The NIST Cybersecurity Framework (CSF), published by the US National Institute of Standards and Technology (NIST), is a widely used set of guidelines for mitigating organizational cybersecurity risks. It contains recommendations and standards to help organizations identify and detect cyberattacks and advice on how to respond, prevent, and recover from cybersecurity incidents.Since Version 1.0’s...

Today’s VERT Alert addresses Microsoft’s August 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1119 as soon as coverage is completed.In-The-Wild & Disclosed CVEsCVE-2024-38178CVE-2024-38178 describes a vulnerability in the Microsoft Edge scripting engine when run in Internet Explorer Mode. On top of requiring Edge be running in...

Social engineering is a dangerous weapon many cybercriminals use to achieve their nefarious goals. It leverages psychological manipulation to deceive individuals into divulging confidential or personal information. Unlike traditional hacking, which relies on exploiting software vulnerabilities, social engineering targets human vulnerabilities.Here are the most common types of social engineering...

Many people don’t realize that scams are complicated events orchestrated by scammers, which often include myriad persuasive techniques and take advantage of our individual characteristics and circumstances.While each scam varies in complexity, they typically progress through three broad stages, each influenced by factors that either heighten or diminish our vulnerability to becoming victims. Dove ...

We recently presented the webcast "Find Your Best Fit, Solving the Cybersecurity Framework Puzzle." Tyler Reguly, who is a senior manager of research and development at Fortra and a former professor at his alma mater, Fanshawe College, served as the host. Tyler offered his wisdom about integrating CIS Controls into a comprehensive cybersecurity plan for your organization.Tyler examines the CIS...

According to the FBI, billions of dollars have been lost through Business Email Compromise (BEC) attacks in recent years, so you may well think that there is little in the way of good news.However, it has been revealed this week that police managed to recover more than US $40 million snatched in a recent BEC heist just two days after being told about it.As Interpol describes, police were contacted...

When performing a security assessment, many folks will focus on asset management. This is an important first step, as it often reveals assets in the environment that were previously unknown. The next step in determining how to best secure the organization is to establish a baseline of the current state, and to define what the secure baseline should be. Too often, the existing baseline is far below...

If you’ve been keeping up with the Payment Card Industry Data Security Standard (PCI DSS), you’ll know it has a new specification that revolves around network security controls. Let’s dig into the details.A Little Back StoryIt helps to level-set for anyone who might be coming into this from a non-technical role. We all know PCI DSS (v4.0) is the payment card industry’s compliance standard for...

Cybercriminals are notorious for their opportunism. No situation is off limits: whether they exploit conflict and human suffering, blackmail vulnerable individuals by threatening to leak therapy notes, or even bring healthcare organizations to their knees, cybercriminals will stop at nothing to make a quick buck.Hurricane season is a particularly lucrative time of year for cybercriminals. Every...

Tripwire's July 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft.First on the list are patches for Microsoft Office and Outlook that resolve remote code execution and spoofing vulnerabilities.Next are patches that affect components of the core Windows operating system. These patches resolve over 65 vulnerabilities, including elevation of privilege,...

The Sarbanes-Oxley Act of 2002 (SOX) was enacted to restore public confidence in the wake of major corporate and accounting scandals. The legislation aims to protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws.One key aspect of SOX compliance is ensuring the integrity and security of financial data. In the digital age,...

Bot attacks constitute a major danger to businesses and individuals. For five consecutive years, the percentage of global web traffic connected to bad bots has increased, reaching 32% in 2023, a 1.8% increase from 30.2% in 2022, while human traffic represented only 50.4%.These nefarious bots are designed to breach a system, access confidential files illegally, and disrupt normal operations, which...

The staggering sum of US $75 million has reportedly been paid to a ransomware gang in what is believed to be the largest known ransom payment made by a cyber attack victim since records began. Researchers at Zscaler claim in a new report that the record-breaking figure was paid by an undisclosed Fortune 50 company to the Dark Angels ransomware group. The reported payment almost doubles the...

In our continuing series of book reviews, the Fortra team read How AI Works: From Sorcery to Science by Ronald T. Kneusel. The book is advertised as unraveling “the mysteries of artificial intelligence, without the complex math and unnecessary jargon.”I really enjoyed how the book began with an AI Overview. As a hot sauce fan, I found it amusing that the first example utilized a hot sauce factory....

Ransomware has evolved significantly since its inception. Initially, these attacks were relatively simple: malware would encrypt a victim's files, and the attacker would demand a ransom for the decryption key. However, as cybersecurity measures improved, so did ransomware gangs' tactics.Modern ransomware attacks often involve sophisticated techniques such as data exfiltration, where attackers...

Burnout happens when job demands such as workload, time pressure, and difficult clients are high, as well as when job resources, including quality leadership, autonomy and decision authority, recognition, and strong relationships, are lacking. The field of cybersecurity is particularly difficult, but that doesn't mean burnout is inevitable, and it doesn't mean you can't recover after experiencing...

The transition to PCI DSS 4.0 is here. The transition period from PCI DSS 3.2 ended on March 31, 2024, so businesses in all sectors must focus on aligning their practices with the new requirements.This blog will guide you through the key points discussed by PCI experts Steven Sletten and Jeff Hall in a recent webinar held by Fortra on "PCI 4.0 is Here: Your Guide to Navigating Compliance Success....

SEXi? Seriously? What are you talking about this time?Don't worry, I'm not trying to conjure images in your mind of Rod Stewart in his iconic leopard print trousers. Instead, I want to warn you about a cybercrime group that has gained notoriety for attacking VMware ESXi servers since February 2024.Excuse me for not knowing, but what is VMWare EXSi?EXSi is a hypervisor - allowing businesses who...