As we continue to embrace remote work, it’s crucial to keep our security practices sharp to protect both company and personal data. With increasing cyber threats, adhering to security best practices helps us safeguard our information and maintain our productivity. Here’s a quick guide to help you stay vigilant and secure while working remotely.Secure Your Home OfficePick a space that is private.Do...

Business email compromise (BEC) is a sophisticated type of phishing that uses social engineering and deception to obtain access to sensitive accounts, networks, and data. In these attacks, bad actors pose as organization executives to request funds transfers from other members of the organization. Playing on the trust that employees place in executives, this scam demands that the attacker gather...

The cybersecurity landscape is constantly changing as new technologies and threat trends emerge. Maintaining an effective cybersecurity strategy over time requires updating tools and practices with the evolution of cyberattacks, security capabilities, and business operations. Implementing the best tools for the most pressing issues as they arise has been the predominant tactic for many...

Fraud is a rampant threat to individuals and organizations worldwide and across all sectors. In order to protect against the dangers of fraud in its many forms, it is vital to stay in the loop on the latest fraud trends and the threat landscape.The Fraudscape 2024 report from Cifas, the UK’s Fraud Prevention Community, is an effort to share this information to help prevent fraud. The report is...

Cyberbiosecurity has emerged as an essential area of interest as the boundaries between the digital and biological sectors continue to blur. With rapid advancements in areas such as artificial intelligence, automation, and synthetic biology, the need for strong cyberbiosecurity protections has grown to safeguard the bioeconomy. As biotechnology evolves, it creates a complex landscape where...

What is ShrinkLocker?ShrinkLocker is a family of ransomware that encrypts an organisation's data and demands a ransom payment in order to restore access to their files. It was first identified by security researchers in May 2024, after attacks were observed in Mexico, Indonesia, and Jordan.So far, so normal. What makes it noteworthy?The ShrinkLocker ransomware is unusual because it uses VBScript...

In an era where innovative technologies are emerging left, right, and center, two of the most influential in recent years are experiencing exponential growth. Virtual Reality (VR) and Augmented Reality (AR) are immersive technologies that have now firmly integrated into numerous industries.As these technologies have become more prevalent in our personal and professional lives, they bring with them...

Data shows that financial motivation is a huge incentive for threat actors, which explains the rising prevalence of ransomware and other extortion breaches in the corporate world. In 2023 alone, business email compromise (BEC) complaints received by the FBI amounted to over 2.9 billion. SourceThis situation highlights an uncomfortable truth that has...

Scammers have leapt at the opportunity to exploit vulnerable UK residents by sending bogus messages telling them they need to take action to receive help with their winter heating bills. In July, the UK's new Labour Government announced that it was limiting who was eligible for assistance with their winter fuel bills by making eligibility means-tested. The controversial decision appears to have...

When tasked with the IT security of an organization, it can be easy to get bogged down in particulars and definitions and lose heart before you’ve even begun. With a plethora of terms to learn, details to secure, and moving parts to keep track of, building an effective cybersecurity strategy is no simple task. It requires a great deal of effort, planning, and coordination.Security is a crucial...

In today's cybersecurity landscape, controlling access to USB drives is critical, particularly for organizations looking to maintain compliance with regulations like NERC CIP and bolster their security posture. Unauthorized USB usage poses significant risks, from data exfiltration to malware injection. However, restricting USB access entirely isn't always practical. Instead, organizations can...

Understanding the threats we face is crucial to protecting against them. Industry research and reports are invaluable to this understanding, providing insights to inform mitigation efforts.Few cybersecurity reports are as valuable or comprehensive as the annual ENISA Threat Landscape Report (ETL). Now in its 20th year and published by the European Union Agency for Cybersecurity (ENISA), the ETL...

File Integrity Monitoring (FIM) is a key intelligence and audit tool in an advanced security portfolio. While it is a logical component to integrate into your Security Orchestration, Automation, and Response (SOAR) tooling, it’s important to consider your approach to ensure you can gain the most benefits from it.Classify FirstThe sensible starting place for your integration is to consider your FIM...

Tripwire's October 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft.First on the list are patches for Microsoft Edge, Office, Excel, and Visio that resolve remote code execution, elevation of privilege, and spoofing vulnerabilities.Next are patches that affect components of the core Windows operating system. These patches resolve over 80 vulnerabilities,...

Real Estate Fraud is Running Rampant in the USReal estate is an area ripe for fraud and scams: transactions usually involve large sums of money, convoluted paperwork, and messaging back and forth. Criminals can use a wide variety of methods to intercept legitimate communications or launch their own scams in order to deceive their targets.This type of fraud is on the rise right now in the United...

Cybersecurity threats to manufacturing and process plants come from a wide range of attack vectors, including supply chain, logistics, enterprise computing, remote connections, operator stations, programmable logic controllers, distributed control systems (DCSs), smart sensors, and new smart devices. Internet of Things (IoT) technologies offer greater connectivity and endless applications, but...

The industrial Internet of Things (IIoT) is growing rapidly. While that’s good news for businesses in terms of productivity and cost savings, these devices carry unique cybersecurity risks that demand attention. Amid such rising concerns, IIoT threat detection is a must.Why Organizations Need IIoT Threat DetectionIIoT endpoints are inherently risky because of the potential for lateral movement....

As the United States of America enters the final days of the race for the White House, the FBI has warned that fraudsters are using the presidential election campaign to scam citizens out of their savings and personal data.According to a public service announcement published by the Internet Crime Complaint Center (IC3), scammers who have previously exploited state and local elections are targeting...

You can’t do large-scale business in 2024 without having a successful, well-run IT infrastructure. Arguably, it’s difficult to do any sort of business well (large or small) without tuning your IT capabilities to your business objectives. This allows them to work as one, not against each other.COBIT is a framework created by ISACA (International Systems Audit and Control Association) to do this...

Security configuration management (SCM) is all about making sure your security systems do what you think they’re doing.In tennis, there is something called an unforced error. This is when a player loses points for a mistake they made themselves, not due to the skill of the other opponent. In a big way, security misconfigurations are those unforced errors on the security side or instances in which...