The US Coast Guard has been urged to improve the cybersecurity infrastructure of the Maritime Transportation System (MTS), which includes ports, waterways, and vessels essential for transporting over $5.4 trillion worth of goods annually.The Government Accountability Office (GAO) has warned in a report published this week that America's maritime transportation system lacks a proper cybersecurity...

Modern factories are increasingly relying on Industrial Internet of Things (IIoT) solutions. This shift is beneficial in many regards, including higher efficiency and transparency, but it also introduces unique cybersecurity concerns. Better vulnerability management for IIoT systems is essential if companies hope to make the most of this technology.The White House’s 2024 cybersecurity report named...

Today, I will be going over Control 2 from version 8.1 of the top 18 CIS Controls – Inventory and Control of Software Assets. I will go over the seven safeguards and offer my thoughts on what I’ve found.Key Takeaways for Control 2Reusability. The tools that were mentioned in Control 1 will be used in Control 2 as well. Reusing tools that accomplish goals for both Controls 1 and 2 can help cut...

By now, we should all be pretty well acquainted with phishing scams. They've been around for a very long time—nearly 30 years, in fact—and are the primary focus of most security awareness training programs and initiatives. Despite this, phishing remains remarkably effective, with over 90% of successful cyberattacks beginning with a phishing email. Why? Because these scams are constantly evolving...

Today’s VERT Alert addresses Microsoft’s February 2025 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1143 as soon as coverage is completed. In-The-Wild & Disclosed CVEsCVE-2025-21391A vulnerability in Windows Storage could lead to elevation of privilege, however, it is important to note that this would not give complete access to the file...

Building a vulnerability management (VM) program from the ground up is no small feat. It requires technical expertise, organizational buy-in, and a clear roadmap. In recent months, I’ve been working with a client who had to discard their legacy approach and start afresh. We came to realize just how many components have to come together to get a decent start on a VM project while also showing value...

QR codes have revolutionized digital interactions, offering quick access to websites and services and adding a layer of security to many apps. These quick and seemingly innocent codes are everywhere — however, their widespread use has made them a prime target for scammers. The corruption QR codes leaves everyone vulnerable. However, there are simple methods to protect against this threat.What Is ...

In early December 2024, the UK's National Cyber Security Center (NCSC) released its eighth Annual Review. While the report's primary focus is to recap the NCSC's activities over the past year, it also offers invaluable insights into how the UK thinks about and plans to act on cybersecurity. In this article, we'll look at a few of its key takeaways.UK in "A Contest for Cyberspace"The overarching...

British legal professionals have seen a "significant surge" in data breaches, according to new research from NetDocuments, a firm that provides a cloud-based content management platform for the legal sector.The firm has described how it analysed data from the UK regulator the Information Commissioner's Office (ICO), and discovered that the number of data breaches in the country's legal sector had...

Creating an enterprise security-first culture is one of the most impactful things a CISO can do to protect their organization. Sure, high-tech solutions and fancy tools are important, but they are largely ineffective when staff are unable or unwilling to play their part in preventing, identifying, and reporting security incidents.However, in the quest to develop a positive cybersecurity culture,...

A California man has been sentenced to seven years in prison for his involvement in a fraudulent scheme that saw over 50 individuals and organisations lose millions of dollars.59-year-old Allen Giltman, of Irvine, California, pleaded guilty to charges that he and his co-conspirators built a network of fraudulent websites impersonating legitimate financial institutions.According to a US Department...

The cyber threat to critical infrastructure has never been greater. The growing sophistication of cybercriminals, deteriorating geopolitical relations, and the convergence of operational technology (OT) and information technology (IT) have created unprecedented risks for critical infrastructure organizations. Fortunately, resources are available to help these organizations protect themselves.In...

Key Takeaways for Control 3At the heart of a strong data management plan is awareness surrounding the 'Five Ws' of the enterprise's data:What data does the enterprise store or handle?Who should have access to it?Where is it stored or accessed?When should it be deleted?Why does it need protection?A comprehensive data management plan incorporates the answers to these questions with policy decisions...

Tripwire's January 2025 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft.First on the list are patches for the Microsoft office platform, including Word, Access, Visio, Excel, OneNote, and Outlook. These patches resolve 13 issues such as remote code execution and security feature bypass vulnerabilities.Next are patches that affect components of the core Windows...

Data breaches continue to cost organizations millions of dollars each year, with costs rising steadily. According to IBM's 2024 Cost of a Data Breach Report, the average cost of a data breach has surged to $4.88 million globally, reflecting the increasing complexity and sophistication of cyberattacks. In the United States, this figure is even higher, averaging $9.8 million per breach, and the...

It’s been a tough year for the healthcare sector. Throughout 2024, cybercriminals have unleashed a barrage of attacks on a vast number of healthcare organizations - with disconcerting levels of success. FBI research revealed that healthcare is now the US’s most targeted industry.The attack on Change Healthcare, a United Health-owned health tech company, for example, disrupted operations at...

Small businesses may think they don’t need to implement cybersecurity training programs because larger enterprises with more revenue are more profitable for bad actors. However, small businesses lacking essential security measures are prime targets due to the ease of access and fewer resources for investigation and remediation. While cybersecurity solutions can be an indispensable part of a robust...

Key Takeaways for Control 4Most fresh installs of operating systems or applications come with preconfigured settings that are usually insecure or not properly configured with security in mind. Use the leverage provided by multiple frameworks such as CIS Benchmarks or NIST NCP to find out if your organization needs to augment or adjust any baselines to become better aligned with the policies your...

Investment scams are a growing problem. Modern cybercriminals are increasingly using this technique to swindle money out of unsuspecting victims. It’s easy to understand why: investment scams are remarkably effective. Research from Barclays even found that they accounted for a staggering 33% of all money lost to scammers in 2023.It’s clear then that many people don’t know how to identify an...

In the early part of 2024, the Center for Internet Security (CIS) released the latest version of the well-respected Critical Security Controls (CSC). The new version, 8.1, adds contours to the prior versions, making it more comprehensive and timely in today’s challenging cybersecurity environment.The CIS CSC has been a valued source of guidance for many organizations since its initial release in...