Tripwire's August 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, Adobe and Google.First on the list are patches for Microsoft Edge and Google Chromium that resolve 12 vulnerabilities, including information disclosure, remote code execution, and memory corruption vulnerabilities.Up next are patches for Microsoft Outlook, PowerPoint, Visio, Excel, Project,...

File Integrity Monitoring (FIM) is a cybersecurity process that involves continuously monitoring files and systems to identify any unauthorized changes. FIM solutions maintain file integrity by comparing a file or system's current state to a known, trusted baseline and flagging any discrepancies. It is key for identifying security breaches, preventing data tampering, and maintaining compliance...

When outsourcing the IT department was first introduced, many business owners hailed it as the solution to all their technology problems. The promise of reduced headcount, less overhead and sunk costs, as well as reduced management responsibilities, seemed like a gift that would boost profits. When cloud computing entered the business world, the same promises were realized. However, shifting...

Effectively acting as an invisible shield, the inner workings of IoT security are often taken for granted. However, we can focus and shine a light on the protocols and practices that provide the foundation of IoT security to help others see how these efficiently operate behind the scenes to protect complex networks of interconnected devices.We will consider everything from everyday smart home...

Cybercrime is a major concern for individuals, businesses, and governments alike. As technology advances, so do the tactics and sophistication of those who seek to exploit it for nefarious purposes. Data shows that, on average, a cyber attack occurs every 39 seconds, affecting one in three Americans annually.Recognizing the human element behind these cyber threats is crucial in combating them...

The demand for robust security, transparency, and accountability is at an all-time high, and many businesses are relying on managed service providers (MSPs) to manage their IT infrastructure, ensure data security, or provide seamless operational support. Concurrently, MSPs must continuously innovate and differentiate their offerings to meet the growing needs of businesses.The wide range of MSPs...

The cyber threat landscape continues to be an unpredictable challenge for organizations as more of them embrace digitization. When it comes to maintaining stability and security in the age of rampant cyber attacks and record levels of data breaches plaguing businesses sector-wide, the importance of cyber hygiene cannot be overstated.Cyber threats are evolving and growing in sophistication with...

IT infrastructure management is a complex task. Over the years, various methods have been used to better manage corporate environments. Whether it is network monitoring, asset control, application monitoring, or any of the other infrastructure management obligations, different solutions have been attempted to make the job easier. These undertakings became even more challenging as infrastructure...

In the second quarter of 2024, UK businesses faced cyber-attacks every 44 seconds, highlighting the persistent nature of cyber threats and the critical need for robust cybersecurity protocols. This frequency of attacks shines the spotlight on the ongoing challenge UK businesses face in protecting their digital assets. It also stresses the importance of implementing comprehensive security measures...

What Is Authentication?Authentication is the process of verifying the identity of a user or system. It is a critical component of security, ensuring that only authorized individuals or entities can access sensitive information or systems.There are several methods of authentication, including knowledge-based factors (something you know, like a password), possession-based factors (something you have...

Today’s VERT Alert addresses Microsoft’s August 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1119 as soon as coverage is completed.In-The-Wild & Disclosed CVEsCVE-2024-38178CVE-2024-38178 describes a vulnerability in the Microsoft Edge scripting engine when run in Internet Explorer Mode. On top of requiring Edge be running in...

Social engineering is a dangerous weapon many cybercriminals use to achieve their nefarious goals. It leverages psychological manipulation to deceive individuals into divulging confidential or personal information. Unlike traditional hacking, which relies on exploiting software vulnerabilities, social engineering targets human vulnerabilities.Here are the most common types of social engineering...

Many people don’t realize that scams are complicated events orchestrated by scammers, which often include myriad persuasive techniques and take advantage of our individual characteristics and circumstances.While each scam varies in complexity, they typically progress through three broad stages, each influenced by factors that either heighten or diminish our vulnerability to becoming victims. Dove ...

We recently presented the webcast "Find Your Best Fit, Solving the Cybersecurity Framework Puzzle." Tyler Reguly, who is a senior manager of research and development at Fortra and a former professor at his alma mater, Fanshawe College, served as the host. Tyler offered his wisdom about integrating CIS Controls into a comprehensive cybersecurity plan for your organization.Tyler examines the CIS...

When performing a security assessment, many folks will focus on asset management. This is an important first step, as it often reveals assets in the environment that were previously unknown. The next step in determining how to best secure the organization is to establish a baseline of the current state, and to define what the secure baseline should be. Too often, the existing baseline is far below...

Tripwire's July 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft.First on the list are patches for Microsoft Office and Outlook that resolve remote code execution and spoofing vulnerabilities.Next are patches that affect components of the core Windows operating system. These patches resolve over 65 vulnerabilities, including elevation of privilege,...

Ransomware has evolved significantly since its inception. Initially, these attacks were relatively simple: malware would encrypt a victim's files, and the attacker would demand a ransom for the decryption key. However, as cybersecurity measures improved, so did ransomware gangs' tactics.Modern ransomware attacks often involve sophisticated techniques such as data exfiltration, where attackers...

The transition to PCI DSS 4.0 is here. The transition period from PCI DSS 3.2 ended on March 31, 2024, so businesses in all sectors must focus on aligning their practices with the new requirements.This blog will guide you through the key points discussed by PCI experts Steven Sletten and Jeff Hall in a recent webinar held by Fortra on "PCI 4.0 is Here: Your Guide to Navigating Compliance Success....

SEXi? Seriously? What are you talking about this time?Don't worry, I'm not trying to conjure images in your mind of Rod Stewart in his iconic leopard print trousers. Instead, I want to warn you about a cybercrime group that has gained notoriety for attacking VMware ESXi servers since February 2024.Excuse me for not knowing, but what is VMWare EXSi?EXSi is a hypervisor - allowing businesses who...

Cybersecurity has become an integral part of our daily lives, impacting everyone around the world. However, the question arises: are rules and regulations alone sufficient to make cyberspace secure? Ethics, which are the principles that guide our decisions and help us discern right from wrong, play a crucial role in this context. They aim to create positive impacts and promote the betterment of...