The Cybersecurity & Infrastructure Security Agency (CISA) and the National Security Agency (NSA) laid out a series of recommendations for critical infrastructure owners and operators to protect their operational technology (OT) assets. In an alert published on July 23, CISA published an alert in which it recognized malicious actors' growing...

Google Chrome may currently enjoy the numero uno position in the world of browsers, but it is starting to feel the pressure. The competition is heating up with its rivals like Microsoft Edge offering upgraded security features to lock in more users. The coronavirus pandemic has brought extensive changes to the way people operate, which in turn, has...

More information has emerged related to last week's attack which saw a number of high profile Twitter accounts hijacked for the purposes of spreading a cryptocurrency scam. Twitter has already said that 130 Twitter accounts were targeted by hackers, using tools that should only have been available to the site's internal support team. Those tools...

Security researchers discovered a multi-platform malware framework called "MATA" that had succeeded in targeting victims worldwide. On Securelist, Kaspersky Lab revealed that it had shared its discovery of MATA with its Threat Intelligence Portal customers. The Russian security firm explained in its analysis that the first artifacts pertaining to...

It goes without saying that innovations and trends in technology have a direct impact on digital security. Just look at what happened with COVID-19. As organizations switched their workforces to remote connectivity, many security teams shifted their attention to deploying enterprise-wide VPNs and partnering with employees to harden their home...

The COVID-19 pandemic has created a huge list of challenges for businesses. One that is potentially going unnoticed or under-reported is cybersecurity. Specifically, as lockdown ends and as individuals return to offices and places of work, it may be the case that something malicious is already waiting for them on their devices. Here we take a look...

The General Data Protection Regulation (GDPR) has been in effect for two years in the European Union (EU). As Americans continue to become attentive to GDPR and their own data privacy, it’s not surprising that some data protection guidelines are emerging in the United States. Indeed, it's safe to assume that California Consumer Privacy Act (CCPA)...

“Cybersecurity is the leading corporate governance challenge today, yet 87% of C-suite professionals and board members lack confidence in their company’s cybersecurity capabilities. Many CISOs and CSOs focus on implementing standards and frameworks, but what good is compliance if it does not improve your overall cybersecurity resilience?” – The CMMI...

Security researchers detected a clever new phishing campaign that abused three enterprise cloud services in an attempt to steal victims' credentials. On July 18, Bleeping Computer revealed that the phishing campaign's attack emails claimed to originated from the domain "servicedesk.com." The computer self-help site took a closer look. In the process...

A Security Analyst, A Lead Developer, And A Cloud IT Admin Walk Into A Bar... Stop me if you’ve heard this one before. When we talk to users about the ways that they handle roles and responsibilities associated with keeping their Cloud accounts secure, we get a multitude of answers. There’s often a wide range of people and teams from various parts...

The demand for cloud computing has skyrocketed in recent years. Lower costs, a faster time to market, increased employee productivity, scalability, and flexibility are some of the beneficial factors motivating organizations to move to the cloud. It’s not likely that organizations will slow down with their migration plans, either. According to market...

U.S. law enforcement arrested and charged a man with fraudulently obtaining loans via the Paycheck Protection Program (PPP). On July 16, Acting Assistant Attorney General Brian C. Rabbitt of the Justice Department’s Criminal Division and U.S. Attorney Nicola T. Hanna of the Central District of...

Security researchers discovered a new Android banking malware family called "BlackRock" that targets 337 mobile applications. ThreatFabric found that BlackRock hid its icon when it first launched itself on a mobile device. It then posed as a Google update in an attempt to gain access to a user's Accessibility Service. Once it received access to...

What the heck has happened on Twitter? Twitter accounts, owned by politicians, celebrities, and large organisations suddenly started tweeting messages to their many millions of followers, at the behest of hackers. What did the messages say? Here is a typical one which appeared on the account of rapper, songwriter, and optimistic Presidential...

Being a cybersecurity company in these turbulent times puts us at Tripwire, to some degree, on the front-line. Working with the largest organisations in government, finance and critical national infrastructure, we see good and bad every day. In a confusing hybrid war where APT groups launch attacks that could potentially turn out the lights, it is...

Research into recent ransomware submissions revealed that more than a tenth of crypto-malware infections now involve some element of data theft. In the second quarter of 2020, ID Ransomware received 100,001 submissions of crypto-malware pertaining to attacks that had targeted organizations and government entities. Of those attacks, 11,642 involved...

For healthcare organizations that handle a lot of patient data, including very sensitive information, cloud computing is a revolution to data storage. Cloud computing in healthcare lowers data storage costs (compared to the old paper-storage era), enables easy retrieval of patient data and also improves the privacy of patient information. This has...

Today’s VERT Alert addresses Microsoft’s July 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-895 on Wednesday, July 15th. In-The-Wild & Disclosed CVEs CVE-2020-1463 A vulnerability in the SharedStream Library could allow a locally authenticated attacker to run a malicious...

A man received prison time for helping to conduct an identity theft and fraud scheme that targeted thousands of veterans and U.S. service members. On July 9, the Office of Public Affairs at the U.S. Department of Justice announced that Chief U.S. District Judge Orlando Garcia had sentenced 32-year...

Containers are on the rise. As reported by GlobalNewswire, Allied Market Research estimated that the application market would grow from its 2016 value of $698 million to $8.20 by 2025. With a compound annual growth rate of 31.8% between 2018 and 2025, this increase would largely reflect both the surge in popularity in application container...