Tripwire's February 2021 Patch Priority Index (PPI) brings together important vulnerabilities from Apache, VMware and Microsoft. First on the patch priority list this month is a patch for Apache Tomcat. The Apache Tomcat "Ghostcat" vulnerability, identified as CVE-2020-1938, has been recently added to the Metasploit Exploit Framework. Next on the...

Have you ever noticed how closely your role as the CISO of your organisation resembles that of the Wizard from “The Wizard of Oz?” As the Wizard, you are expected to be all-knowing, all-seeing and all-powerful. Your role is to keep everyone safe from the evils of the world while frantically pulling levers, pressing buttons and turning dials behind...

I subscribe to a newsletter from Gary Burnison, CEO of Korn Ferry. His messages address a wide variety of career and personal issues in a thoughtful and educational manner. A recent Special Edition message was titled Exceeding Potential. It specifically addressed how opportunities present themselves and how to view and leverage them. He closed his...

Misconfigurations remain one of the most common risks in the technology world. Simply telling organisations to “fix” this problem, however, is not as easy as it might first seem because there’s a myriad of technologies at play in modern infrastructure deployments. All of this results in a complicated mix of hardening approaches for each system. ...

Last year, Verizon's data breaches report showed that “human error” was the only factor with year-over-year increases in reported incidents. The average cost of data breaches from human error stands at $3.33 million, according to IBM’s Cost of a Data Breach Report 2020. Even big companies and government entities have fallen victim to data breaches...

The healthcare sector is undergoing digitalization and adopts new technologies to improve patient care, offer new services for remote patients and reach operational excellence. The integration of new technologies in the complex healthcare IT infrastructure creates new challenges regarding data protection and cybersecurity. On the one hand, the...

If you are embracing DevOps, cloud and containers, you may be at risk if you’re not keeping your security methodologies up to date with these new technologies. New security techniques are required in order to keep up with current technology trends, and the Center for Internet Security (CIS) provides free cybersecurity best practices for many newer...

Digital attackers are increasingly targeting energy organizations including those that support national electric grids. As reported by Morning Consult, security researchers found that utilities worldwide had suffered a recorded 1,780 distributed denial-of-service (DDoS) attacks between June 15 and August 21, 2020. That’s a 595% year-over-year...

Through the lens of the Florida water supply hack, Dale Peterson teaches how events like these remind us to take the necessary steps to maintain our cybersecurity. Founder and chair of S4 Events, Dale has been helping security professionals effectively and efficiently manage risk to their critical assets for over 15 years. https://open.spotify.com...

It’s an unfortunate fact that cybersecurity is rarely the foremost of concerns among small- to medium-sized businesses. However, investing in cybersecurity is becoming even more important as these organizations undergo digital transformation. It may seem like there are more important priorities on which a small business could focus, but putting your...

The United States Department of Justice has charged three North Korean computer programmers with a range of cyber attacks that made headlines around the world. The men - 31-year-old Jon Chang Hyok, Kim Il, 27, and 36-year-old Park Jin Hyok - are alleged to have been part of North Korea's Reconnaissance General Bureau (RGB), known commonly as the ...

Increased uptime? Check. Better access to outside expertise? Check. Improved first-time-fix rate? Check. These are just some of the benefits of industrial remote access. Yet many customers are reluctant to embrace remote access. Not only that, but incidents such as the breach at the Oldsmar water utility might increase organizations’ reluctance to...

If high-tech gadgets were on your holiday shopping list, it is worth taking a moment to think about the particular risks they may bring. Under the wrong circumstances, even an innocuous gift may introduce unexpected vulnerabilities. In this blog series, VERT will be looking at some of the Internet’s best-selling holiday gifts with an eye toward...

Note: The attack procedure built in this post will not work for every macOS operating system or in every scenario. There are many factors that can block scripts from running at boot time, and you should always test against your target operating system. The MITRE ATT&CK framework is a universally accepted knowledge-base of tactics, techniques and...

While I was teaching, one of my students asked if I had seen Cybergeddon, a film distributed by Yahoo! in 2012. I had not, so I decided it would be fun for VERT to watch the film and review it, since my hobby is writing film reviews for RotundReviews. Cybergeddon is not talked about as much as it should be given some of the background around it. It...

The European Union Agency for Cybersecurity (ENISA) released in November 2020 its “Cybersecurity in Railways” report to raise awareness about the cybersecurity challenges facing Europe's railways. The report identifies the current cybersecurity status and challenges as well as proposes cybersecurity measures to combat these challenges and enhance...

When I was a software developer, I never joined any dev communities. I didn’t see the point. I also worked evenings as a professional musician and mostly spent time within the music community and sports groups I was a part of. I spent time with my dev friends at work; I didn’t understand why I would want to know devs with whom I didn’t work. I was a...

Social media is no stranger to scams. However, recent trends show scammers have started to show more aggression toward businesses since the beginning of the pandemic. Being able to recognize these scams can help you prevent injury to your business. Social Media as a Newer Cybercrime Platform for Targeting Businesses Scammers go where the people...

British police have arrested eight men in connection with a series of SIM-swapping attacks which saw criminals hijack the social media accounts of well-known figures and their families. The UK's National Crime Agency (NCA) says it made arrests in England and Scotland as part of an international investigation working alongside the FBI, US Secret...

Organizations are overwhelmed by the choice of cyber security tools in the market. They need to balance prioritizing and remediating vulnerabilities with managing their secure configurations. What’s more, many organizations are using hybrid clouds where they need to protect assets that are hosted both on premises and in the cloud. This complexity...