Phishing is still as large a concern as ever. “If it ain’t broke, don’t fix it,” seems to hold in this tried-and-true attack method. The Verizon 2023 Data Breach Report states that phishing accounted for 44% of social engineering incidents…
Tag: Blog RSS Feed
ZeroFont trick dupes users into thinking message has been scanned for threats
It’s nothing new for cybercriminals to use sneaky HTML tricks in their attempt to infect computers or dupe unsuspecting recipients into clicking on phishing links. Spammers have been using a wide variety of tricks for years in an attempt to…
What Does Secure by Design Actually Mean?
In this era shaped by digital innovation, the concept of Secure by Design is a critical safeguard against cyber threats. Read on to delve into the essence of Secure by Design and its profound relevance in today’s technology landscape. As…
The Cost of Cybercrime in the US: Facts and Figures
The importance of cybersecurity is no secret in our increasingly digital world. Even individuals who have no experience or expertise in tech or related fields are aware of the threat of hacking, phishing, and the like. It can be difficult,…
Closing Integrity Gaps with NIST CSF
The then-new 2014 NIST Cybersecurity Framework (CSF) was designed to plug security gaps in operational technology. It’s still in use today and more relevant than ever. Fortra’s whitepaper provides a cohesive review of this security staple and how to glean…
Best 10 Cybersecurity Podcasts
The cybersecurity industry is one in which staying in the loop on recent developments is incredibly important. Because technologies, industry conditions, and the threat landscape all change so frequently, it can be difficult to remain up to date on news,…
Visibility: An Essential Component of Industrial Cyber Security
In July 2021, the White House established a voluntary initiative for industrial control systems (ICS) to promote cooperation between the critical infrastructure community and the federal government. The fundamental purpose of the initiative was “to defend the nation’s critical infrastructure…
8 of the Best Cybersecurity Conferences
In the rapidly evolving realm of digital security, staying ahead of cyber threats requires continuous learning and collaboration. Cybersecurity conferences stand as beacons of knowledge, drawing experts and enthusiasts from across the globe. We’ve curated a list of the top…
Defending against DDoS Attacks: What you need to know
Patience is one of those time-dependent, and often situational circumstances we experience. Few things define relativity better than patience. Think of the impatience of people who have to wait ten minutes in a line at a gas station, yet the…
Snatch ransomware – what you need to know
What’s happened? The FBI and US Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint advisory warning organisations about a ransomware-as-a-service operation called “Snatch.” Snatch? As in the movie from twenty odd years ago? I’m not sure I’ve heard…
Understanding Malicious Package Attacks and Defense Strategies for Robust Cybersecurity
Malicious packages consist of software embedded with code that is capable of causing harm to an entire system or network . This is a rapidly growing threat affecting open-source software and the software supply chain. This attack method has seen…
Increasing Your Business’ Cyber Maturity with Fortra
When building a tower, it helps to start with a sturdy foundation. Cyber maturity is the tower, and there are three levels that build it: Foundational IT/OT & Security Control Processes Fundamental Security Control Capabilities Advanced Security Control Capabilities Fortra…
FBI’s Most Wanted Cybercriminals in 2023
In an increasingly digitized world, the threat of cybercrime looms larger than ever. The FBI’s relentless pursuit of cybercriminals remains a critical defense against this growing menace. We’re well into 2023, and the FBI’s Most Wanted Cybercriminals list takes center…
The Consequences of Non-Compliance in Cybersecurity: Risks and Penalties
Non-compliance in cybersecurity marks a grave oversight. It involves neglecting established security protocols, leaving organizations vulnerable to malicious actors. Read on as we examine the potential risks of non-compliance, including heightened susceptibility to cyberattacks, the specter of data breaches, and…
General Data Protection Regulation (GDPR) – The Story So Far
Do you remember where you were on 25th May 2018? Perhaps you were enjoying a Friday night drink with friends. Perhaps you were with family, relaxing after a busy week at work. I was actually having a GDPR Birthday party…
How to Build an Effective ICS Security Program
How to Build an Effective ICS Security Program Of all the different areas of cybersecurity, not many are as important, or have as far-reaching consequences as industrial control systems (ICS) security. While most relevant organizations would agree that ICS security…
How to Protect Your Facebook Account from Cybercriminals
The social media landscape has undergone dramatic change in recent years. Elon Musk bought Twitter and changed its name to “X.” Mark Zuckerberg bought Instagram and WhatsApp before launching Threads to capitalize on Twitter’s recent PR disasters. TikTok came out…
BLASTPASS: Government agencies told to secure iPhones against spyware attacks
What’s happened? CISA, the United States’s Cybersecurity and Infrastructure Security Agency, has ordered federal agencies to patch their iPhones against vulnerabilities that can be used as part of a zero-click attack to install spyware from the notorious NSO Group. A…
Guarding Against Fileless Malware: Types and Prevention
