Blog

Blog

PCI DSS 4.0 Requirements –Test Security Regularly and Support Information Security with Organizational Policies and Programs

The Payment Card Industry Data Security Standard (PCI DSS) has always been a massive security undertaking for any organization that has worked to fully implement its recommendations. One interesting aspect that seems to be overlooked is the focus on the Requirements, and while minimizing the testing necessities. Not only is testing part of the full...
Blog

5 Things Everyone Needs to Know About GRC

Over the following years, the costs associated with cybercrime, projected at $10.5 trillion annually by 2025, will exceed the estimated worldwide cybersecurity spending—$267.3 billion annually by 2026. Leadership needs to change its perspective on managing cyber risks instead of just spending more money to match the losses incurred. Cyber risk...
Blog

Tripwire Patch Priority Index for June 2023

Tripwire's June 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft and Progress MOVEit. First on the patch priority list this month are patches for the Progress MOVEit Transfer application. An exploit targeting the MOVEit vulnerability CVE-2023-34362 has been recently added to the Metasploit Exploit Framework. ...
Blog

5 Cyber Survival Tips for Businesses

The past few years have been among the most challenging for most businesses. Lockdowns, staff reductions, and reduced revenues resulted in the demise of many businesses. For those who remained, the new onuses brought about by supply chain concerns and inflation present even greater reasons for maximum resilience in order to survive. With all the...
Blog

Is the CMMC 2.0 Rollout on the Horizon?

The Department of Defense (DoD) introduced the Cybersecurity Maturity Model Certification (CMMC) in 2019. This framework outlined a series of security standards contractors must meet to win DoD contracts, so it’s a big concern for many companies. However, four years later, the Cybersecurity Maturity Model Certification rollout has yet to take effect...
Blog

What is the Gramm-Leach-Bliley Act (GLBA)?

The Gramm-Leach Bliley Act (GLBA or GLB Act), or financial modernization act, is a bi-partisan federal regulation passed in 1999 to modernize the financial industry. It repealed vast swathes of the Glass-Steagall Act of 1933 and the Bank Holding Act of 1956, allowing commercial banks to offer financial services such as investments or insurance. It...
Blog

A Sarbanes-Oxley Act (SOX) IT Compliance Primer

At the turn of the most recent century, the financial world was in a moment of unregulated growth, which lead to some serious corporate misdeeds in the United States. This presented the opportunity for two senators to enact a new law to ensure accurate and reliable financial reporting for public companies in the US. The result was the Sarbanes-Oxley...
Blog

BlackLotus bootkit patch may bring "false sense of security", warns NSA

The NSA has published a guide about how to mitigate against attacks involving the BlackLotus bootkit malware, amid fears that system administrators may not be adequately protected against the threat. The BlackLotus UEFI bootkit made a name for itself in October 2022, when it was seen being sold on cybercrime underground forums for $5,000. The news...
Blog

Insider Risk Hits Closer to Home

If you’re busy securing the perimeter, mandating strong authentication practices, and restricting software downloads, you may be missing the mark. (Just to be clear: if you are doing those things, keep it up. You’re off to a good start, and none of what follows here replaces classic and vital cybersecurity measures.) Protecting your organization...
Blog

How to Protect Against the Four Largest Cybersecurity Threats to Your Supply Chain

Digital technology is becoming an increasingly essential part of nearly every industry, and supply chains are no exception. In recent years, supply chains have become more dependent on digital solutions, from manufacturing, packing, and shipping processes, to storing records in the cloud. While digital technology increases speed, efficiency, and...
Blog

Top 5 Malware Trends on the Horizon

Cybercrime has become a dominant concern for many businesses, as well as individuals. Cybercriminals will target any business, and any individual if they can realize a profit from their minimal efforts. One of the ways that criminals achieve their goals is through the use of malware that garners a fast profit, such as ransomware. More enterprising...
Blog

PCI DSS 4.0 Requirements – Protect from Malicious Software and Maintain Secure Systems and Software

We often hear how a company was compromised by a sophisticated attack. This characterization contains all the romantic thrill of a spy movie, but it is usually not how most companies are victimized. Most breaches usually happen as a result of malware entering the environment. The need to protect against malware is addressed in progressive degrees in...
Blog

VERT Threat Alert: June 2023 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s June 2023 Security Updates, which include a new release notes format. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1060 on Wednesday, June 14th. In-The-Wild & Disclosed CVEs There were no in-the-wild or disclosed CVEs in the June Patch Tuesday drop. CVE Breakdown...
Blog

ChatGPT and Data Privacy

In April 2023, German artist Boris Eldagsen won the open creative award for his photographic entry entitled, Pseudomnesia: The Electrician. But, the confusing part of the event for the judges and the audience was that he refused to receive the award. The reason was that the photograph was generated by an Artificial Intelligence (AI) tool. It was...
Blog

The Role of the SEC in Enforcing InfoSec Legislation

What is the SEC? Founded 85 years ago at the height of the Great Depression, the Securities and Exchange Commission (SEC) has a clear mission: to protect investors, maintain fair, orderly, and efficient markets, and facilitate capital formation. Put simply, the SEC aims to protect US investors by maintaining a fair market. The SEC doesn’t work...
Blog

Tripwire Patch Priority Index for May 2023

Tripwire's May 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the patch priority list this month are patches for Microsoft Edge. These patches resolve elevation and security feature bypass vulnerabilities. Up next are 3 patches for Microsoft Office, Word, Excel, and Access that resolve remote code...
Blog

PCI DSS 4.0 Requirements – Protect Stored Account Data and Protect Cardholder Data During Transmission

If someone asked you “are you protecting your data,” your initial response would probably be to clarify what they are referring to specifically, since the question is so broadly stated. You could just reply with a terse “Yes,” but that is as open-ended and nebulous as the question. The general idea of data protection encompasses so many areas, from...
Blog

How to Avoid Cybercrime While Traveling Internationally

Traveling abroad, whether for business or leisure, brings plenty of tangible benefits to individuals and organizations. Coupled with the convenience of innovative technology at our fingertips, business professionals can achieve a lot if they spend much of their time on foreign shores. However, despite this digital evolution, traveling abroad can...
Blog

The Future of Driverless Cars: Technology, Security and AI

Back in 2015, we published an article about the apparent perils of driverless cars. At that time, the newness and novelty of sitting back and allowing a car to drive you to your destination created a source of criminal fascination for some, and a nightmare for others. It has been eight years since the original article was published, so perhaps it is...