The evolution of the cyber threat landscape highlights the need for organizations to strengthen their ability to identify, analyze, and evaluate cyber risks before they evolve into security incidents. Criminals often exploit known unpatched vulnerabilities to penetrate Industrial Control Systems (ICS) environments and disrupt critical operations. Although patch management seems like the obvious...

Abu Dhabi is boosting its healthcare system with the introduction of the Abu Dhabi Healthcare Information and Cyber Security Standard (ADHICS). This initiative, driven by the Department of Health—Abu Dhabi (DoH)—has been put in place to protect sensitive healthcare data, improve cybersecurity resilience, and keep healthcare services running smoothly.At a time when cyber threats are skyrocketing in...

Most countries have some sort of government agency dedicated to protecting digital infrastructure and promoting cybersecurity awareness. In the English-speaking world alone, the UK has the National Cyber Security Center (NCSC), the US has the National Institute of Standards and Technology (NIST), and Canada has the Canadian Centre for Cyber Security; chances are you’re already aware of them...

Many organizations have a vulnerability management (VM) problem without knowing it. Vulnerability management is a crucial component of any organization’s cybersecurity program and is required by most major compliance standards because of its sink-or-swim impact on network security. One of the biggest issues in VM is that organizations aren’t testing the entirety of their networks. Could yours be...

Tripwire's February 2025 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft.Up first on the list are patches for Microsoft Edge (Chromium-based) that resolve 4 remote code execution and 2 spoofing vulnerabilities.Next on the list are patches for Microsoft Office and Excel. These patches resolve 8 issues such as remote code execution and information disclosure...

According to the 2024 State of Ransomware report by Sophos, there was a 500% increase in ransom bills in the last 12 months. Moreover, an analysis by Comparitech revealed 181 confirmed ransomware incidents targeting healthcare providers in 2024, with 25.6 million records compromised. Meanwhile, there were 42 more confirmed attacks on healthcare organizations not involved in direct care provision....

As cyber threats evolve, so must the strategies and frameworks that protect the data and systems that are at the heart of national defense, intelligence, and security. At a time when cyber threats are becoming more sophisticated, the need to protect national security systems (NSS) has never been more critical. With this in mind, the Committee on National Security Systems (CNSS) was formed to...

What is HellCat?HellCat is the name of a relatively new ransomware-as-a-service (RaaS) group that first came to prominence in the second half of 2024. Like many other ransomware operations, HellCat breaks into organisations, steals sensitive files, and encrypts computer systems - demanding a ransom payment for a decryption key and to prevent the leaking of stolen files.So it's your typical "double...

When people hear "supply chain attack," their minds often go to headline-grabbing breaches. But while analysts, CISOs, and journalists dissect those incidents, a more tactical and persistent wave of attacks has been unfolding in parallel; one that's laser-focused on small businesses as the point of entry. This isn't collateral damage. It's by design.Cybercriminals aren't always trying to...

Enterprise networks frequently experience changes in endpoint devices, software, and files, which can introduce risk to the organization. To mitigate this, companies can implement foundational security controls like file integrity monitoring (FIM), which tracks changes to essential files and helps restore them if unauthorized. Additionally, organizations may use these controls to monitor for...

The Payment Card Industry Data Security Standard (PCI DSS) has always been a massive security undertaking for any organization that has worked to fully implement its recommendations. One interesting aspect that seems to be overlooked is the focus on the Requirements, and while minimizing the testing necessities. Not only is testing part of the full...

Cyber incidents are always going to be present. Regardless of whether you’re working for a startup or a corporation, malicious software can target you and your business. This is why it’s important to work closely with cybersecurity incident response teams and have such protocols in place.The lifecycle of a cybersecurity incident starts way before it happens with good preparation. However, the...

Cybersecurity professionals are always looking to keep up with new and changing threats, as well as developing new tactics and technologies to guard against cyberattacks. Traditional approaches to security are focused on defensive or reactive measures, generally blocking attacks from coming in, or responding to attacks once they happen. Unfortunately,...

The cyber workforce gap is one of the most pressing and persistent challenges facing the cybersecurity industry. In 2024, ISC2 found that the gap amounted to 4.8 million people globally, up 19% from the previous year. Both public and private sector organizations – including the UK’s NCSC and the SANS Institute – have introduced countless initiatives in an attempt to close the cyber workforce gap,...

One thing is becoming evident as ransomware attacks increase in frequency and impact: businesses can take additional precautions. Unfortunately, many companies are failing to do so. Most victims are sufficiently warned about potential weaknesses yet unprepared to recover when hit.Robust ransomware prevention is more important than ever. This becomes...

The FBI is set to report that ransomware was the most pervasive cybersecurity threat to US critical infrastructure during the year of 2024. As Reuters reports, complaints of ransomware attacks against critical sectors have jumped 9% over the previous year. The annual report from the FBI's Internet Crime Complaint Center (IC3) will reveal that the likes of manufacturing, healthcare, government...