Fileless malware, true to its name, is malicious code that uses existing legitimate programs in a system for compromise. It operates directly in the Random Access Memory (RAM) without requiring any executable files in the hard drive. Differing from conventional…
5 Reasons Why You Should Conduct Regular Cybersecurity Audits
Cyber threats are growing more sophisticated, covert, and frequent every day. This year alone has seen the likes of T-Mobile and PharMerica suffering serious security breaches. These incidents disrupted operations and threatened their bottom lines, not to mention the lingering…
Around the World in IOT Days (Security Frameworks Edition)
The term Internet of Things (IoT) describes a network of technologies and services where various devices are interconnected and exchange data. These devices can be anything from wearable fitness trackers, smart televisions, and wireless infusion pumps to cars and many…
VERT Threat Alert: September 2023 Patch Tuesday Analysis
Today’s VERT Alert addresses Microsoft’s September 2023 Security Updates , which includes a recently introduced release notes format. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1073 on Wednesday, September 13th. In-The-Wild & Disclosed CVEs…
Life in the Clouds: Navigating Security Challenges in Cloud Environments
As the realm of technology continues to evolve, the significance of cloud computing has grown exponentially. This paradigm shift offers unparalleled scalability, efficiency, and cost-effectiveness benefits. However, with these advantages come a host of security challenges that need careful consideration.…
10 Mistakes in Cybersecurity and How to Avoid Them
It’s easy to rest on our laurels. Prevent a few breaches – or go long enough without one – and you start to feel invincible. While our efforts are certainly laudable, we can’t get too comfortable. As defenders, we always…
OT Security: Risks, Challenges and Securing your Environment
Before the revolution of Information Technology (IT), the world experienced the revolution of Operational Technology (OT). Operational Technology is the combination of hardware and software that controls and operates the physical mechanisms of industry. OT systems play an important role…
Tripwire Patch Priority Index for August 2023
Tripwire’s August 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the patch priority list this month are patches for Microsoft Office, Excel, Visio, Teams, and Outlook. The patches resolve 10 issues including remote code execution,…
Thousands of dollars stolen from Texas ATMs using Raspberry Pi
A Texas court has heard how last month a gang of men used a Raspberry Pi device to steal thousands of dollars from ATMs. According to local media reports , three men were arrested in Lubbock, Texas, after attempting to…
5 Common Business Mistakes in Ransomware Prevention Planning
One thing is becoming evident as ransomware attacks increase in frequency and impact: businesses can take additional precautions. Unfortunately, many companies are failing to do so. Most victims are sufficiently warned about potential weaknesses yet unprepared to recover when hit.…
What is ISO 27002:2022 Control 8.9? A Quick Look at the Essentials
The basic parameters that control how hardware, software, and even entire networks operate are configurations, whether they take the form of a single configuration file or a collection of connected configurations. For instance, the default properties a firewall uses to…
Achieving Superior Security with Continuous Compliance
In a digital-first world, safeguarding sensitive data and ensuring compliance with industry regulations are paramount. Enter “Continuous Compliance” – a dynamic approach reshaping the cybersecurity paradigm . As a key part of an effective compliance strategy, continuous compliance is pivotal…
2023 Cost of a Data Breach: Key Takeaways
2023 Cost of a Data Breach: Key Takeaways It’s that time of year – IBM has released its “ Cost of a Data Breach Report .” This year’s report is jam-packed with some new research and findings that highlight how…
Summary of South Africa’s Protection of Personal Information Act (PoPIA)
South Africa’s Protection of Personal Information Act (PoPIA), also known as the PoPI Act, is a comprehensive data protection legislation designed to safeguard the privacy and information of South African citizens. While Jacob Zuma assented to PoPIA in November 2013,…
Working with a Reliable Partner for Cybersecurity Success
Technology companies are often seen as revolving doors of constantly shifting personnel. Whether they are seeking a better work environment or chasing a higher paycheck, these staff changes can hurt an organization’s progress. Worse yet, the customers are often negatively…
Understanding Firewalls – Types, Configuration, and Best Practices for Effective Network Security
A firewall is a security device that controls the flow of traffic across a network. A firewall may be a hardware appliance, or it may be a piece of software that runs on a third-party operating system. Firewalls operate based…
Updated NCSC Report Highlights Key Threats for the UK Legal Sector
On June 22nd, 2023, the National Cyber Security Centre ( NCSC ), the UK’s cybersecurity agency, released a Cyber Threat Report for the country’s legal sector. Developed to update a previous iteration from 2018, the report reflects a dramatic change…
How To Hide Browsing History – Complete Guide
In years gone by, there was a stigma attached to hiding one’s browsing history. Wiping browsing history was seen as suspicious; it suggested that someone had something to hide. It was – and still is- the butt of many jokes.…
What is The Network and Information Security 2 Directive (NIS2)?
