Tag: Blog RSS Feed

Ransomware has become more than a threat—it’s a calculated assault on industries, wielding AI-driven precision to bypass traditional defenses. Attackers adapt faster than ever, turning cybersecurity into a high-stakes race where falling behind isn’t an option. As we step into…

Read more →

The US Coast Guard has been urged to improve the cybersecurity infrastructure of the Maritime Transportation System (MTS), which includes ports, waterways, and vessels essential for transporting over $5.4 trillion worth of goods annually. The Government Accountability Office (GAO) has…

Read more →

Modern factories are increasingly relying on Industrial Internet of Things (IIoT) solutions. This shift is beneficial in many regards, including higher efficiency and transparency, but it also introduces unique cybersecurity concerns. Better vulnerability management for IIoT systems is essential if…

Read more →

By now, we should all be pretty well acquainted with phishing scams. They’ve been around for a very long time—nearly 30 years, in fact—and are the primary focus of most security awareness training programs and initiatives. Despite this, phishing remains…

Read more →

Today, I will be going over Control 2 from version 8.1 of the top 18 CIS Controls – Inventory and Control of Software Assets. I will go over the seven safeguards and offer my thoughts on what I’ve found. Key…

Read more →

Today’s VERT Alert addresses Microsoft’s February 2025 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1143 as soon as coverage is completed. In-The-Wild & Disclosed CVEs CVE-2025-21391 A vulnerability in Windows Storage could…

Read more →

Building a vulnerability management (VM) program from the ground up is no small feat. It requires technical expertise, organizational buy-in, and a clear roadmap. In recent months, I’ve been working with a client who had to discard their legacy approach…

Read more →

In early December 2024, the UK’s National Cyber Security Center (NCSC) released its eighth Annual Review. While the report’s primary focus is to recap the NCSC’s activities over the past year, it also offers invaluable insights into how the UK…

Read more →

QR codes have revolutionized digital interactions, offering quick access to websites and services and adding a layer of security to many apps. These quick and seemingly innocent codes are everywhere — however, their widespread use has made them a prime…

Read more →

British legal professionals have seen a “significant surge” in data breaches, according to new research from NetDocuments, a firm that provides a cloud-based content management platform for the legal sector. The firm has described how it analysed data from the…

Read more →

Creating an enterprise security-first culture is one of the most impactful things a CISO can do to protect their organization. Sure, high-tech solutions and fancy tools are important, but they are largely ineffective when staff are unable or unwilling to…

Read more →

A California man has been sentenced to seven years in prison for his involvement in a fraudulent scheme that saw over 50 individuals and organisations lose millions of dollars. 59-year-old Allen Giltman, of Irvine, California, pleaded guilty to charges that…

Read more →

Key Takeaways for Control 3 At the heart of a strong data management plan is awareness surrounding the ‘ Five Ws’ of the enterprise’s data: What data does the enterprise store or handle? Who should have access to it? Where…

Read more →

The cyber threat to critical infrastructure has never been greater. The growing sophistication of cybercriminals, deteriorating geopolitical relations, and the convergence of operational technology (OT) and information technology (IT) have created unprecedented risks for critical infrastructure organizations. Fortunately, resources are…

Read more →

Data breaches continue to cost organizations millions of dollars each year, with costs rising steadily. According to IBM’s 2024 Cost of a Data Breach Report, the average cost of a data breach has surged to $4.88 million globally, reflecting the…

Read more →

Tripwire’s January 2025 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the list are patches for the Microsoft office platform, including Word, Access, Visio, Excel, OneNote, and Outlook. These patches resolve 13 issues such as remote…

Read more →

It’s been a tough year for the healthcare sector. Throughout 2024, cybercriminals have unleashed a barrage of attacks on a vast number of healthcare organizations – with disconcerting levels of success. FBI research revealed that healthcare is now the US’s…

Read more →

Small businesses may think they don’t need to implement cybersecurity training programs because larger enterprises with more revenue are more profitable for bad actors. However, small businesses lacking essential security measures are prime targets due to the ease of access…

Read more →

Key Takeaways for Control 4 Most fresh installs of operating systems or applications come with preconfigured settings that are usually insecure or not properly configured with security in mind. Use the leverage provided by multiple frameworks such as CIS Benchmarks…

Read more →

In the early part of 2024, the Center for Internet Security (CIS) released the latest version of the well-respected Critical Security Controls (CSC). The new version, 8.1, adds contours to the prior versions, making it more comprehensive and timely in…

Read more →