While NIST frameworks are typically not mandatory for most organizations, they are still being called on to do some heavy lifting to bolster the nation’s cybersecurity defenses.Under the January 2025 Executive Order (EO) on Strengthening and Promoting Innovation in the Nation’s Cybersecurity, the National Institute of Standards and Technology (NIST) was charged, along with several other agencies,...

In January of this year, significant changes to the HIPAA Security Rule were proposed by the Office of Civil Rights for the Department of Health and Human Services (OCR).The proposed update to the HIPAA Security Rule, published on January 6, 2025, introduces a significant new requirement: all covered entities and business associates must conduct penetration testing of their electronic information...

For the fourth year running, in 2025, the IBM X-Force Threat Intelligence Index crowned the manufacturing sector as the number one targeted industry for cybercrime, representing 26% of incidents. The problem is so bad that manufacturing has even managed to defy malware's decline, with attackers exploiting the industry's legacy technology to deploy ransomware at a massive scale. But why is the...

The UK is facing the same evolving digital challenges as the rest of the world, and its new Cyber Security and Resilience Bill is designed to not only help it catch up - but stay ahead.Attackers change their tactics all the time. Without an agile, living framework that gives lawmakers some breathing room, adversaries could easily outstrip the clunky government processes that govern cybersecurity ...

Cybercriminals are getting smarter. Not by developing new types of malware or exploiting zero-day vulnerabilities, but by simply pretending to be helpful IT support desk workers.Attackers affiliated with the 3AM ransomware group have combined a variety of different techniques to trick targeted employees into helping them break into networks.It works like this.First, a company employee finds their...

Health-ISAC recently released their 2025 Health Sector Cyber Threat Landscape Report, a comprehensive outline of the malicious activity aimed at healthcare in the previous year. Not surprisingly, ransomware was cited by security professionals in the industry as the number one threat of 2024 and the top area of concern coming into 2025 (followed by third-party breaches, supply chain attacks, and...

Attackers have made a decisive switch toward stealthy, identity-centric attacks. Forget breaking in – modern cybercriminals simply log in. And that should be a concern.According to the IBM X-Force 2025 Threat Intelligence Index, nearly one-third of intrusions in 2024 were initiated not through sophisticated attacks, but through valid account exploitation.Moreover, phishing-delivered infostealers...

Recent research by Comparitech reveals the shocking truth about ransomware attacks on government entities; they have a longer impact than anyone thought. Tracking over 1100 government-targeted ransomware attacks over a period of six years, researchers discovered that each day of downtime cost entities nearly $83,600, and that in each attack the downtime lasted for an average of 27.8 days.Compared...

The proliferation of Internet of Things (IoT) devices - more specifically, security cameras - has forced organizations to rethink how they protect their physical hardware.Security cameras represent some of the most common IoT devices installed in business and commercial environments. Recent estimates suggest the smart camera market is expected to grow at an astronomical rate, reaching a potential...

There are ghosts in the machine.Not the poetic kind. I mean literal, running-code-with-root-access kind. The kind that was set up ten years ago by an admin who retired five jobs ago. The kind that still wakes up every night at 3:30 a.m.; processes something no one remembers, and then quietly vanishes into the system logs. Until, of course, something goes wrong—or someone takes advantage of it...

A new era of inconceivably fast quantum machines is not far away, with computers almost ready to completely transform the way we solve problems, communicate, and compute. However, this transformation is not all positive, and the cybersecurity industry fears that functional quantum computers will be able to break even the strongest encryption we have today, rendering today's security infrastructure...

Adhering to the ever-tightening letter of the law is the cost of doing business these days, and for many companies caught in the crosshairs, that cost is getting too high.New research by Bridewell Consulting revealed that 44% of all financial services institutions in the UK listed compliance as the top cybersecurity challenge their organizations currently face. And it may be no surprise as many...

The Health Insurance Portability and Accountability Act (HIPPA) was established to protect patient privacy and secure health information. While it has been around for nearly two decades, it is evolving to keep up with an increasingly digital world and in response to the skyrocketing number of cyber attacks the industry sees every year.On December 27, 2024, the Department of Health and Human...

When people hear "supply chain attack," their minds often go to headline-grabbing breaches. But while analysts, CISOs, and journalists dissect those incidents, a more tactical and persistent wave of attacks has been unfolding in parallel; one that's laser-focused on small businesses as the point of entry. This isn't collateral damage. It's by design.Cybercriminals aren't always trying to...

Today’s Patch Tuesday Alert addresses Microsoft’s May 2025 Security Updates. We are actively working on coverage for these vulnerabilities and expect to ship ASPL-1156 as soon as coverage is completed.In-The-Wild & Disclosed CVEsCVE-2025-32706A vulnerability in the Windows Common Log File System (CLFS) Driver could allow a malicious actor to elevate their privileges to SYSTEM. Microsoft has...

APWG's Q4 2024 Phishing Activity Trends Report, published March 19th, revealed that more than eight in ten Business Email Compromise (BEC) attacks last quarter were sent by attackers favoring Google's free webmail service. By comparison, only 10% used Microsoft's free email web app, Outlook.com.The report, published quarterly, is a product of the phishing incidents reported to the APWG annually by...

According to the NIS Directive, Member States should adopt a common set of baseline security requirements to ensure a minimum level of harmonized security measures across the EU and enhance the overall level of security of operators providing essential services (OES) and digital service providers (DSP). The NIS Directive sets three primary objectives:to improve the national information security...

DDoS attacks have long been dismissed as blunt instruments, favored by script kiddies and hacktivists for their ability to overwhelm and disrupt. But in today's fragmented, hybrid-cloud environments, they've evolved into something far more cunning: a smokescreen. What looks like digital vandalism may actually be a coordinated diversion, engineered to distract defenders from deeper breaches in...

Oh dear, what a shame, never mind. Yes, it's hard to feel too much sympathy when a group of cybercriminals who have themselves extorted millions of dollars from innocent victims have found themselves dealing with their own cybersecurity problem. And that's just what has happened to the notorious LockBit ransomware gang, which has been given a taste of its own medicine. The infamous ransomware-as-a...

Tripwire's April 2025 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft and Google.Up first on the list are patches for Microsoft Edge (Chromium-based) and Google Chromium that resolve 11 issues including remote code execution and improper implementation vulnerabilities.Next on the list are patches for Microsoft Office, Excel, Word, and OneNote. These patches...