The Network and Information Security 2 ( NIS2 ) Directive is the European Union’s (EU) second attempt at an all-encompassing cybersecurity directive. The EU introduced the legislation to update the much-misinterpreted Network and Information Security (NIS) Directive (2016) and improve…
How Improved Visibility Helps Achieve Compliance
In the ever-evolving cybersecurity landscape, businesses face an exhaustive battle to safeguard their valuable data while complying with industry regulations. To address these challenges, innovative solutions have emerged to enhance network security. Network visibility remains a crucial focus. The profound…
North Korea ready to cash out more than $40 million in Bitcoin after summer of attacks, warns FBI
After a series of high-profile cryptocurrency heists, a state-sponsored North Korean malicious hacking group is poised to cash out millions of dollars. That’s the opinion of the FBI, which this week has warned cryptocurrency companies about recent blockchain activity it…
Cybersecurity’s Crucial Role Amidst Escalating Financial Crime Risks
In an era of escalating financial crimes, the spotlight shines brightly on the rising concerns in the realm of cybersecurity. According to a recent survey , a staggering 68% of UK risk experts anticipate a surge in financial crime risks…
What is Configuration Drift?
While the phrase sounds like the stuff of textbook jargon, the term “configuration drift” hides an extremely crucial caution. Configuration drift is important because it can lead to compliance drift. Compliance drift means that the state of compliance has changed…
Why No Business in 2023 Can Grow without APIs
The Importance of APIs Businesses of all sizes are increasingly relying on APIs to connect with their customers, partners, and other systems. APIs, or application programming interfaces, are the building blocks of the modern web, and they allow businesses to…
CISA Cybersecurity Strategic Plan: What you need to know
The United States stands at a pivotal juncture for true digital and cyber security, with unlimited potential. The 2023 U.S. National Cybersecurity Strategy presents a fresh perspective on safeguarding digital territory—a perspective rooted in collaboration, innovation, and accountability. This moment…
The CIA Debate: Which is the Most Important?
The Confidentiality, Integrity and Availability (CIA) Triad is a crucial information security model that guides and assesses how an organization manages data during storage, transmission, and processing. Each component of the triad plays a vital role in maintaining information security:…
LinkedIn under attack, malicious hackers seize accounts
Security researchers have identified that a widespread LinkedIn malicious hacking campaign has seen many users locked out of their accounts worldwide. Some users who have had their access to their LinkedIn accounts blocked by the cybercriminals changing their passwords have…
5-Step Guide on Securing Serverless Architectures in the Cloud with RASP
Serverless architecture has increased in recent years, and is anticipated to grow by nearly 25% over the next decade, According to one source, the serverless architecture market was worth over $9 billion in 2022, with its compound annual growth rate…
Q2 Privacy Update: AI Takes Center Stage, plus Six New US State Laws
The past three months witnessed several notable changes impacting privacy obligations for businesses. Coming into the second quarter of 2023, the privacy space was poised for action. In the US, state lawmakers worked to push through comprehensive privacy legislation on…
The CISO Report – The Culture Club
According to the Cyber Security Skills in the UK Labour Market 2023 report released by the UK government, 50% of UK businesses face a fundamental cyber security skills gap, while 33% grapple with an advanced skills gap. This is just…
2023 Business Email Compromise Statistics
In cybersecurity, knowledge is everything. From APT intelligence to zero-day vulnerabilities, relevant and timely information can be the difference between a thwarted attack and a total disaster. With Business Email Compromise (BEC) attacks at their zenith, there has never been…
The Use of Natural Language Processing for Identifying and Mitigating Threats
As technology advances, the battle between cyber criminals and organizations intensifies. Cyber threats have become more sophisticated, complex, and widespread, posing a significant risk to the security and integrity of sensitive data. In Q1 2023 alone, the number of global…
The Five Stages of Vulnerability Management
