Blog

Blog

Industrial Remote Access: Why It’s Not Something to Fear

Increased uptime? Check. Better access to outside expertise? Check. Improved first-time-fix rate? Check. These are just some of the benefits of industrial remote access. Yet many customers are reluctant to embrace remote access. Not only that, but incidents such as the breach at the Oldsmar water utility might increase organizations’ reluctance to...
Blog

Hacking Tech Gifts: Brushing with Bluetooth

If high-tech gadgets were on your holiday shopping list, it is worth taking a moment to think about the particular risks they may bring. Under the wrong circumstances, even an innocuous gift may introduce unexpected vulnerabilities. In this blog series, VERT will be looking at some of the Internet’s best-selling holiday gifts with an eye toward...
Blog

VERT at the Movies: Cybergeddon

While I was teaching, one of my students asked if I had seen Cybergeddon, a film distributed by Yahoo! in 2012. I had not, so I decided it would be fun for VERT to watch the film and review it, since my hobby is writing film reviews for RotundReviews. Cybergeddon is not talked about as much as it should be given some of the background around it. It...
Blog

Cybersecurity Challenges for the European Railways

The European Union Agency for Cybersecurity (ENISA) released in November 2020 its “Cybersecurity in Railways” report to raise awareness about the cybersecurity challenges facing Europe's railways. The report identifies the current cybersecurity status and challenges as well as proposes cybersecurity measures to combat these challenges and enhance...
Blog

Scams Starting on Social Media and Targeting Your Business

Social media is no stranger to scams. However, recent trends show scammers have started to show more aggression toward businesses since the beginning of the pandemic. Being able to recognize these scams can help you prevent injury to your business. Social Media as a Newer Cybercrime Platform for Targeting Businesses Scammers go where the people...
Blog

Eight men arrested following celebrity SIM-swapping attacks

British police have arrested eight men in connection with a series of SIM-swapping attacks which saw criminals hijack the social media accounts of well-known figures and their families. The UK's National Crime Agency (NCA) says it made arrests in England and Scotland as part of an international investigation working alongside the FBI, US Secret...
Blog

VERT Threat Alert: February 2021 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s February 2021 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-928 on Wednesday, February 10th. In-The-Wild & Disclosed CVEs CVE-2021-1732 A vulnerability in Win32k that allows for privilege escalation has been exploited in the wild. The...
Blog

General Tips for Children & Teens on Safer Internet Day

On February 9, 2021, the world will celebrate the 18th iteration of Safer Internet Day. The theme of this year’s event is “Together for a better internet.” It’s a reminder that all of us have a responsibility to help make the web a safer place. One of the ways we can do this is by taking the online safety of children and teens to heart. In their...
Blog

Social Media Best Practices for Safer Internet Day

On February 9, 2021, the world will celebrate the 18th iteration of Safer Internet Day. It’s an opportunity for everyone to recognize the importance of staying safe online. It’s also a reminder that all of us play a part in making the web a safer place. One of the ways we can observe Safer Internet Day is by helping children and teens navigate...
Blog

Amazon Addresses Best Practice Secrets Management with AWS Secrets Manager

Data breaches are becoming increasingly common, and one factor driving this escalation is the fact that today’s IT systems are integrated and interconnected, requiring login information from multiple parties and services. In response, Amazon Web Services has launched the AWS Secrets Manager, a service designed to help organizations get a handle on...
Blog

Sloppy patches are a breeding ground for zero-day exploits, says Google

Security researchers at Google have claimed that a quarter of all zero-day software exploits could have been avoided if more effort had been made by vendors when creating patches for vulnerabilities in their software. In a blog post, Maddie Stone of Google's Project Zero team says that 25% of the zero-day exploits detected in 2020 are closely...
Blog

How the CIS Foundations Benchmarks Are Key to Your Cloud Security

Many organizations are migrating their workloads to the cloud. But there are challenges along the way. Specifically, security leaders are concerned about their ability to protect their cloud-based data using secure configurations. Tripwire found this out when it partnered with Dimensional Research to survey 310 professionals who held IT security...
Blog

Tripwire Patch Priority Index for January 2021

Tripwire's January 2021 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Dnsmasq and Oracle. First on the patch priority list this month are patches for Dnsmasq related to the seven so-called "DNSpooq" vulnerabilities. Dnsmasq is an open-source DNS forwarding application, and systems using this software should...
Blog

11 Respected Providers of IT Security Training

We at The State of Security are committed to helping aspiring information security professionals to reach their full potential. Towards that end, we compiled a two-part list of the top 10 highest paying jobs in the industry. Back in 2017, we even highlighted the U.S. cities that rewarded security personnel with the best salaries, amenities and other...