Federal Desktop Core Configuration (FDCC) was mandated by the US Office of Management and Budget (OMB) in 2007 and provides a set of security standards that must be adhered to by all federal workstations and laptops running Windows XP or Vista.FDCC evolved into the United States Government Configuration Baseline (USGCB) starting in 2010, although some agencies and contracts may still be under...

What is the VanHelsing ransomware?First reported earlier in March 2025, VanHelsing is a new ransomware-as-a-service operation.Oh, so it's a relatively new player on the malware scene, then. Why the concern?At least three victims of VanHelsing have already been identitified, and a number of variants of the malware have been analysed by security researchers. The fact that VanHelsing runs as a RaaS...

At a time when cyber threats seem to escalate daily, security teams are always on the lookout for new ways to protect their sensitive data and systems. For some, Privileged Access Workstations (PAWs) are being viewed as one solution to keep privileged accounts and critical systems safe from compromise. These are specialized workstations built for administrators and users who manage highly...

The terms “patch management” and “vulnerability management“ are not the same. And that difference is a big difference.They may be confused because applying patches is one of the many ways to mitigate cyber risks. However, it is one piece of the entire vulnerability management puzzle and organizations that do not realize this are burdened with a false sense of security. A patch management program...

Protecting individual privacy is paramount, given the proliferation of Personally Identifiable Information (PII) and other sensitive data collected by enterprises across all industries. One way to protect sensitive data is through PII masking e.g., consistently changing names or including only the last four digits of a credit card or Social Security Number.What is data masking?Data masking...

The Monetary Authority of Singapore (MAS) is both the central bank and chief financial regulator of Singapore. As such, they publish best practices (“Guidelines”) and legally binding regulations (“Notices”) regarding technology risk management and cyber hygiene. Mandatory requirements include:Notice on Technology Risk Management (FSM N21)Notice on Cyber Hygiene (FSM N22)Notice on Management of...

It is a significant benefit that the world is connected the way it is, with the potential for even greater interconnectivity. However, this has come at huge costs, too, considering the rise in the direct involvement of state actors engaged in cyber warfare. Against this background, nations have a more acute awareness of digital vulnerabilities, which has radiated into regulatory frameworks...

Scammers are highly resourceful and cunning when devising new ways to swindle people. But they often rely on long-standing persuasion techniques for their tricks to work. So, you may hear about a new scam that uses a novel narrative, but there is a good chance that the scam depends on proven scam techniques once the narrative is stripped away.But first, what constitutes a scam? A scam is when...

What is the BlackLock ransomware?BlackLock is a relatively new ransomware group. First seen in March 2024, the ransomware operation initially operated under the name El Dorado, before rebranding as BlackLock late last year. BlackLock follows a RaaS (ransomware-as-a-service) business model, leasing its tools and infrastructure to affiliates who launch attacks, sharing a proportion of the proceeds...

Protecting sensitive patient information is more critical than ever. With technologies evolving at a breakneck pace and the number of cyber threats targeting healthcare entities in the United States skyrocketing, healthcare organizations must have robust policies and guardrails in place to ensure patients' confidential information doesn't fall into the wrong hands.One of the essential frameworks...

IntroductionIn a report published by Statista, cybercrime cost the world over $9 trillion in 2024 and is predicted to rise to nearly $14 trillion by 2028. These figures are a deep source of worry for governments and private businesses about what’s next in the cyber threat landscape.The problem is that cyber threats are rising in both volume and scale. More so, the major threats are directed at...

About one in three organizations that leverage cloud service providers (CSPs) use Amazon Web Services (AWS), according to November 2024 research from Synergy Research Group. This means two things. One is that when attackers are looking to get the most out of a single exploit, they will likely craft them to target AWS systems. And two, that AWS data security best practices are a timely topic for a...

The Verizon 2023 Data Breach Investigations Report made a startling revelation: Basic Web Application Attacks accounted for nearly one-fourth of the entire breach data set. Although not the most sophisticated threats, common web attacks like credential stuffing and SQL injection continue to wreak havoc on the cybersecurity landscape—just like phishing and emerging AI-based attacks—and for good...

Most countries have some sort of government agency dedicated to protecting digital infrastructure and promoting cybersecurity awareness. In the English-speaking world alone, the UK has the National Cyber Security Center (NCSC), the US has the National Institute of Standards and Technology (NIST), and Canada has the Canadian Centre for Cyber Security; chances are you’re already aware of them...

If your website is targeting multiple states or countries, by default, you face a double-pronged challenge: adapting to regional regulatory demands while defending against sophisticated cyber threats. Tackling this requires localization. But what does the term actually entail?Localization isn’t just about tailoring products, services, and infrastructure to meet local market requirements; it has...

Critical infrastructure organizations bear an enormous responsibility. The assets, systems, and networks they manage are crucial to the functioning of a healthy society. They provide water, energy, transportation, healthcare, telecommunications, and more—should they fail, they would bring entire countries to their knees.The vast importance of Critical National Infrastructure (CNI) makes it a prime...

The Medusa ransomware gang continues to present a major threat to the critical infrastructure sector, according to a newly-released joint advisory from the FBI, Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC).As of February 2025, the Medusa ransomware operation, which we have previously detailed on the Tripwire State of...

6G could be available by the end of the decade, which should decrease latency and connectivity speeds for users. However, these wireless networks present new cybersecurity challenges.What should industry professionals prepare for?What Is 6G?6G will be the sixth generation of wireless technology once it arrives. Experts say it could debut by 2030, though companies started 5G-Advanced integration in...

Technology is evolving at a startling pace, perhaps faster than ever before. Businesses are scrambling to reap the rewards of these technologies, especially AI. But do they recognize the cybersecurity risks associated with these changes? The World Economic Forum’s latest Global Risks Report suggests not. Digital Era, Digital ThreatsWe are truly living in the digital age. This brings many benefits....