In the world of cybersecurity, there are a few constants, one of the big ones being the fact that news, innovation, and threats move fast and are constantly evolving. It is important for security professionals to stay in the loop about major developments in cybercriminal activity and the cybersecurity industry. Fortra’s PhishLabs offer resources to learn about a variety of cybersecurity-related...

Over the following years, the costs associated with cybercrime, projected at $10.5 trillion annually by 2025 , will exceed the estimated worldwide cybersecurity spending— $267.3 billion annually by 2026 . Leadership needs to change its perspective on managing cyber risks instead of just spending more money to match the losses incurred. Cyber risk management as a business enabler The cyber economy...

Tripwire's June 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft and Progress MOVEit. First on the patch priority list this month are patches for the Progress MOVEit Transfer application. An exploit targeting the MOVEit vulnerability CVE-2023-34362 has been recently added to the Metasploit Exploit Framework. Next on the patch priority list this month are...

If you’re looking for job security, look no further: The cybersecurity sector can keep you gainfully employed for a very, very long time. There are an ever-growing number of ways in which someone with cybersecurity prowess can contribute, and as digital assets continue to develop and diversify, it’s safe to say they’ll always be kept on their toes. From software security engineers to CISOs, each...

The past few years have been among the most challenging for most businesses. Lockdowns, staff reductions, and reduced revenues resulted in the demise of many businesses. For those who remained, the new onuses brought about by supply chain concerns and inflation present even greater reasons for maximum resilience in order to survive. With all the physical challenges of running a business, it is...

The FFIEC Cybersecurity Assessment Tool (CAT) is a diagnostic test designed to help institutions identify risks and gauge cybersecurity preparedness. The tool is primarily for financial and non-depository institutions, enabling organizations to make risk-driven security decisions informed by regular cybersecurity assessments and standardized risk measurement criteria. While it is voluntary...

It’s no secret that the U.S. power grid is one of the main foundations of the nation’s economy, infrastructure, and daily way of life. Now that almost everything is digitized, it is hinging on it even more. We wouldn’t be able to use even most vending machines (not to mention cell towers or the internet) without a working electrical supply, and the importance of keeping it safe cannot be...

The Gramm-Leach Bliley Act (GLBA or GLB Act), or financial modernization act, is a bi-partisan federal regulation passed in 1999 to modernize the financial industry. It repealed vast swathes of the Glass-Steagall Act of 1933 and the Bank Holding Act of 1956 , allowing commercial banks to offer financial services such as investments or insurance. It also controls how financial institutions deal...

Elon Musk's ascension isn't the first thing to cause waves of scams on Twitter , and it certainly won't be the last. On July 20th of 2022, data belonging to over 5 million Twitter users was put up for sale on the internet underground for $30,000. The FTC reported that we've experienced a recent "gold mine for scammers" and the April bump to a 10,000-character limit (for Twitter Blue) only makes...

The NSA has published a guide about how to mitigate against attacks involving the BlackLotus bootkit malware, amid fears that system administrators may not be adequately protected against the threat. The BlackLotus UEFI bootkit made a name for itself in October 2022, when it was seen being sold on cybercrime underground forums for $5,000. The news sent a shiver down the spines of many in the...

If you’re busy securing the perimeter, mandating strong authentication practices, and restricting software downloads, you may be missing the mark. (Just to be clear: if you are doing those things, keep it up. You’re off to a good start, and none of what follows here replaces classic and vital cybersecurity measures.) Protecting your organization from outside threats is foundational to any...

They say character isn’t gained in a crisis; it’s displayed in one. By the time the disaster hits, the time for preparation has passed. But what if you could go through that earth-shattering event beforehand so when the time came, you’d be ready? Well, in security, you can. And it's not called cheating – it's called Red Teaming . It’s done differently, it provides a different outcome, and it tests...

Zero trust is a hot topic in cybersecurity, and for a good reason. There is no one-size-fits-all solution to securing your data and networks; rather, zero trust offers a more holistic perspective comprised of many different safety measures and practices and a shift in perspective on security. As threat actors step up their efforts and business operations, and depend more and more on digital...

Digital technology is becoming an increasingly essential part of nearly every industry, and supply chains are no exception. In recent years, supply chains have become more dependent on digital solutions, from manufacturing, packing, and shipping processes, to storing records in the cloud. While digital technology increases speed, efficiency, and interconnectivity across industries, this increased...

Cybercrime has become a dominant concern for many businesses, as well as individuals. Cybercriminals will target any business, and any individual if they can realize a profit from their minimal efforts. One of the ways that criminals achieve their goals is through the use of malware that garners a fast profit, such as ransomware. More enterprising criminals will use more persistent malware, which...

The cybersecurity community is one of the best communities around. Whether it is our peers, our colleagues, or our managers, there are a number of great qualities that we all share. That’s one of the reasons that we’re so lucky to work in this industry. One of the more interesting aspects of the industry is that there are so many ways to accomplish a goal, and that doesn’t just apply to technical...

More than ten years after the hack of the now-defunct Mt. Gox cryptocurrency exchange, the US Department of Justice says it has identified and charged two men it alleges stole customers' funds and the exchange's private keys. Two Russians, 43-year-old Alexey Bilyuchenko, and Aleksandr Verner, 29, are charged with conspiring to launder 647,000 Bitcoins - in a cryptocurrency heist which would have...

If you mention data leakage to most people, they may think that it sounds like a problem for a plumber, but the phrase “data leak” has specific and troubling concerns for a business. Data leakage is a particular security threat, and there are many sources for data leaks. Data Breach Versus Data Leak Data breaches occur when an attacker from outside your organization gets into your IT ecosystem and...

What is the SEC? Founded 85 years ago at the height of the Great Depression, the Securities and Exchange Commission (SEC) has a clear mission: to protect investors, maintain fair, orderly, and efficient markets, and facilitate capital formation. Put simply, the SEC aims to protect US investors by maintaining a fair market. The SEC doesn’t work directly with investors, however. Instead, it...