Return on investment: is it worth the money? That is the central question in deciding on any procurement. Demonstrating ROI on cybersecurity products is notoriously difficult and is one of the underlying reasons for the poor state of our nation’s cybersecurity posture. Ah, but here’s the rub: showing tangible ROI on cybersecurity products is...

I have been on the receiving end of many vendor security assessments from customers and prospects. Here are some tips to increase the likelihood that you’ll get a timely, usable response to the next vendor security assessment that you send out. Understand what data you will be providing One size doesn’t fit all. The level of attention and...

“The best defense is a good offense.” History credits Revolutionary War hero George Washington with being among the first to vocalize this concept, later famously echoed by heavyweight boxing champ Jack Dempsey and football god Vince Lombardi. And it’s easy to see what they mean. The idea is that being proactive—going on the offense instead of...

A spam campaign is using two recent crashes involving Boeing 737 Max aircraft to distribute malware to unsuspecting users. Discovered by 360 Threat Intelligence Center, a research division of 360 Enterprise Security Group, the campaign sends out attack emails that come from "[email protected]" with the subject line "Fwd: Airlines plane crash Boeing 737...

Digital attackers are targeting high-profile Instagram users with fake copyright infringement notifications in a bid to hijack their accounts. Detected by Kaspersky Lab, this scheme begins when an Instagram influencer receives an email notification informing them that their "account will be permanently deleted for copyright infringement." The email...

Caller ID spoofing has become a real nuisance with machines and scammers hiding behind a number that they are not authorized to use. This creates the need to prevent illegitimate calls from using random numbers. In the meantime, have you ever wondered how easy it is to spoof a caller ID? What software is needed? There are many online services that...

Digital attackers are sending out fake flu warnings that appear to come from the U.S. Center for Disease Control (CDC) in order to distribute GandCrab ransomware. An attack begins when a user receives a fake CDC email. The sender field claims that the email came from "Centers for Disease Control and Prevention." But a closer look reveals the sender...

Take a look at the security headlines, and you'll see report after report of businesses and large organisations being hacked. Sensitive databases are accessed, passwords are stolen, email archives are plundered, innocent people are put at risk and corporations get a kick up the backside that they need to take security more seriously. But what you...

Understanding vulnerability scoring can be a daunting task, but a good starting point is first understanding risk and being able to distinguish risk from a vulnerability. Both have been used interchangeably throughout the years. A vulnerability is some aspect of a systems functioning, configuration or architecture that makes the resource a target of...

Tripwire has been in the business of providing vulnerability management solutions with IP360 for about 20 years. With over 20,000 vulnerabilities discovered last year alone, vulnerability management continues to be an important part of most security plans. And most organizations agree. In a recent survey, 89 percent of respondents said that their...

Today’s VERT Alert addresses Microsoft’s March 2019 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-821 on Wednesday, March 13th. In-The-Wild & Disclosed CVEs CVE-2019-0754 This CVE describes a Denial of Service vulnerability that could cause a target system to stop responding when code...

A new sextortion scam is informing victims that their computers suffered a malware infection after they visited an adult website. In this latest ruse, digital criminals claim that they infected a user with malware after they visited a child pornography website. They then say that they leveraged that infection to capture compromising video footage of...

Your company has decided to adopt the Cloud – or maybe it was among the first ones that decided to rely on virtualized environments before it was even a thing. In either case, cloud security has to be managed. How do you go about that? Before checking out vendor marketing materials in search of the perfect technology solution, let’s step back and...

A variant of the STOP ransomware family is downloading the Azorult infostealer onto victim's machines as part of its infection process. Security researcher Michael Gillespie was the first to detect this malicious activity. While testing some of the crypto-malware family's newer variants, he noticed that some of them were creating traffic indicative...

It can be hard to know how to best allocate your federal agency’s resources and talent to meet FISMA compliance, and a big part of that challenge is feeling confident that you’re choosing the right cybersecurity and compliance reporting solution. A Few FISMA SI-7 Basics So what sorts of specifications do you need to look for, and why? While the...

Two smart car alarm systems suffered from critical security vulnerabilities that affected upwards of three million vehicles globally. Researchers at Pen Test Partners independently assessed the security of products developed by Viper and Pandora, two of the world's largest and most well-known vendors of smart car alarms. With both systems, they...

The U.S. government had its longest government shutdown in history between December 22, 2018, and January 25, 2019. It’s not yet clear what overall impact this closure had on U.S. digital security. In the short term, a SecurityScorecard report found that federal agencies’ network security ratings slightly declined but that both their endpoint...

Following a ransomware attack at a medical billing company, thousands of patients are being warned that their highly sensitive medical information and personal details were amongst the breached data. Michigan-based Wolverine Solutions Group (WSG) says that it discovered its systems had suffered a security breach on September 25 last year. Malware...