Resources

Blog

ShrinkLocker Ransomware: What You Need To Know

What is ShrinkLocker?ShrinkLocker is a family of ransomware that encrypts an organisation's data and demands a ransom payment in order to restore access to their files. It was first identified by security researchers in May 2024, after attacks were observed in Mexico, Indonesia, and Jordan.So far, so normal. What makes it noteworthy?The ShrinkLocker ransomware is unusual because it uses VBScript...
Blog

Exploring the Security Risks of VR and AR

In an era where innovative technologies are emerging left, right, and center, two of the most influential in recent years are experiencing exponential growth. Virtual Reality (VR) and Augmented Reality (AR) are immersive technologies that have now firmly integrated into numerous industries.As these technologies have become more prevalent in our personal and professional lives, they bring with them...
Live Event
Are you interested in using the MITRE ATT&CK framework to determine your cybersecurity posture and stop the kill chain in its tracks? Or wondering how to evaluate the effectiveness of your cybersecurity tools? The MITRE ATT&CK framework helps create better informed cybersecurity teams as well as better informed cybersecurity buyers. At a time when every dollar counts, knowing...
Blog

CIS Control 13: Network Monitoring and Defense

Networks form a critical core for our modern-day society and businesses. People, processes, and technologies should be in place for monitoring, detecting, logging, and preventing malicious activities that occur when an enterprise experiences an attack within or against their networks.Key Takeaways for Control 13Enterprises should understand that their systems and networks are never perfectly...
Blog

The Rising Cost of Cybersecurity: How Companies Can Effectively Communicate the Value of Protection

Data shows that financial motivation is a huge incentive for threat actors, which explains the rising prevalence of ransomware and other extortion breaches in the corporate world. In 2023 alone, business email compromise (BEC) complaints received by the FBI amounted to over 2.9 billion. SourceThis situation highlights an uncomfortable truth that has...
Blog

VERT Threat Alert: November 2024 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s November 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1132 as soon as coverage is completed. In-The-Wild & Disclosed CVEsCVE-2024-43451A vulnerability that allows for NTLMv2 hash disclosure has been both publicly disclosed and actively exploited. According to Microsoft, only minimal...
Blog

Winter Fuel Payment Scam Targets UK Citizens Via SMS

Scammers have leapt at the opportunity to exploit vulnerable UK residents by sending bogus messages telling them they need to take action to receive help with their winter heating bills. In July, the UK's new Labour Government announced that it was limiting who was eligible for assistance with their winter fuel bills by making eligibility means-tested. The controversial decision appears to have...
Blog

IT Security Terms: Regulations, Standards, Controls, Frameworks, and Policies - Where to Start!?

When tasked with the IT security of an organization, it can be easy to get bogged down in particulars and definitions and lose heart before you’ve even begun. With a plethora of terms to learn, details to secure, and moving parts to keep track of, building an effective cybersecurity strategy is no simple task. It requires a great deal of effort, planning, and coordination.Security is a crucial...
Blog

Creating a Real-Time USB Monitoring Rule for Enhanced Security and Compliance

In today's cybersecurity landscape, controlling access to USB drives is critical, particularly for organizations looking to maintain compliance with regulations like NERC CIP and bolster their security posture. Unauthorized USB usage poses significant risks, from data exfiltration to malware injection. However, restricting USB access entirely isn't always practical. Instead, organizations can...
Blog

A Snapshot of Cyber Threats: Highlights from the ENISA Threat Landscape 2024 Report

Understanding the threats we face is crucial to protecting against them. Industry research and reports are invaluable to this understanding, providing insights to inform mitigation efforts.Few cybersecurity reports are as valuable or comprehensive as the annual ENISA Threat Landscape Report (ETL). Now in its 20th year and published by the European Union Agency for Cybersecurity (ENISA), the ETL...
Blog

How to Integrate FIM with SOAR Platforms

File Integrity Monitoring (FIM) is a key intelligence and audit tool in an advanced security portfolio. While it is a logical component to integrate into your Security Orchestration, Automation, and Response (SOAR) tooling, it’s important to consider your approach to ensure you can gain the most benefits from it.Classify FirstThe sensible starting place for your integration is to consider your FIM...
Blog

CIS Control 14: Security Awareness and Skill Training

Users who do not have the appropriate security awareness training are considered a weak link in the security of an enterprise. These untrained users are easier to exploit than finding a flaw or vulnerability in the equipment that an enterprise uses to secure its network. Attackers could convince unsuspecting users to unintentionally provide access to the enterprise network or expose sensitive...
Blog

Tripwire Patch Priority Index for October 2024

Tripwire's October 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft.First on the list are patches for Microsoft Edge, Office, Excel, and Visio that resolve remote code execution, elevation of privilege, and spoofing vulnerabilities.Next are patches that affect components of the core Windows operating system. These patches resolve over 80 vulnerabilities,...
Blog

Real Estate Fraud is Running Rampant in the US

Real Estate Fraud is Running Rampant in the USReal estate is an area ripe for fraud and scams: transactions usually involve large sums of money, convoluted paperwork, and messaging back and forth. Criminals can use a wide variety of methods to intercept legitimate communications or launch their own scams in order to deceive their targets.This type of fraud is on the rise right now in the United...
Blog

What Is the ISA/IEC 62443 Framework?

Cybersecurity threats to manufacturing and process plants come from a wide range of attack vectors, including supply chain, logistics, enterprise computing, remote connections, operator stations, programmable logic controllers, distributed control systems (DCSs), smart sensors, and new smart devices. Internet of Things (IoT) technologies offer greater connectivity and endless applications, but...
Blog

Strategies for Implementing Effective Threat Detection in IIoT

The industrial Internet of Things (IIoT) is growing rapidly. While that’s good news for businesses in terms of productivity and cost savings, these devices carry unique cybersecurity risks that demand attention. Amid such rising concerns, IIoT threat detection is a must.Why Organizations Need IIoT Threat DetectionIIoT endpoints are inherently risky because of the potential for lateral movement....
Guide

Navigating Industrial Cybersecurity:

Nearly every aspect of modern life depends upon the uninterrupted function of industrial control systems (ICS). ICSs keep the lights on, ensure clean drinking water, and provide other critical infrastructure processes. Beyond power, energy, and other utilities, ICSs are also responsible for the manufacturing of your computer, your car, and countless other physical items we rely on every day.It’s...
Blog

Fraudsters Exploit US General Election Fever, FBI Warns

As the United States of America enters the final days of the race for the White House, the FBI has warned that fraudsters are using the presidential election campaign to scam citizens out of their savings and personal data.According to a public service announcement published by the Internet Crime Complaint Center (IC3), scammers who have previously exploited state and local elections are targeting...
Live Webinar
The Center for Internet Security (CIS) Critical Security Controls (CSC) are a trusted source of truth in the cybersecurity community. Many organizations implement the CIS CSC framework to ensure their cybersecurity programs are functioning at peak effectiveness. The latest iteration, CIS CSC v8.1, was released earlier this year. Join Matthew Jerzewski, Cybersecurity Researcher...
Blog

Understanding SOX Requirements for IT and Cybersecurity Auditors

The Sarbanes-Oxley Act (SOX) is a United States federal law that aims to enhance corporate transparency and accountability. Signed into law on July 30th, 2002, the Act came in response to a slew of major corporate accounting scandals, including those involving Enron and WorldCom, that came to light in the early 2000s.Its primary aim is to enhance corporate transparency and accountability, ensuring...