Blog

Blog

CLOP ransomware suspects charged by police in Ukraine

Six people alleged to be part of the notorious CLOP ransomware gang have been detained and charged by Ukrainian police, following nearly two dozen raids across the country. According to a statement released by the Ukraine's cyber police, the hacking group is thought to have inflicted $500 million worth of damage on universities and organisations it...
Blog

What Is a Security Operations Center (SOC)?

Data breaches are costing organizations millions of dollars on average. In its 2020 Cost of a Data Breach Report, IBM found that a data breach cost the average organization $3.86 million. This price tag was even greater for organizations located in the United States and operating in the healthcare industry at $8.64 million and $7.13 million,...
Blog

What’s New in v8 of the CIS Controls

Back in 2018, the State of Security spent a lot of time going over v7 of the Center for Internet Security’s Critical Security Controls (CIS Controls). We noted at the time how the Center for Internet Security shuffled the order of requirements for many of the existing controls in that version. It also cleaned up the language of the CIS Controls,...
Blog

Ransomware is the biggest threat, says GCHQ cybersecurity chief

The head of the UK's National Cyber Security Centre has warned that ransomware has become the biggest threat to British people and businesses. In a speech being given today by Lindy Cameron, chief executive of the NCSC, to the RUSI think tank, she highlights the need for ransomware problem to be taken seriously, and warns of the "cumulative...
Blog

Why a CISO Needs To Speak The Language Of Business

Dr. Eric Cole, former CISO and founder of Secure Anchor Consulting, explains how learning to communicate with business language can create a more compelling case for executive buy-in. https://open.spotify.com/episode/7fFPZyFkP4eB1DoMdPcdOv?si=6f16ad3361f24256 Spotify: https://open.spotify.com/show/5UDKiGLlzxhiGnd6FtvEnm Stitcher: https://www...
Blog

Protecting the New Most Vulnerable Population – The Grandparent Scam

In Part 1 of this series, we introduced the concept that the most vulnerable people on the internet are our senior population. According to the FBI, elder fraud impacts millions of American seniors every year. Figures from the United Kingdom show similar levels of criminal activity targeting seniors. Most of the elder fraud schemes are financially...
Blog

A Look at a Zero Trust Strategy for the Remote Workforce

If you are new to the security world, it is fair to ask yourself, “Isn’t access to data and systems always conditional? Isn’t it always granted to someone who has access to the credentials (ID and password)?” True enough, but in totality, the approach to managing access encompasses a broader spectrum of privacy policies. These policies include a mix...
Blog

5 Tips and Tricks for Cloud Native Security

Cloud-native applications that are based on new types of infrastructure such as containers and serverless platforms are being rapidly adopted by organizations worldwide. While cloud-native applications deliver compelling benefits such as elastic scalability, unmatched resilience and rapid development velocity, they also raise challenges.Cloud-native...
Blog

Open Source: The Positives, the Risks and the Future

In a world that is constantly evaluating costs, it is little wonder that there is an increasing demand for cost-effective solutions to business problems. In the real world, this means 'free,' and in the digital marketplace, it means 'open source.' Open Source aka "Freeware" Since the early days of the internet, open source software (OSS) has been...
Blog

VERT Threat Alert: June 2021 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s June 2021 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-947 on Wednesday, June 9th. In-The-Wild & Disclosed CVEs CVE-2021-31955 This is one of two vulnerabilities fixed in today’s patch drop which were reported by Kaspersky Lab after detecting...
Blog

The Principle of 'Least Privilege' in the World of Cybersecurity

The principle of least privilege in cybersecurity prescribes that no user should have access to system resources beyond what's necessary for fulfilling a specific task. Adhering to this principle has become essential, as one of the primary ways malicious actors breach a system is by compromising (legitimate) user access. The 2020 Global State of...
Blog

Protecting a New Vulnerable Population on the Internet

On a Mission of Protecting Abraham Lincoln is credited with saying that “A lawyer’s time and advice are his stock and trade.” Whether the quote is mis-attributed to Lincoln is irrelevant to the greater message, which is that attorneys are “knowledge workers.” To state it as bluntly as one attorney once explained to an executive where I worked, “My...
Blog

#TripwireBookClub – The Crypto Dictionary

Welcome back to #TripwireBookClub. If you recall, the last book we reviewed was The Ghidra Book: The Definitive Guide, a book that I thoroughly enjoyed because I’m a huge fan of everything Chris Eagle writes. This time, we’re looking at Crypto Dictionary: 500 Tasty Tidbits for the Curious Cryptographer. I am by no means a cryptography expert, so I...
Blog

Overcoming Compliance Issues in Cloud Computing

The benefits of organizations moving some or all their IT workloads to the cloud are well-known and numerous. There are several challenges to successful cloud adoption, though, and one of the most important of them is compliance. Whether your cloud use case is low-cost data storage, scaling your infrastructure for critical business apps or disaster...