A strong vulnerability management program underpins a successful security strategy overall. After all, you can’t defend weak points you don’t know are there. It is predicted that 2023 will see an average of 1,900 critical Common Vulnerabilities and Exposures (CVEs)…
Security Immutability: The Importance of Change
A few years ago, I wrote about the importance of security immutability. More specifically, I discussed how important it is that your environment be unchangeable in order to ensure that it remains secure. As I looked back on the article,…
Rhysida ransomware – what you need to know
What is Rhysida? Rhysida is a Windows-based ransomware operation that has come to prominence since May 2023, after being linked to a series of high profile cyber attacks in Western Europe, North and South America, and Australia. The group appears…
Tripwire Enterprise: Five ‘Other’ Things You Should Know
Network engineers and security analysts have a lot in common. Both require the ability to not only understand the problems at hand but to ascertain the moments leading to them. A typical scenario would include a request to help with…
Cybersecurity: Creating a Foundation to build on
The cybersecurity landscape has become more complex for many reasons. For one, it is the constantly changing risk environment where businesses are compelled to confront evolving threats and actors that leverage emerging technologies and advanced tactics. Cybersecurity has become a…
VERT Threat Alert: August 2023 Patch Tuesday Analysis
Today’s VERT Alert addresses Microsoft’s August 2023 Security Updates, which includes a recently introduced release notes format. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1068 on Wednesday, August 9th. In-The-Wild & Disclosed CVEs CVE-2023-38180…
Protecting Sensitive Data from Insider Threats in PCI DSS 4.0
Safeguarding sensitive data is a huge concern for organizations. One of the biggest challenges they face is the threat posed by insiders who work for the organization. In fact, a report found that 74% of organizations are at least moderately…
Tripwire Patch Priority Index for July 2023
Tripwire’s July 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the patch priority list this month are patches for Microsoft Office, Access, Excel, and Outlook. The patches resolve 10 issues including remote code execution, information…
Web 3.0: The Future of the Internet and its Cybersecurity Features and Challenges
The World Wide Web, now simply referred to as the Internet, is by far the most significant technological revolution in tech history. The current generation of the internet is Web 2.0, which allows users to browse and write content powered…
Ransomware attacks cost manufacturing sector $46 billion in downtime since 2018, report claims
Newly-released research reveals the eye-watering costs that the manufacturing sector has suffered in recent years at the hands of ransomware. The analysis, by Comparitech, looked at 478 confirmed ransomware attacks on manufacturing companies between 2018 and July 2023, in an…
Is secure-by-default an achievable reality?
We have come a long way in the cybersecurity sector in a relatively short period of time, but there remain many challenges in day-to-day operations that create security gaps in many organizations. One of the most common is tied to…
Understanding India’s Personal Data Protection Bill (PDPB)
Despite being the second-largest internet market in the world, India has yet to pass a comprehensive data privacy bill. It is important to have policies and regulations in place to protect them and their right to data privacy—a right that…
An Introduction to Cyber Threat Intelligence: Key Concepts and Principles
Cyber Threat Intelligence (CTI), or threat intelligence, is evidence-based knowledge established from current cyber threats, gathered from myriad sources to identify existing or potential attacks. Threat intelligence assists in identifying the motives, targets, and attack behaviors of a threat actor…
Is Your MSP Taking Its Own Security Seriously?
Most small and midsized businesses trust an IT services partner to help them secure their networks. A few years ago, high-profile cyberattacks targeting MSP vendors Kaseya and SolarWinds thrust the security risk of relying on a complex chain of vendors…
Social Media Security Awareness: What you Should Know
The latest Verizon Data Breach Investigations report indicates that over 70% of data breaches involved the human element. Cybercriminals exploit people to trick them into clicking unsafe links, opening malicious attachments, entering their credentials into bogus login pages, sharing sensitive…
What is the General Data Protection Regulation (GDPR)?
