Blog

Blog

Tripwire Patch Priority Index for June 2023

Tripwire's June 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft and Progress MOVEit. First on the patch priority list this month are patches for the Progress MOVEit Transfer application. An exploit targeting the MOVEit vulnerability CVE-2023-34362 has been recently added to the Metasploit Exploit Framework. ...
Blog

The Top 10 Highest Paying Jobs in Cybersecurity – Part 1

If you’re looking for job security, look no further: The cybersecurity sector can keep you gainfully employed for a very, very long time. There are an ever-growing number of ways in which someone with cybersecurity prowess can contribute, and as digital assets continue to develop and diversify, it’s safe to say they’ll always be kept on their toes. ...
Blog

5 Cyber Survival Tips for Businesses

The past few years have been among the most challenging for most businesses. Lockdowns, staff reductions, and reduced revenues resulted in the demise of many businesses. For those who remained, the new onuses brought about by supply chain concerns and inflation present even greater reasons for maximum resilience in order to survive. With all the...
Blog

What is the FFIEC Cybersecurity Assessment Tool?

The FFIEC Cybersecurity Assessment Tool (CAT) is a diagnostic test designed to help institutions identify risks and gauge cybersecurity preparedness. The tool is primarily for financial and non-depository institutions, enabling organizations to make risk-driven security decisions informed by regular cybersecurity assessments and standardized risk...
Blog

Infosecurity Europe 2023 – that’s a wrap!

This piece was originally published on Fortra’s blog. Infosecurity Europe has closed its doors for another year. The aftermath of these events can be a strange time; still reeling from the chaos of the show floor and nursing feet unaccustomed to such intense use, it’s often difficult to make sense of everything we’ve learned. But, as the old adage goes, “when in doubt, write it out.” So, I...
Blog

Is the CMMC 2.0 Rollout on the Horizon?

The Department of Defense (DoD) introduced the Cybersecurity Maturity Model Certification (CMMC) in 2019. This framework outlined a series of security standards contractors must meet to win DoD contracts, so it’s a big concern for many companies. However, four years later, the Cybersecurity Maturity Model Certification rollout has yet to take effect...
Blog

API Security: Navigating the Threat Landscape

An Application Programming Interface (API) is an essential and ubiquitous software that allows the exchange of information between day-to-day applications and processes, such as Software as a Service (SaaS) applications, Internet of Things (IoT) devices, universal profile login pages, and autonomous vehicles. APIs synchronize and maintain the data...
Blog

What (Still) Needs to be Done to Secure the U.S. Power Grid in 2023?

It’s no secret that the U.S. power grid is one of the main foundations of the nation’s economy, infrastructure, and daily way of life. Now that almost everything is digitized, it is hinging on it even more. We wouldn’t be able to use even most vending machines (not to mention cell towers or the internet) without a working electrical supply, and the...
Blog

What is the Gramm-Leach-Bliley Act (GLBA)?

The Gramm-Leach Bliley Act (GLBA or GLB Act), or financial modernization act, is a bi-partisan federal regulation passed in 1999 to modernize the financial industry. It repealed vast swathes of the Glass-Steagall Act of 1933 and the Bank Holding Act of 1956, allowing commercial banks to offer financial services such as investments or insurance. It...
Blog

A Sarbanes-Oxley Act (SOX) IT Compliance Primer

At the turn of the most recent century, the financial world was in a moment of unregulated growth, which lead to some serious corporate misdeeds in the United States. This presented the opportunity for two senators to enact a new law to ensure accurate and reliable financial reporting for public companies in the US. The result was the Sarbanes-Oxley...
Blog

A Guide to 5 Common Twitter Scams in 2023

Elon Musk's ascension isn't the first thing to cause waves of scams on Twitter, and it certainly won't be the last. On July 20th of 2022, data belonging to over 5 million Twitter users was put up for sale on the internet underground for $30,000. The FTC reported that we've experienced a recent "gold mine for scammers" and the April bump to a 10,000...
Blog

BlackLotus bootkit patch may bring "false sense of security", warns NSA

The NSA has published a guide about how to mitigate against attacks involving the BlackLotus bootkit malware, amid fears that system administrators may not be adequately protected against the threat. The BlackLotus UEFI bootkit made a name for itself in October 2022, when it was seen being sold on cybercrime underground forums for $5,000. The news...
Blog

What Is SCM (Security Configuration Management)?

Attackers always seek the easiest path to get into our systems and compromise data. System misconfigurations and insecure default settings are often the criminals' favorite vectors since these errors allow them easy access to critical systems and data. The rise of misconfiguration errors was primarily driven by cloud data storage implementations...
Blog

Insider Risk Hits Closer to Home

If you’re busy securing the perimeter, mandating strong authentication practices, and restricting software downloads, you may be missing the mark. (Just to be clear: if you are doing those things, keep it up. You’re off to a good start, and none of what follows here replaces classic and vital cybersecurity measures.) Protecting your organization...
Blog

The Real Value-Add of Red Teaming

They say character isn’t gained in a crisis; it’s displayed in one. By the time the disaster hits, the time for preparation has passed. But what if you could go through that earth-shattering event beforehand so when the time came, you’d be ready? Well, in security, you can. And it's not called cheating – it's called Red Teaming. It’s done...
Blog

2023 Zero Trust Security Report Highlights

Zero trust is a hot topic in cybersecurity, and for a good reason. There is no one-size-fits-all solution to securing your data and networks; rather, zero trust offers a more holistic perspective comprised of many different safety measures and practices and a shift in perspective on security. As threat actors step up their efforts and business...
Blog

SBOM Security: Fundamentals and Best Practices

What Is an SBOM (Software Bill of Materials)? A software bill of materials (SBOM) is a comprehensive, structured inventory of all components, libraries, and dependencies used within a software product or application. It typically includes information about the names, versions, and licensing details of each component. SBOM plays a critical role in...
Blog

How to Protect Against the Four Largest Cybersecurity Threats to Your Supply Chain

Digital technology is becoming an increasingly essential part of nearly every industry, and supply chains are no exception. In recent years, supply chains have become more dependent on digital solutions, from manufacturing, packing, and shipping processes, to storing records in the cloud. While digital technology increases speed, efficiency, and...