In recent years, the security of the United States' critical infrastructure has become a pressing concern, particularly in the oil and gas sector, due to its pivotal role in the nation's economy and energy supply. Recognizing this, the Transportation Security Administration (TSA) implements several new directives in July each year aimed at enhancing the security and resilience of vital energy...

The way in which we interact with applications has changed dramatically over the years. Enterprises use applications in day-to-day operations to manage their most sensitive data and control access to system resources. Instead of traversing a labyrinth of networks and systems, attackers today see an opening to turn an organization's application against it to bypass network security controls and...

DDoS attacks have become an annoyance most companies assume they may have to deal with at some point. While frustrating, minor website disruptions from small-scale hacktivist campaigns rarely create substantial business impacts. However, a particularly insidious DDoS spinoff has emerged over the past decade – one aimed at blackmail.This evolutionary milestone stems from what's called Ransom DDoS ...

Cybersecurity's role in geopolitics is growing more significant by the day. In a world of increasingly sophisticated cyber threats, governments worldwide are recognizing the impact digital attacks can have on national security, trade, and infrastructure.This has never been more evident than with the recent introduction of the Protecting Investments in Our Ports Act by U.S. Senators John Cornyn (R...

No-one would be bold enough to say that the ransomware problem is receding, but a newly-published report by Microsoft does deliver a slither of encouraging news amongst the gloom. And boy do we need some good news - amid reports that 389 US-based healthcare institutions were hit by ransomware last year - more than one every single day. The 114-page Microsoft Digital Defense Report (MMDR) looks at...

The threat of cyberattacks is at an all-time high. In fact, research shows that worldwide cybercrime costs are anticipated to reach $10.5 trillion annually by 2025. Cybercriminals threaten all, as 43% of cyberattacks target small enterprises. The rise of these threats underscores the importance of a robust cyber defense strategy, and one key way to do that is through layered cybersecurity...

The National Information Assurance (NIA) Policy is a framework for offering organizations a foundation for information security management. It was designed and developed to aid organizations with the necessary steps to ensure information security, from assessing and classifying risk to choosing and implementing controls for mitigation.The NIA policy provides businesses with guidelines to support...

Penetration testing is something that more companies and organizations should be considering as a necessary expense. I say this because, over the years, the cost of data breaches and other forms of malicious intrusions and disruptions are getting costlier. Per IBM Security’s “Cost of a Data Breach Report 2024,” the average cost of a breach has increased 10% year over year, with the healthcare...

Today’s VERT Alert addresses Microsoft’s October 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1127 as soon as coverage is completed. In-The-Wild & Disclosed CVEsCVE-2024-43573A vulnerability in the Windows MSHTML Platform has seen active exploitation attacks against a spoofing vulnerability. Based on the CWE that Microsoft selected...

What Is Container Security?Container security involves protecting containerized environments and the applications they run. As containers package applications and their dependencies, they offer consistency across different environments. However, this also raises security concerns, such as ensuring the integrity of container images, securing the runtime environment, and managing vulnerabilities in...

Tripwire's September 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft.First on the list are patches for Microsoft Excel, Visio, and Publisher that resolve remote code execution, elevation of privilege, and security feature bypass vulnerabilities.Next are patches that affect components of the core Windows operating system. These patches resolve over 35...

Human nature tells us that we’ll go for the low-hanging fruit before climbing a tree. Since threat actors are (after all) human, the same applies to them. Since databases are particularly vulnerable to many lower-level attacks, they are constantly at high risk. From misconfiguration to credential theft, these repositories of sensitive information can be preyed upon by even the most nascent...

We’re over halfway through the year, and ChainAnalysis has released parts one and two of their 2024 Crypto Crime Mid-Year Update. The update provides valuable insight into the cryptocurrency and cybersecurity landscape, so let’s look at the key takeaways and what they mean.There’s Been an Overall Decline in Illicit ActivityContrary to what one might expect, aggregate illicit activity on the...

It cannot be denied that the rise of remote work has opened up many opportunities for both employers and job seekers. Despite this, however, it has also presented a plethora of challenges when it comes to recruiting in the cybersecurity and tech spaces, one of the most notable of which is the proliferation of candidates who either don’t exist entirely or who aren’t who they claim to be.Companies...

At a time when digital connectivity is the lifeblood of all business operations, the specter of network attacks is greater than ever. As entities depend on complex network infrastructures, malefactors exploit vulnerabilities with growing sophistication and frequency.Understanding the diverse nature of these threats—from DoS and DDoS attacks to reconnaissance exploits—is crucial for devising...

A new ransomware operation has started to leak information it claims has been stolen from organisations it has compromised around the world.In recent days Valencia Ransomware has posted on its dark web leak site's so-called "Wall of shame" links to gigabytes of downloadable information that has seemingly been exfiltrated from a Californian municipality, a pharmaceutical firm, and a paper...

Amid the numerous instruments that have augmented our digital communication and commerce experiences over time, email remains a staple for everything, from confirming purchases to life-changing events like the authorization of financial aid.It comes as no surprise that email scams have been a mainstay of cyberattacks since the earliest days of online correspondence. Worse yet, their scope and...

The modern age of renewable energy has seen a surge in solar panels and wind turbines. While these systems enhance sustainability, their digital technologies carry risks. Cybersecurity professionals must know the relevant nuances when integrating renewable systems.How Solar Energy Is Vulnerable to Outside AttacksRecent incidents have demonstrated the importance of cybersecurity for power grids....

To allay dependence on oil revenue and expand the private sector, the United Arab Emirates (UAE) has committed, in recent years, to establishing a knowledge-based economy. Consequently, they have become a formidable competitor in Information Communication Technology (ICT). As the ICT industry has grown, so have government agencies to regulate it, namely the Signals Intelligence Agency, formerly...

Securing virtual identities and entry points has become a critical priority as cyber threats grow more sophisticated. A Single Sign-On (SSO) system offers ease and allows multi-functionality with a single set of identity verification, but they are enticing targets for cyber attackers. Organizations need Zero Trust Architecture to alleviate this risk. Zero Trust Architecture (ZTA) is a protection...