Image Zero Trust seems to no longer command the volume of articles that once set it up as a trend that promised a bright new future for security. This is in part because security is a journey. Rushed implementations and low returns often result in burnout with new technology, and generally the real work happens in the quiet stages...

Image In our webinar, Insights for Navigating PCI DSS 4.0 Milestones, we discuss some of the challenges organizations face as they try to comprehend the new requirements of PCI DSS 4.0. One of the questions we commonly hear is, “How do we prepare for PCI 4.0 deadlines while still maintaining day-to-day operations?” The discussion...

Image Today’s VERT Alert addresses Microsoft’s May 2023 Security Updates, which include a new release notes format. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1055 on Wednesday, May 10th. In-The-Wild & Disclosed CVEs CVE-2023-29336 Up first this month is a vulnerability reported by Avast...

Image This piece was originally published on Fortra’s AlertLogic.com Blog. Thinking about your own network isn’t enough to keep your business safe and profitable. As more buyers, sellers, and partners collaborate ever more closely across the world, supply chain IT risks are rising with no slowdown in sight. According to the Identity...

Image Tripwire's April 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft and Adobe. First on the patch priority list this month are patches for Microsoft Edge. These patches resolve over 15 vulnerabilities such as spoofing, type confusion, and use after free vulnerabilities. Up next are 3 patches...

Image The boon of online business and credit card transactions in the early 90s and 2000s resulted in an increasing trend of online payment fraud. Since then, securing business and online card transactions has been a growing concern for all business and payment card companies.  The increasing cases of high-profile data breaches and...

Image This piece was originally published on Fortra’s AlertLogic.com Blog. A Comprehensive Guide to Understanding WAFs: How it Works, Types, and Security Models Web applications drive digital transformation, remote work, employee productivity, and consumer interactions. The ability to connect to critical applications over the...

Image Root Cause Analysis (RCA) is a technique used to identify the underlying reasons for a problem, with the aim of trying to prevent it from recurring in the future. It is often used in change management processes to help identify the source of any issues that arise following any modifications to a system or process. RCA is...

Image The K-12 Report breaks down the cyber risks faced by public schools across the country and is sponsored by the CIS (Center for Internet Security) and the MS-ISAC (Multi-State Information Sharing & Analysis Center). Published “to prepare K-12 leaders with the information to make informed decisions around cyber risk”, the report...

Image Each month, at the State of Security, we publish a range of content provided by VERT. Whether it’s a round-up of all the latest cybersecurity news, our Patch Priority Index that helps guide administrators on what they should be patching , a book review, general musings from the team, or most notability our Patch Tuesday round-up...

Image CISA released in late February a cybersecurity advisory on the key findings from a recent Cybersecurity and Infrastructure Security Agency (CISA) red team assessment to provide organizations recommendations for improving their cyber posture. According to the Agency, the necessary actions to harden their environments include...

Image   Today’s VERT Alert addresses Microsoft’s April 2023 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1050 on Wednesday, April 12th. In-The-Wild & Disclosed CVEs CVE-2023-28252 A vulnerability in the Common Log File System (CLFS) Driver has been exploited in-the-wild....

Image Dealing with the aftermath of ransomware attacks is like Russian roulette. Submitting the ransom might seem like it’s the sole option for recovering locked data. Ransomware also continues to evolve as a threat category within the past year, with old names like REvil rearing their heads and new players like Black Basta emerging...

Image Tripwire's March 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Google and Microsoft. First on the patch priority list this month is a patch for Microsoft Office Outlook that resolves a critical elevation of privilege vulnerability (CVE-2023-23397) that should be patched as soon as possible. This...

Image When did you last have a light-bulb moment? For me, it was very recent. I was working with a client, supporting them in their latest Payment Card Industry Data Security Standard (PCI DSS) annual compliance assessment, and, in discussion with the Qualified Security Assessor (QSA), I had a sudden urge to challenge something we’ve...

Image Legacy gas and coal plants are being aged out – and no one wants to pay enough to keep them going. With increased pressure from green energy laws and added competition from renewable sources, these monsters of Old Power are being shown the door. Considering they've predated and precipitated all Industrial Revolutions (except for...

Image Today’s VERT Alert addresses Microsoft’s March 2023 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1046 on Wednesday, March 15th. In-The-Wild & Disclosed CVEs CVE-2023-24880 Up first this month is a publicly disclosed and exploited vulnerability impacting Windows...

Image If you blinked, you might have missed it… On October 25th 2022, the new standard for the Information Security Management System,  ISO27001 was released. Without fuss, and without fanfare. But, to quote a famous movie, “There was a great disturbance in the force.” ISO27001 is possibly one of the world's best-known standards...

Image When it comes to acronyms, Technology and Cybersecurity often rival various branches of government.  Technology acronyms are usually somewhat bland, amounting to little more than the arcane argot of the profession, such as SOC, SIEM, and DNS.  Government, however, rarely disappoints in its inventiveness, whether it is the...

Image Today’s VERT Alert addresses Microsoft’s February 2023 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1042 on Wednesday, February 15th. In-The-Wild & Disclosed CVEs CVE-2023-21823 The first vulnerability in the list this week is CVE-2023-21823, a vulnerability in...