The General Data Protection Regulation (GDPR) is a set of privacy and security standards put into effect by the European Union (EU). Widely accepted as the world’s strictest security and privacy law, GDPR imposes regulations on organizations that target or…
DNS Security in Healthcare: The Gem in Your Cybersecurity Arsenal
The ransomware, malware and phishing attacks going on in the healthcare industry are quite alarming these days. The customers’ data in the healthcare industry is more sensitive than in most industries, and this has proven to be a sweet spot…
SEC requires reporting cyberattacks within 4 days, but not everyone may like it.
New rules requiring publicly-listed firms to disclose serious cybersecurity incidents within four days have been adopted by the US Securities and Exchange Commission (SEC). The tough new rules, although undoubtedly well-intentioned, are likely to leave some firms angry that they…
Tripwire Enterprise: Reimagining a Winning Product
How many security products does it take to monitor an organization? Even a small company often finds itself working with multiple monitoring tools to gain visibility into its security posture. This creates multiple blind spots, as a security analyst needs…
Enhanced Data Analysis with Synthetic Datasets
Large data can offer a massive affordable advantage for companies. Scientists, information analysts, marketing professionals, and advertisers rely upon receiving valuable insights from substantial pools of consumer information. When examined correctly, this information can provide valuable insight for organizations that…
Understanding Machine Learning Attacks, Techniques, and Defenses
Machine learning (ML) is a subset of Artificial Intelligence (AI), which enables machines and software to automatically learn from historical data to generate accurate output without being programmed to do so. Many leading organizations today have incorporated machine learning into…
ATT&CKing the Center for Internet Security
I recently spoke at a Fortra Webinar about CIS and MITRE. More specifically, I discussed the intersection between the CIS Critical Security Controls, CIS Benchmarks, and MITRE ATT&CK. In this post, I won’t go into deep details about the core…
CISO to BISO – What’s your next role?
Introduction For the longest time within the cybersecurity industry, we have had Chief Information Security Officers (CISOs) whose role is to set the strategic direction for Information Security within an organisation. But what are the stepping stones to becoming a…
What is SWIFT? 8 Things You Need to Know
In our increasingly digital world, global communications and financial interactions are nigh inescapable for anyone in any industry or walk of life. The infrastructure in place for international transactions is complex and layered, containing moving parts that work in tandem…
DSPM and CSPM: What are the Differences?
A few years back, data was constrained to the on-premise infrastructure. Data management, governance, and protection were fairly uncomplicated in this enclosed environment. The emergence of cloud computing and multi-cloud infrastructures has not only introduced more complexity in data management…
Tech support scammers trick victims into old-school offline money transfer
We’re all familiar with tech support scams – where the unwary are tricked into granting remote access to their computers by fraudsters, in the belief that the “tech support person” will fix a non-existent “problem” (such as a “virus infection”)…
Three Reasons Why Business Security Starts with Employee Education
Human error is a major contributing factor to company data breaches. More than 340 million people may already have been affected by a data breach in the first four months of 2023. With cybercrime rates soaring around the world, it’s…
Using MFT to Solve Your Cloud Data Challenges: 5 Key Takeaways
As business operations evolve, the challenge of securely moving data within the cloud is one of elevated concern. Transferring sensitive information to it is another. Many are caught between what worked in on-prem technologies and what is needed in cloud-based…
Why Integrity is Vital to Your Corporate Infrastructure
Not too long ago, I watched an automobile commercial on television in which the manufacturer placed a huge emphasis on integrity, going on to define the lines of the automobile. I was impressed by this advertisement, so much so that…
Reviewing Remote Work Security: Best Practices
Remote work has shifted the mindset away from the old style of employment, showing up to the office every day. However, it seems that more businesses are starting to grab back some of the traditional practice of showing up to…
Learning from the Playground: The Original SOC
Cybersecurity professionals seem to always be in the mode of learning. For me, this involves a lot of online training. With all that’s available, it is easy to become immersed in a topic. Every so often, during a course, I’ll…
Computer System Security Requirements for IRS 1075: What You Need to Know
Any organization or agency that receives federal tax information (FTI) is now required to prove that their data protection policies meet IRS 1075 compliance standards. That means federal, state, county and local entities – as well as the contractors they…
What We Learned from the 2023 Pen Testing Report
