Blog

Blog

Security Configuration Management Use Cases: Policy Monitoring for Security

In the business world, compliance means making sure that companies of all sizes are meeting the standards set by regulatory or oversight groups in various laws and standards, such as HIPAA, PCI DSS, SOX, and GDPR. Sometimes, an organization will self-impose its compliance by adhering to guidance and frameworks from organizations such as NIST, ISACA,...
Blog

FIM & SCM: How they work together

IT environments in businesses are often volatile. The value of hardware might depreciate over time. There is constant evolution in the world of software. Existing configurations go through a variety of transitions. While some of these updates are permitted since they are part of the organization's regular patching cycle, others raise red flags...
Blog

80% of SMBs Are Vulnerable — Here’s How to Stay Safe

It would be nice to imagine that when cyber criminals look for their next target, they ignore the small- and medium-sized businesses (SMBs) that simply can’t afford an attack. Unfortunately, that’s not the case. In fact, 43% of cyber attacks are directed at SMBs. Today, a massive 80% of North American SMBs are at risk of a cyber attack. This is...
Blog

Staying protected from cybercriminals this holiday season

As we approach the holiday season, we wanted to focus this month’s post on you (and your family). Bad guys don’t just wait until the holidays to start causing havoc, they also relentlessly target all of us all throughout the year. Judging by our perseverance, nothing is going to keep us from a good holiday deal, and attackers love to use this season...
Blog

Tripwire Patch Priority Index for September 2022

Tripwire's September 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the patch priority list this month are patches for Chromium and Microsoft Edge based on Chromium. These patches resolve over 20 issues such as user-after-free, insufficient policy enforcement, out-of-bounds write, and heap buffer...
Blog

Insider Threats and Indicators to Watch Out For

Many enterprises perceive cyber-attacks as malicious actions predominantly executed by external actors. Enterprises devote time and budgets investing in methods to bolster their security perimeters against external threat actors. However, it is equally important for these organizations to remember that many cyber-attacks, which cost millions in...
Blog

Tech-Forward Countermeasures in the Fight Against Identity Theft

Technology has expanded the avenues bad actors use to steal identities and sensitive data. However, digital tools are also giving users innovative countermeasures to protect themselves. Here are seven tactics anyone can use to help prevent identity theft. 1. Leverage Multifactor Authentication Strong passwords have always been an identity...
Blog

An Eye for an API

If the eyes are the window to the soul, then the Application Programming Interface (API) is the window to the software. After all, an API is a way for products to communicate with each other through a documented interface, just as the eye is a human interface, communicating with the outside world (but it’s not as well-documented as to meanings)....
Blog

Information security compliance: why it’s more important than ever

Being in a more connected environment benefits all of us, from those using social media to stay in touch with far-away relatives, to businesses enjoying the rewards of remote working. But, while connectivity is great and offers many positives, it also creates vulnerabilities. Companies that handle sensitive data may find themselves the target and...
Blog

Healthcare sector warned of Venus ransomware attacks

Healthcare organisations in the United States are being warned to be on their guard once again, this time against a family of ransomware known as Venus. An advisory from the United States Department of Health and Human Services (HHS) has warned that the cybercriminals behind the Venus ransomware have targeted at least one healthcare entity in the...
Blog

Building a Cybersecurity Training Program: What you need to know

Every security framework recommends that an organization has a cybersecurity training program for all employees, but few give much guidance about what the program should contain. What do you train them on? What actually works? Other than checking a box on the compliance forms, are these programs useful? Why Have a Cybersecurity Training Program?...
Blog

Fangxiao: A Phishing Threat Actor

Do you know what “fangxiao” means in simplified Chinese? Before you Google it, let me tell you that it stands for “imitate” and this is exactly what Fangxiao phishing campaign actors try to do – imitate and exploit the reputation of international, trusted brands by promising financial or physical incentives to trick victims into further spreading...
Blog

Curbing Rampant CEO Fraud in 2022

If it seems like you’re constantly hearing about cybercrime these days, there’s a reason for that. Globally, reports of cyberattack instances increased by a staggering 125% in 2021, a trend that shows no sign of slowing. As businesses and consumers turn their attention to cybercrime and protective measures, enterprising cybercriminals continue to...
Blog

Integrity Monitoring Use Cases: Policy Monitoring for Compliance

In response to increasing societal concerns about the way businesses store, process, and protect the sensitive data they collect from their customers, governments and standardization organizations have enacted a patchwork of regulations and laws. Some of these are generic regulations (CCPA, GDPR), while others are industry specific (SOX, NERC, HIPAA...
Blog

Laptop flaws could help malware survive a hard disk wipe

PC manufacturer Lenovo has been forced to push out a security update to more than two dozen of its laptop models, following the discovery of high severity vulnerabilities that could be exploited by malicious hackers. Security researchers at ESET discovered flaws in 25 of its laptop models - including IdeaPads, Slims, and ThinkBooks - that could be...
Blog

Artificial Intelligence, a new chapter for Cybersecurity?

Artificial Intelligence (AI) is a trending topic for many industries now. A variety of organizations currently employ AI mechanisms to support their operational functions. Automated tasks, natural language processing, deep learning, and problem-solving; such AI characteristics have made business tasks much easier. The factor of security in AI is...
Blog

The Cross-Sector Cybersecurity Performance Goals (CPGs): What you need to know

The Cross-Sector Cybersecurity Performance Goals (CPGs) are a new baseline released jointly by CISA, NIST, and the interagency community, with a goal of providing consistency across all critical infrastructure. The primary webpage for these goals gives us a great understanding of what they are (and are not). It is worth delving into those specifics...
Blog

WEF Report Details Best Practices for Zero Trust Deployment

Cybersecurity, like broader technological disciplines, is an ever-changing landscape that industry professionals must adapt to. The zero-trust model of cybersecurity has grown recently as organizations update their security practices to keep pace with, and stay ahead of evolving threats. Zero Trust Network Access (ZTNA) increased by 230% from 2019...
Blog

VERT Threat Alert: November 2022 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s November 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1029 on Wednesday, November 9th. In-The-Wild & Disclosed CVEs CVE-2022-41091 This vulnerability allows a malicious individual to bypass Mark of the Web. Mark of the Web is what is used to...