrime.…

Read more →

Like every other industry, the healthcare sector is barely recognizable when compared to its state 20 years ago. It, too, has been transfigured by technology. While this has brought many impactful benefits, it has also introduced at least one major…

Read more →

Cybersecurity in Mental Healthcare – The Overlooked Risk Did you know the New-Age Therapeutic sector is unregulated? If that surprises you, then you’re not alone. I was a little surprised, too. Yes, there are various professional bodies a practitioner can…

Read more →

Individual users are often referred to as the weakest link in cybersecurity, as human error is a major contributor to security incidents of all kinds. However, employees can also be a significant asset when adequately trained in cybersecurity hygiene and…

Read more →