Blog

Blog

Malware on IBM Power Systems: What You Need to Know

Malware – what are the threats? Malware can come from and in a variety of attack vectors. Besides using ‘traditional’ methods of spreading malware, adversaries can leverage more sophisticated methods to turn your Power System into a ‘malware host’. The key target is your data. Data is valuable, and organisations have paid at least $602 million to...
Blog

Is any organisation risk and data breach free?

I walked into a business the other day. After a long conversation about the client’s need for cybersecurity and the implementation of the ISO27001 security standard, we talked about their risk appetite. "We don't accept any risk. We're risk-averse" said the CEO. But, is this achievable? Given the complexity of our modern world, with diversity in...
Blog

The State of Data Security in 2022: The CISOs Perspective

In the two years proceeding from the beginning of the COVID-19 pandemic, the business world has been transformed on a grand scale. Organizations have created more data than ever before, data is now spread across a wider attack surface, putting it at a heightened risk of becoming a compromised risk. The manner and location of data storage and...
Blog

How DevOps and CIS Security Controls Fit Together

The Center for Internet Security’s Critical Security Controls has become an industry standard set of controls for securing the enterprise. Now on version 8, the original 20 controls are down to 18 with several sub controls added. The first six basic controls can prevent 85 percent of the most common cyber attacks, and even though the controls have...
Blog

Black Hat USA 2022: What you need to know

Following a successful hybrid event in 2021 that saw more than 6,000 in-person, and more than 14,500 virtual attendees, Black Hat USA returns in 2022 to the Mandalay Bay Convention Centre in Las Vegas, Nevada. Now in its 25th year, this year’s event has three key components, each equally unmissable, namely these are Trainings, Briefings, and The...
Blog

Tripwire Patch Priority Index for June 2022

Tripwire's June 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the patch priority list this month is a patch for a remote code execution vulnerability in Edge. Next are patches for Office and Excel that resolve 3 information disclosure vulnerabilities and 1 remote code execution vulnerability Up...
Blog

Cybersecurity Policy – time to think outside the box?

When we get into cybersecurity, one of the first things any organisation or company should do is write a cybersecurity policy, one that is owned by all. Easy words to put down on paper, but what do they mean? So, what is a cybersecurity policy? Well, it is defined in the Gartner IT Glossary as, “an organization’s statement of intent, principles and approaches to ensure effective management of...
Blog

More malware-infested apps found in the Google Play store

Three million Android users may have lost money and had their devices infected by spyware, after the discovery that the official Google Play store has been distributing apps infected by a new family of malware. French security researcher Maxime Ingrao described last week on Twitter how he had discovered the new malware, named "Autolycos", and how...
Blog

HIPAA Compliance & The Security Rule

Within the HIPAA Security Rule are Administrative, Physical, and Technical Safeguards. These safeguards are as important to understand as they are to implement, so let’s get some clarifications for the non-initiated. Many healthcare entities and their business associates are routinely challenged with understanding and successfully implementing the...
Blog

Are your visuals making businesses more vulnerable to cybercrime?

In the world of modern business, companies must put extra effort into creating engaging visual content to stand out from the crowd. Social media marketing, for instance, was once deemed an easy way for companies to reach additional eyes but today, marketing is a lot more competitive than simply creating a post and hoping it goes viral. Entertaining...
Blog

The State of Security: Malware in 2022

Among the many challenges businesses contend with in the global marketplace today, the 11th Allianz Risk Barometer 2022 ranks cybersecurity threats as the most important business risk. This proves beyond any doubt that enterprises are experiencing increasing threats and full-on attacks to their information technology systems. To safeguard their...
Blog

What Is GitOps and How Will it Impact Digital Forensics?

GitOps is arguably the hottest trend in software development today. It is a new work model that is widely adopted due to its simplicity and the strong benefits it provides for development pipelines in terms of resilience, predictability, and auditability. Another important aspect of GitOps is that it makes security easier, especially in complex...
Blog

Defense in Depth to minimize the impact of ransomware attacks

Ransomware attacks continue to plague organizations globally regardless of their size. In a press release by the NCC group that preceded the Annual Threat Monitor Report 2021 published for the year 2021, there were an estimated 2,690 ransomware attacks, a 92.7% increase from 2020s figures of 1,389. The increase of ransomware attacks builds upon the...
Blog

The Great Cybersecurity Resignation

In 2022, the buzz phrase of the year has to be “The Great Resignation”. What is it? It’s a term coined to describe the current rise in people leaving their employer to find work elsewhere. But people have always moved on, right? Of course they have. Staff retention rates have always been a target for most HR functions. But something is different in...
Blog

VERT Threat Alert: July 2022 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s July 2022 Security Updates. VERT is actively working on coverage for these Patch Tuesday vulnerabilities and expects to ship ASPL-1011 on Wednesday, July 13th. In-The-Wild & Disclosed CVEs CVE-2022-22047 Microsoft is reporting this month that a single vulnerability in the Windows Client/Server Runtime...
Blog

File Integrity Monitoring (FIM): Your Friendly Network Detective Control

Lateral movement is one of the most consequential types of network activity for which organizations need to be on the lookout. After accessing a network, the attacker maintains ongoing access by essentially stirring through the compromised environment and obtaining increased privileges (known as “escalation of privileges”) using various tools and...
Blog

Defending Aircraft Networks Against Cybersecurity Breaches

The aviation industry is both vast and complex. More than 45,000 flights and 2.9 million passengers travel through U.S. airspace every day, requiring high-tech tools and extensive communications networks. All of that data and complexity makes the sector a prime target for cybercriminals. Worryingly, only 49% of non-governmental organizations have...
Blog

Using DevSecOps for Efficient IT Security

DevSecOps is the key to achieving effective IT security in software development. By taking a proactive approach to security and building it into the process from the start, DevSecOps ensures improved application security. It also allows organizations to rapidly develop application security with fewer bottlenecks and setbacks. Some critical aspects...