Blog

Blog

The Role of the SEC in Enforcing InfoSec Legislation

What is the SEC? Founded 85 years ago at the height of the Great Depression, the Securities and Exchange Commission (SEC) has a clear mission: to protect investors, maintain fair, orderly, and efficient markets, and facilitate capital formation. Put simply, the SEC aims to protect US investors by maintaining a fair market. The SEC doesn’t work...
Blog

Malware menaces Minecraft mods

If you, or your kids, are fans of Minecraft - you might be wise not to download any new mods of plugins for a while. Computer security researchers say that they have uncovered that cybercriminals have succeeded in embedding malware named "Fracturizer" within packages and plugins used to modify the behaviour and appearance of the phenomenally...
Blog

Offbeat Social Engineering Tricks in a Scammer’s Handbook

Contrary to stereotype, today’s cyberattacks aren’t limited to complex tactics such as the use of zero-day exploits or polymorphic malware that flies under the radar of traditional defenses. Instead of going the extra mile to set such schemes in motion, most threat actors take a shortcut and piggyback the human factor. A combination of a would-be...
Blog

Tripwire Patch Priority Index for May 2023

Tripwire's May 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the patch priority list this month are patches for Microsoft Edge. These patches resolve elevation and security feature bypass vulnerabilities. Up next are 3 patches for Microsoft Office, Word, Excel, and Access that resolve remote code...
Blog

PCI DSS 4.0 Requirements – Protect Stored Account Data and Protect Cardholder Data During Transmission

If someone asked you “are you protecting your data,” your initial response would probably be to clarify what they are referring to specifically, since the question is so broadly stated. You could just reply with a terse “Yes,” but that is as open-ended and nebulous as the question. The general idea of data protection encompasses so many areas, from...
Blog

What APIs Do and Don’t Do

It’s hard to be in the realm of technology and not hear about APIs these days. Whether it’s the launch of the ChatGPT API or news of a significant data breach at Twitter, APIs are having their time in the spotlight. Yet, despite their ubiquity, many still have questions about APIs' capabilities (and limitations). What are APIs for? What do they do?...
Blog

Has Ransomware Turmoil Started Slowing Down for Good?

On the surface, ransomware – malicious software designed to block access to a computer system until a sum of money is paid – appears to be off to yet another ruthless start in 2023 as one of the leading types of malware. Recent victims of public attacks in North America include industries such as health care, communication, education, and even...
Blog

How to Avoid Cybercrime While Traveling Internationally

Traveling abroad, whether for business or leisure, brings plenty of tangible benefits to individuals and organizations. Coupled with the convenience of innovative technology at our fingertips, business professionals can achieve a lot if they spend much of their time on foreign shores. However, despite this digital evolution, traveling abroad can...
Blog

The Future of Driverless Cars: Technology, Security and AI

Back in 2015, we published an article about the apparent perils of driverless cars. At that time, the newness and novelty of sitting back and allowing a car to drive you to your destination created a source of criminal fascination for some, and a nightmare for others. It has been eight years since the original article was published, so perhaps it is...
Blog

The Issue of Insider Threats: What you Need to Know

Not all Risks Become Threats Insider threats are an updated version of the wolf in sheep's clothing - the people we rely on to safeguard systems and data can sometimes be the ones who pose the greatest risk. From malicious actors to negligent employees, insider threats come in many forms and can have devastating consequences for organizations of...
Blog

Cybersecurity Standards in the Banking Industry

Cybersecurity has risen to become a major concern for nearly every industry. With the constant stream of news about the escalating numbers of breaches, it is understandable that governments have taken a more active role by passing cybersecurity and privacy legislation. Some of the industries are not top of mind to many people. For example, few...
Blog

How Large is Your Target? Advice for the Smallest Businesses

Most cybersecurity professionals will often try to cybersplain the importance of protection to their friends. In most social circles, many of the businesses that people work in are small businesses. Perhaps you are the owner of a small delicatessen, a dry cleaner, or you run a yoga studio, or some similar individually owned operation. Many of these...
Blog

PCI DSS 4.0: How to Delight the Auditors

While we all know the actual point of PCI is vastly more far-reaching, we can’t deny that the juggernaut of PCI DSS 4.0 compliance is getting past the auditors. However, there is a right way to do it that doesn’t just check the box – it creates the underlying business operations that enable you to pass an audit any day, at any time, with just the...
Blog

A Brief Introduction to the World of IP Addresses

How many internet-connected devices do you own? If you took a quick inventory around your house, you may be surprised at exactly how many there are. Have you ever wondered how they all communicate, not only with each other, but with the internet as well? This is, in part the result of technology known as IP addressing. What is an IP address? An IP...
Blog

The Royal & BlackCat Ransomware: What you Need to Know

The US healthcare sector continues to be aggressively targeted by ransomware operators. Royal and BlackCat are two of the more recent – and highly sophisticated – ransomware threats. These two new flavors of ransomware pose serious potential impacts on the healthcare sector, but there are appropriate mitigation and defense strategies that...
Blog

Rogue IT security worker failed to cover his tracks

Bad enough for your company to be held to ransom after a cyber attack. Worse still to then have one of your own employees exploit the attack in an attempt to steal the ransom for themselves. That's the situation gene and cell therapy firm Oxford BioMedica found itself in. On 27 February 2018, the Oxford-based firm discovered that it had suffered...
Blog

Cybersecurity Asset Inventory in Your Home

Back in 2015, we published an article about the third party risks that are introduced into a home network. Now, eight years later, it is a good time to revisit the landscape of the home network. If we think about the technology in most homes in 2015, it was fairly sparse, consisting only of a router with an internet connection. The speed of most...