In an increasingly digitized world, the threat of cybercrime looms larger than ever. The FBI's relentless pursuit of cybercriminals remains a critical defense against this growing menace. We’re well into 2023, and the FBI's Most Wanted Cybercriminals list takes center stage, highlighting the individuals who pose significant threats to our digital...

When building a tower, it helps to start with a sturdy foundation. Cyber maturity is the tower, and there are three levels that build it: Foundational IT/OT & Security Control Processes Fundamental Security Control Capabilities Advanced Security Control Capabilities Fortra occupies a unique space in the industry because of the sheer size of...

Do you remember where you were on 25th May 2018? Perhaps you were enjoying a Friday night drink with friends. Perhaps you were with family, relaxing after a busy week at work. I was actually having a GDPR Birthday party with friends and colleagues because 25th May 2018 was a landmark day for the world of Data Protection (yes, seriously, we had a...

Non-compliance in cybersecurity marks a grave oversight. It involves neglecting established security protocols, leaving organizations vulnerable to malicious actors. Read on as we examine the potential risks of non-compliance, including heightened susceptibility to cyberattacks, the specter of data breaches, and the erosion of a company's hard...

The social media landscape has undergone dramatic change in recent years. Elon Musk bought Twitter and changed its name to "X." Mark Zuckerberg bought Instagram and WhatsApp before launching Threads to capitalize on Twitter's recent PR disasters. TikTok came out of nowhere to become the platform of choice for Gen Z. One thing, however, has stayed...

How to Build an Effective ICS Security Program Of all the different areas of cybersecurity, not many are as important, or have as far-reaching consequences as industrial control systems (ICS) security. While most relevant organizations would agree that ICS security is a significant concern for their operations, it is easier said than done. Many...

What's happened? CISA, the United States's Cybersecurity and Infrastructure Security Agency, has ordered federal agencies to patch their iPhones against vulnerabilities that can be used as part of a zero-click attack to install spyware from the notorious NSO Group. A "zero-click attack"? That's an attack that doesn't require any interaction from...

Fileless malware, true to its name, is malicious code that uses existing legitimate programs in a system for compromise. It operates directly in the Random Access Memory (RAM) without requiring any executable files in the hard drive. Differing from conventional malware, fileless attacks are stealthier in nature, falling under the category of low...

The term Internet of Things (IoT) describes a network of technologies and services where various devices are interconnected and exchange data. These devices can be anything from wearable fitness trackers, smart televisions, and wireless infusion pumps to cars and many others. These internet-connected devices gather, process, and transmit a vast...

Cyber threats are growing more sophisticated, covert, and frequent every day. This year alone has seen the likes of T-Mobile and PharMerica suffering serious security breaches. These incidents disrupted operations and threatened their bottom lines, not to mention the lingering aftereffects and negative brand perception in the eyes of their customers...

Today’s VERT Alert addresses Microsoft’s September 2023 Security Updates, which includes a recently introduced release notes format. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1073 on Wednesday, September 13th. In-The-Wild & Disclosed CVEs CVE-2023-36761 Microsoft has indicated that a vulnerability...

As the realm of technology continues to evolve, the significance of cloud computing has grown exponentially. This paradigm shift offers unparalleled scalability, efficiency, and cost-effectiveness benefits. However, with these advantages come a host of security challenges that need careful consideration. This article delves into the vital realm of...

Before the revolution of Information Technology (IT), the world experienced the revolution of Operational Technology (OT). Operational Technology is the combination of hardware and software that controls and operates the physical mechanisms of industry. OT systems play an important role in the water, manufacturing, power, and distribution systems...

It's easy to rest on our laurels. Prevent a few breaches – or go long enough without one – and you start to feel invincible. While our efforts are certainly laudable, we can't get too comfortable. As defenders, we always need to be on the hunt for what we've missed and ways to do better. Here are ten common cybersecurity mistakes that crop up (and...

Tripwire's August 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the patch priority list this month are patches for Microsoft Office, Excel, Visio, Teams, and Outlook. The patches resolve 10 issues including remote code execution, information disclosure, security feature bypass, and spoofing...

A Texas court has heard how last month a gang of men used a Raspberry Pi device to steal thousands of dollars from ATMs. According to local media reports, three men were arrested in Lubbock, Texas, after attempting to steal "large sums of US currency" from ATMs. The men - 38-year-old Abel Valdes, 41-year-old Yordanesz Sanchez, and 33-year-old...

The basic parameters that control how hardware, software, and even entire networks operate are configurations, whether they take the form of a single configuration file or a collection of connected configurations. For instance, the default properties a firewall uses to control traffic to and from a company's network, such as block lists, port...

One thing is becoming evident as ransomware attacks increase in frequency and impact: businesses can take additional precautions. Unfortunately, many companies are failing to do so. Most victims are sufficiently warned about potential weaknesses yet unprepared to recover when hit. Robust ransomware prevention is more important than ever. This...

2023 Cost of a Data Breach: Key Takeaways It’s that time of year - IBM has released its “Cost of a Data Breach Report.” This year’s report is jam-packed with some new research and findings that highlight how organizations are implementing security and risk mitigation techniques to help identify and contain data breaches. Key Takeaways The...

In a digital-first world, safeguarding sensitive data and ensuring compliance with industry regulations are paramount. Enter "Continuous Compliance" – a dynamic approach reshaping the cybersecurity paradigm. As a key part of an effective compliance strategy, continuous compliance is pivotal in fortifying security measures. This modern strategy...