Resources

Blog

Insider Risk Hits Closer to Home

If you’re busy securing the perimeter, mandating strong authentication practices, and restricting software downloads, you may be missing the mark. (Just to be clear: if you are doing those things, keep it up. You’re off to a good start, and none of what follows here replaces classic and vital cybersecurity measures.) Protecting your organization...
Blog

The Real Value-Add of Red Teaming

They say character isn’t gained in a crisis; it’s displayed in one. By the time the disaster hits, the time for preparation has passed. But what if you could go through that earth-shattering event beforehand so when the time came, you’d be ready? Well, in security, you can. And it's not called cheating – it's called Red Teaming. It’s done...
Blog

2023 Zero Trust Security Report Highlights

Zero trust is a hot topic in cybersecurity, and for a good reason. There is no one-size-fits-all solution to securing your data and networks; rather, zero trust offers a more holistic perspective comprised of many different safety measures and practices and a shift in perspective on security. As threat actors step up their efforts and business...
Blog

SBOM Security: Fundamentals and Best Practices

What Is an SBOM (Software Bill of Materials)? A software bill of materials (SBOM) is a comprehensive, structured inventory of all components, libraries, and dependencies used within a software product or application. It typically includes information about the names, versions, and licensing details of each component. SBOM plays a critical role in...
Blog

How to Protect Against the Four Largest Cybersecurity Threats to Your Supply Chain

Digital technology is becoming an increasingly essential part of nearly every industry, and supply chains are no exception. In recent years, supply chains have become more dependent on digital solutions, from manufacturing, packing, and shipping processes, to storing records in the cloud. While digital technology increases speed, efficiency, and...
Blog

Top 5 Malware Trends on the Horizon

Cybercrime has become a dominant concern for many businesses, as well as individuals. Cybercriminals will target any business, and any individual if they can realize a profit from their minimal efforts. One of the ways that criminals achieve their goals is through the use of malware that garners a fast profit, such as ransomware. More enterprising...
Blog

PCI DSS 4.0 Requirements – Protect from Malicious Software and Maintain Secure Systems and Software

We often hear how a company was compromised by a sophisticated attack. This characterization contains all the romantic thrill of a spy movie, but it is usually not how most companies are victimized. Most breaches usually happen as a result of malware entering the environment. The need to protect against malware is addressed in progressive degrees in...
Blog

The Wonderful Cybersecurity Community: Watching Past Employees Succeed

The cybersecurity community is one of the best communities around. Whether it is our peers, our colleagues, or our managers, there are a number of great qualities that we all share. That’s one of the reasons that we’re so lucky to work in this industry. One of the more interesting aspects of the industry is that there are so many ways to accomplish...
Blog

VERT Threat Alert: June 2023 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s June 2023 Security Updates, which include a new release notes format. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1060 on Wednesday, June 14th. In-The-Wild & Disclosed CVEs There were no in-the-wild or disclosed CVEs in the June Patch Tuesday drop. CVE Breakdown...
Blog

ChatGPT and Data Privacy

In April 2023, German artist Boris Eldagsen won the open creative award for his photographic entry entitled, Pseudomnesia: The Electrician. But, the confusing part of the event for the judges and the audience was that he refused to receive the award. The reason was that the photograph was generated by an Artificial Intelligence (AI) tool. It was...
Blog

Minding Your Data Leaks: Simple Steps to Help Prevent Leaks

If you mention data leakage to most people, they may think that it sounds like a problem for a plumber, but the phrase “data leak” has specific and troubling concerns for a business. Data leakage is a particular security threat, and there are many sources for data leaks. Data Breach Versus Data Leak Data breaches occur when an attacker from...
Blog

The Role of the SEC in Enforcing InfoSec Legislation

What is the SEC? Founded 85 years ago at the height of the Great Depression, the Securities and Exchange Commission (SEC) has a clear mission: to protect investors, maintain fair, orderly, and efficient markets, and facilitate capital formation. Put simply, the SEC aims to protect US investors by maintaining a fair market. The SEC doesn’t work...
Blog

Malware menaces Minecraft mods

If you, or your kids, are fans of Minecraft - you might be wise not to download any new mods of plugins for a while. Computer security researchers say that they have uncovered that cybercriminals have succeeded in embedding malware named "Fracturizer" within packages and plugins used to modify the behaviour and appearance of the phenomenally...
Blog

Offbeat Social Engineering Tricks in a Scammer’s Handbook

Contrary to stereotype, today’s cyberattacks aren’t limited to complex tactics such as the use of zero-day exploits or polymorphic malware that flies under the radar of traditional defenses. Instead of going the extra mile to set such schemes in motion, most threat actors take a shortcut and piggyback the human factor. A combination of a would-be...
Blog

Tripwire Patch Priority Index for May 2023

Tripwire's May 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the patch priority list this month are patches for Microsoft Edge. These patches resolve elevation and security feature bypass vulnerabilities. Up next are 3 patches for Microsoft Office, Word, Excel, and Access that resolve remote code...
Blog

PCI DSS 4.0 Requirements – Protect Stored Account Data and Protect Cardholder Data During Transmission

If someone asked you “are you protecting your data,” your initial response would probably be to clarify what they are referring to specifically, since the question is so broadly stated. You could just reply with a terse “Yes,” but that is as open-ended and nebulous as the question. The general idea of data protection encompasses so many areas, from...
Blog

What APIs Do and Don’t Do

It’s hard to be in the realm of technology and not hear about APIs these days. Whether it’s the launch of the ChatGPT API or news of a significant data breach at Twitter, APIs are having their time in the spotlight. Yet, despite their ubiquity, many still have questions about APIs' capabilities (and limitations). What are APIs for? What do they do?...
Blog

Has Ransomware Turmoil Started Slowing Down for Good?

On the surface, ransomware – malicious software designed to block access to a computer system until a sum of money is paid – appears to be off to yet another ruthless start in 2023 as one of the leading types of malware. Recent victims of public attacks in North America include industries such as health care, communication, education, and even...