Amid the numerous instruments that have augmented our digital communication and commerce experiences over time, email remains a staple for everything, from confirming purchases to life-changing events like the authorization of financial aid.It comes as no surprise that email scams have been a mainstay of cyberattacks since the earliest days of online correspondence. Worse yet, their scope and...

So, you're considering integrating the NIST CSF 2.0 (National Institute of Standards and Technology Cybersecurity Framework) into your cybersecurity practices. Congratulations! You've taken the first step toward improving your organization's cybersecurity posture.However, you may need clarification about the best approach to aligning your cybersecurity practices with the NIST CSF. This process can...

The modern age of renewable energy has seen a surge in solar panels and wind turbines. While these systems enhance sustainability, their digital technologies carry risks. Cybersecurity professionals must know the relevant nuances when integrating renewable systems.How Solar Energy Is Vulnerable to Outside AttacksRecent incidents have demonstrated the importance of cybersecurity for power grids....

To allay dependence on oil revenue and expand the private sector, the United Arab Emirates (UAE) has committed, in recent years, to establishing a knowledge-based economy. Consequently, they have become a formidable competitor in Information Communication Technology (ICT). As the ICT industry has grown, so have government agencies to regulate it, namely the Signals Intelligence Agency, formerly...

Securing virtual identities and entry points has become a critical priority as cyber threats grow more sophisticated. A Single Sign-On (SSO) system offers ease and allows multi-functionality with a single set of identity verification, but they are enticing targets for cyber attackers. Organizations need Zero Trust Architecture to alleviate this risk. Zero Trust Architecture (ZTA) is a protection...

The Office for National Statistics (ONS) most recent Crime Survey for England and Wales (CSEW) has revealed that computer misuse cases rose 37% in the year ending March 2024, bucking a general trend of decline.The CSEW first started tracking computer misuse in the year ending (YE) March 2017, which saw roughly 1.8 million incidents. By March 2023, this number had fallen to 745,000. In March 2024,...

Security Operations Teams (SOCs) today are under attack by the very mechanisms meant to help them. A recent industry study revealed a few startling facts:SOCs spend a third of their workday hunting down false positives.Even then, SOCs only get to half of the alerts they need to every day.Out of all the teams currently using automation, only half apply it to threat hunting and incident enrichment...

Misconfigurations (when cloud computing assets are set up incorrectly, leaving them vulnerable to unauthorized access, data breaches, and operational disruptions) and inadequate change control top the list of cloud security threats in 2024, rising from third place the year before. It's clear that the transition to cloud computing has amplified the challenges of configuration management, making it...

Developers of plugins and themes for WordPress.org have been told they are required to enable two-factor authentication (2FA) from October 1st.The move is intended to enhance security, helping prevent hackers from gaining access to accounts through which malicious code could be injected into code used by millions of websites running the self-hosted version of WordPress.The threat posed by supply...

Phishing is a malicious attempt to deceive individuals into divulging sensitive information such as usernames, passwords, credit card numbers, or other personal data. These attacks are typically carried out by masquerading as a trustworthy entity in electronic communications. Phishing can take many forms and has evolved to become more sophisticated, making it imperative for individuals and...

The upcoming election has brought up conversations about the security of our voting infrastructure. While recent developments have somewhat shifted attention toward more visceral threats such as "death threats against county clerks, polling-place violence, and AI-fueled disinformation," the protection of voting machine security is still a pressing concern.Securing electronic voting infrastructure...

Achieving Sarbanes-Oxley (SOX) Act compliance is becoming more difficult. While the Act is primarily a financial reporting regulation, it requires all publicly traded companies operating in the United States to maintain the integrity, accuracy, and reliability of financial reporting, which those organizations can only achieve through robust cybersecurity measures. As such, an effective...

I worry that a lot of my blog posts reveal that I’m getting older and older as the days go by, but I wanted to talk about teasmades and security automation.For those of you outside of the UK, and even those born in the UK within the past 30 years, there’s a distinct possibility you may read this and consider it to be a made-up word, but there is indeed such a thing as a teasmade – effectively a...

Traditional cybersecurity solutions are constantly being supplemented and enhanced by new technology and practices. Industry leaders know that keeping up with digital security advancements is the best way to ensure the success of every company and that customers rely on them.Understanding how experts merge cybersecurity and automation in different industries is an excellent way to embrace this...

What is the Cicada ransomware?Cicada (also known as Cicada3301) is sophisticated ransomware written in Rust that has claimed more than 20 victims since its discovery in June 2024.Why is the ransomware called Cicada?The criminals behind Cicada appear to have named it after the mysterious Cicada 3301 puzzles posted on the internet between 2012 and 2014, seemingly to recruit highly intelligent...

I know when to log outKnow when to log inGet things done In the spirit of David Bowie, let's explore how to navigate the labyrinth of privileged access management without getting "Under Pressure."No one wants to mistype a common command, copy their proprietary data to a public location, or delete their operating system. Having multiple accounts—one for regular activities and specific privileged...

With the adoption of AI in almost every sphere of our lives and its unending advancement, cyberattacks are rapidly increasing. Threat actors with malicious intent use AI tools to create phishing emails and other AI-generated content to bypass traditional security measures. On the bright side, the security capabilities of AI are limitless.AI-enhanced attacks refer to cybersecurity events that use...

Change is relentless. Technology evolves at breakneck speed, and security practitioners face a constant barrage of updates, system tweaks, and new tools. This relentless stream of modifications can create a clutter of information, making it challenging to pinpoint what is truly important.Effectively filtering through this noise through effective change management is critical for maintaining...

There are many good business, security, and compliance reasons for leveraging the extensive rule and policy engines of Fortra’s Tripwire Enterprise (TE) to implement Security Configuration Management (SCM) capabilities, which have been documented very well in other blogs. In contrast, this article deals more with “how can we fully leverage this capability” technically instead of “why” we use them...

Tripwire's August 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, Adobe and Google.First on the list are patches for Microsoft Edge and Google Chromium that resolve 12 vulnerabilities, including information disclosure, remote code execution, and memory corruption vulnerabilities.Up next are patches for Microsoft Outlook, PowerPoint, Visio, Excel, Project,...