As we pass the halfway mark of 2024, data breaches remain on the rise. Cybercriminals are finding more and more inventive ways to infiltrate organizations, exploiting vulnerabilities in networks, software, and human behavior. From phishing schemes and ransomware attacks to insider threats and supply chain compromises, the threat of cyber attacks continues. This is bad news, especially for certain...

As the 2024 Olympic Games in Paris approach, organizers are intensifying cybersecurity measures in response to warnings from experts and law enforcement agencies about a likely surge in cyberattacks. The Games, set to start on 26 July this year, are projected to sell over 13 million tickets and attract more than 15 million visitors to Paris, generating around 11 billion euros in economic activity...

Artificial Intelligence (AI) is now integrated into almost every available technology. It powers numerous real-world applications, from facial recognition to language translators and virtual assistants. AI offers significant benefits for businesses and economies by boosting productivity and creativity. However, it still faces practical challenges. Machine learning often requires substantial human...

Zero Trust maturity might be one of the least understood security buzzwords of our era. The term “Zero Trust” was originally coined over a decade ago and described the principle of not assigning digital trust to any entity, ever, for free. It represented a fundamental paradigm shift from the trust-happy early internet days to the threat-filled cyber landscape we now know.Since then, companies have...

In the past four years, cyberattacks have more than doubled. Cybercriminals are leveraging emerging technologies like artificial intelligence (AI) to facilitate more sophisticated attacks. Geopolitical tumult has increased cyber risk. Couple these factors with a near-ubiquitous desire for businesses to expand their operations, and it’s easy to understand the need for scaling Security Operations...

I recently came across the "Johari Window Model" and thought this would be a good way to gain inspiration to explain the conundrum faced by many cybersecurity customers. The table below shows us the breakdown of the stages that are applicable not just to IT and OT environments but also to other facets of our daily lives. This model can be applied...

The Internet of Things (IoT) refers to the global network of physical devices connected to the internet, capable of collecting and sharing data. IoT devices range from everyday household items to sophisticated industrial tools. By integrating sensors and communication hardware, IoT bridges the gap between the physical and digital worlds, enabling environments where smart devices operate...

What is Qilin?Qilin (also known as Agenda) is a ransomware-as-a-service criminal operation that works with affiliates, encrypting and exfiltrating the data of hacked organisations and then demanding a ransom be paid.Qilin seems like a strange name. Where does it come from?The Qilin is a creature from Chinese mythology that combines the features of a dragon and a horned beast. Sometimes, it is...

We often interview InfoSec professionals who came to the profession from other areas of technology. Many network engineers, system administrators, and developers found it easy to make the transition to information security. The previous skills were easily applied to cybersecurity. However, in rare instances, an individual can connect a seemingly unrelated specialty to the world of InfoSec. This is...

Tripwire's June 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft and Adobe.First on the list this month is a patch for Microsoft Windows Error Reporting (CVE-2024-26169). This CVE is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.Next on the list are patches for Microsoft Edge (Chromium-based) and Chromium that resolve use after free, heap...

The successful implementation of new tools and processes hinges not just on the technology itself but on meticulous project management. From ensuring secure access to the underlying infrastructure, a new tool will be implemented upon defining clear goals and understanding the security footprint of the service. Even the earliest steps of your rollout can be important in the long run. Getting all...

Integrity is a vital component of any cybersecurity policy, making up one-third of the CIA Triad. However, until recently, the industry has had a limited understanding of the term, using it primarily in the context of data security. Integrity means so much more than this principle alone: it impacts every facet of an information system and can drive an organization's entire security program. ...

As summer approaches, many of us are eagerly planning our much-awaited vacations. Whether you're jetting off to exotic destinations or embarking on a road trip closer to home, it's important to remember that cybersecurity should be a part of your travel checklist. From safeguarding your devices to protecting your personal information, here are some easy-to-follow tips to ensure a cyber-safe summer...

With 86% of UK adults using a form of online or remote banking and high street banks closing in record numbers, banking websites have become an integral part of our daily lives. They have changed how we manage our money, allowing us to send and receive money from anywhere in the world, open or close accounts at the click of a button (or tap or a screen), and avoid queuing in physical banks. They...

Security-Enhanced Linux (SELinux), initially known for its perceived complexity in configuration and maintenance, has evolved into an indispensable security architecture across most Linux distributions. It empowers administrators to finely control the actions permitted to individual users, processes, and system daemons, thereby bolstering defense against potential security breaches. Through the...

The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that scammers are impersonating its employees in an attempt to commit fraud. In an alert posted on the CISA website, the organisation warned that so-called impersonation scams are on the rise. An impersonation scam is any type of fraud where a criminal pretends to be a trusted individual or organisation to dupe a victim...

The Verizon 2024 Data Breach Investigations Report noted a 180% increase in exploited vulnerabilities over the previous year’s figures. The importance of keeping an up-to-date vulnerability management policy for remediating and controlling security vulnerabilities cannot be understated. 1. Overview: Summary of Vulnerability Management Policy Taking the time to give a short summary of the policy...

Many companies strive to achieve the best security possible. Along the path to improved security, many companies are also required to meet various compliance standards. In some cases, compliance is also a regulatory requirement. This crossroad between security and compliance can sometimes seem at odds with the organization’s goals. Compliance does...

Today’s VERT Alert addresses Microsoft’s June 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1110 as soon as coverage is completed. In-The-Wild & Disclosed CVEs CVE-2023-50868 The only disclosed vulnerability we have this month, is CVE-2023-50868, a DNSSEC protocol level vulnerability that can lead to denial of service. The...

Exploring the intricate relationship between people and cybersecurity opens up a dynamic landscape where individuals' decisions, habits, and intentions significantly impact the safety and integrity of digital systems. Cybercriminals are savvy opportunists, and like pickpockets, they go where the crowds are. They scan the virtual world, identifying weaknesses in the popular sites and systems...