Fortra’s Core Security recently released its 2023 Pen Testing Report, and there’s plenty to see. In this year’s report, IT decision-makers can learn what their peers are saying about why they pen test, how often they pen test, and whether…
Former contractor accused of remotely accessing town’s water treatment facility
A federal grand jury has indicted a former employee of a contractor operating a California town’s wastewater treatment facility, alleging that he remotely turned off critical systems and could have endangered public health and safety. 53-year-old Rambler Gallor of Tracy,…
An introduction to the benefits and risks of Packet Sniffing
With the evolution of technology, network activities have increased excessively. Many day-to-day tasks are intertwined with the internet to function. On one level of the infamous OSI model, the data exchanged between devices is broken down into smaller units and…
What to Expect When Seeking Cybersecurity Insurance
Cybersecurity liability insurance has progressed dramatically since the first bona fide policies emerged in the late 1990s. Some of the greatest changes that have occurred in recent years include insurance companies no longer insuring against state-sponsored attacks or ransomware events.…
The Value of Vulnerability Management
There’s nothing that makes you feel older than realizing how much of your life you have dedicated to a single topic. At what point do you consider yourself an expert? After more than 17 years in vulnerability management, I’m starting…
VERT Threat Alert: July 2023 Patch Tuesday Analysis
Today’s VERT Alert addresses Microsoft’s July 2023 Security Updates, which include a new release notes format. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1064 on Wednesday, July 12th. In-The-Wild & Disclosed CVEs CVE-2023-32046 A…
How the NIS2 Directive Will Impact You
Have you heard of the NIS Directive? The full name is quite a mouthful, “DIRECTIVE (EU) 2022/2555 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 14 December 2022 on measures for a high common level of cybersecurity across the…
The Thin Line Between User Behavioral Analytics and Privacy Violation
Technology has supercharged marketing. The vast data at marketers’ disposal provides unparalleled insight into what customers want, why they want it, and how they use products and services. Behavioral analytics benefits businesses and consumers; it allows companies to drive sales…
The Top 10 Highest Paying Jobs in Cybersecurity – Part 2
It’s no secret that we’re (still) in an international cyber talent crisis, and that skilled workers are in high demand. We conducted research into the top ten highest paying jobs in cybersecurity to find out just what kind of opportunities…
Decryption tool for Akira ransomware available for free
There’s good news for any business which has fallen victim to the Akira ransomware. Security researchers at anti-virus company Avast have developed a free decryption tool for files that have been encrypted since the Akira ransomware first emerged in March…
12 Essential Tips for Keeping Your Email Safe
Hey, did you get that sketchy email? You know, the one from that malicious hacker always trying to fool us into clicking on some malware? Boy, these criminals are relentless. Wait, what? You clicked on it? Uh-oh… A hypothetical scenario,…
PCI DSS 4.0 Requirements –Test Security Regularly and Support Information Security with Organizational Policies and Programs
The Payment Card Industry Data Security Standard (PCI DSS) has always been a massive security undertaking for any organization that has worked to fully implement its recommendations. One interesting aspect that seems to be overlooked is the focus on the…
Phishing Trends and Tactics: Q1 of 2023
In the world of cybersecurity, there are a few constants, one of the big ones being the fact that news, innovation, and threats move fast and are constantly evolving. It is important for security professionals to stay in the loop…
Tripwire Patch Priority Index for June 2023
Tripwire’s June 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft and Progress MOVEit. First on the patch priority list this month are patches for the Progress MOVEit Transfer application. An exploit targeting the MOVEit vulnerability CVE-2023-34362 has…
5 Things Everyone Needs to Know About GRC
Over the following years, the costs associated with cybercrime, projected at $10.5 trillion annually by 2025, will exceed the estimated worldwide cybersecurity spending—$267.3 billion annually by 2026. Leadership needs to change its perspective on managing cyber risks instead of just…
5 Cyber Survival Tips for Businesses
The past few years have been among the most challenging for most businesses. Lockdowns, staff reductions, and reduced revenues resulted in the demise of many businesses. For those who remained, the new onuses brought about by supply chain concerns and…
The Top 10 Highest Paying Jobs in Cybersecurity – Part 1
If you’re looking for job security, look no further: The cybersecurity sector can keep you gainfully employed for a very, very long time. There are an ever-growing number of ways in which someone with cybersecurity prowess can contribute, and as…
PCI DSS 4.0 Requirements – Restrict Physical Access and Log and Monitor All Access
Most data crimes are the result of online compromises. This makes sense, as the criminals don’t need to know any of the old, dirty, hands-on techniques such as lock-picking, dumpster diving, or any other evasive maneuvers to carry out a…