A huge reward is being offered for information leading to the identification or location of any of the leaders of the LockBit ransomware gang. The bounty offer comes from the US State Department, following this week's disruption of the criminal organisation's activities. LockBit, which has been operating since 2020, has targeted thousands of...

Many of the breaches of the past ten years have taken advantage of weak or nonexistent security settings. Conversely, for example, companies that configured their Docker application to the CIS recommended security settings for container users and privileges were not as vulnerable to container escape exploits. Arguably, a configuration change...

As we are well into 2024 now, we at Fortra want to continue our commitment to empowering you all with the knowledge and tools needed to protect you, your organization, and even your family. This year, we will be looking more and more at the human element, and provide you with methods to practice repeatable, real-world techniques to ingrain positive...

Last year, the Securities and Exchange Commission adopted rules on cybersecurity risk management that focused on transparency. Much of the adopted rules were focused on investors, but the rules also underscored the importance of the impact to customers when cybersecurity incidents occur. The data security landscape has recently shifted to...

Over the years, PayPal has earned a reputation for being a secure and easy way to send and receive money. However, no payment system is entirely immune to scams, and cybercriminals often exploit these platforms due to their widespread popularity and trust among users. PayPal is the most widely used online payment system in the US, making it a...

Today, almost every organization is engaged with a third-party vendor at some level when offering products or services. Take, for instance, an e-commerce business that may not be able to function properly unless multiple third-party integrations are involved, such as CRMs, payment gateways, live chat APIs, or a shipping gateway, to name a few....

A recent report from Duke University's Sanford School of Public Policy has shed light on a concerning issue - data brokers are selling vast amounts of highly sensitive information about American military service members. This includes private data about active-duty personnel, veterans, and their families, encompassing sensitive health and financial...

The digital landscape is ever-changing, causing cybersecurity to often feel like a moving target. Thankfully, the NSA 2023 Cybersecurity Report arrives to provide critical information and context to help organizations keep their peace of mind. This comprehensive report, drawing insights from a wide range of industries, delves into the pressing...

Good news for organisations who have fallen victim to the notorious Rhysida ransomware. A group of South Korean security researchers have uncovered a vulnerability in the infamous ransomware. This vulnerability provides a way for encrypted files to be unscrambled. Researchers from Kookmin University describe how they exploited an implementation...

Today’s VERT Alert addresses Microsoft’s February 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1093 as soon as coverage is completed. In-The-Wild & Disclosed CVEs CVE-2024-21351 This CVE describes a bypass in the Windows SmartScreen Security Feature. At this point, these bypasses...

With all the technology we have today, installing software updates has become a near-daily, full-time activity. Patch management for large-scale enterprise IT systems can be one of the most stressful parts of an IT professional’s job. In today’s large and evolving IT networks where many new services are going online every day and software components...

In the ever-evolving landscape of cybersecurity, businesses and individuals find themselves in a relentless battle against the surge of cybercrime, which continues to escalate in complexity and frequency. Despite the significant investments in cutting-edge cybersecurity solutions, the financial toll of cybercrime persists, with costs escalating...

Today’s BEC attacks are more nuanced, more accessible, less technically demanding, and consequently, more dangerous than ever before. In our report, 2023 BEC Trends, Targets, and Changes in Techniques, we take a hard look at the anatomy of Business Email Compromise (BEC) attacks today and the lures that are drawing users to the bait in record...

New research shows a 704% increase in deepfake "face swap" attacks from the first to the second half of 2023. A report from biometric firm iProov warns that "face-swapping" fraudsters are increasingly using off-the-shelf tools to create manipulated images and videos. iProov's analysts are tracking over 100 face swap apps and repositories, meaning...

In recent times, the remarkable advancement of AI has revolutionized our technological landscape. Its profound benefits have not only enhanced the efficiency of our daily operations but also induced transformative shifts across industries. The impact of AI has made our lives more convenient, creating new opportunities in the digital world. Looking...

Last year, text scammers prowling around on messaging platforms like WhatsApp sent a staggering 19 million messages in December alone. When ploys like these can rake up over $10 million in a matter of months, it's easy to see why. Which WhatsApp messages are real this year, and which are not? With social engineering attacks, it's increasingly...

Technology has recently been evolving at the speed of light. We have seen the onset of increased cyber threats across all industries. Gone are the times when threat actors had a specific goal and target. We now live in an age where robots collect, collate, and save information for a more opportune and profitable day. It is ever more important to...

Kubernetes has emerged as the leading platform for orchestrating containerized applications. However, developers and administrators rely on an ecosystem of tools and platforms that have emerged around Kubernetes. One of these tools is Helm, a package manager that simplifies Kubernetes deployments. However, with the convenience and efficiency Helm...

The 49ers and Kansas City Chiefs aren’t the only ones with a big game to play on February 11th; this year, cybercriminals and cyber defenders will be facing off behind the scenes in a Super Bowl-sized bout of their own. While the game will be in Vegas, attacks could be pouring in from all over the world; jamming the airwaves, taking advantage of...

Tripwire's January 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, Apple, Google, and Atlassian. First on the patch priority list are patches for Apple, Google Chromium V8, and Atlassian Confluence Data Center and Server. These CVEs have been added to CISA's Known Exploited Vulnerabilities (KEV) catalog. For...