Gabrielle is a security engineer. She deploys tools to scan for threats and vulnerabilities, read logs, and manage the security risks for her company, but is all that data really helping? Sometimes, it seems like she works in a noise factory instead of a SOC. The cacophony of all the log and event data and vulnerability scans are pouring into the SIEM,...

The US Cybersecurity and Infrastructure Security Agency (CISA), FBI, and others have issued a joint alert, advising organisations of the steps they should take to mitigate the threat posed by BianLian ransomware attacks. BianLian, which has been targeting different industry sectors since June 2022, is a ransomware developer, deployer and data...

‘A ship in port is safe, but that's not what ships are built for,’ said Dr. Grace Hopper, Rear Admiral of the US Navy and a computer pioneer. As soon as the ship leaves the harbor, or even the dock, there are risks.  Depending on conditions and purposes, the ship's crew might decide they are negligible, that they can be recovered from, or that the...

While there are an estimated 30,000 daily cyber attacks on business websites, there are roughly ten times as many attacks against social media accounts every single day, equating to roughly 1.4 billion accounts every month. Social media attacks and scams have become pervasive problems, with threat actors finding innovative new ways to deceive users...

2023 started much the same as the year before, with state legislatures producing an impressive list of privacy-related bills in the U.S. Twenty-three states introduced comprehensive privacy legislation, with many more targeted privacy bills being considered as well. Iowa's governor signed the sixth comprehensive privacy law to close out the quarter....

A Social engineering attack is the process of exploiting weaknesses in human psychology to manipulate and persuade others to perform in a way that is harmful. Prior to the digital age, criminals would carry out these attacks in person, in what was known as a confidence game.  The perpetrators were referred to a “con men”, regardless of their gender.  ...

What is Akira? Akira is a new family of ransomware, first used in cybercrime attacks in March 2023. Akira? Haven't we heard of that before? Maybe you're thinking of the cyberpunk Manga comic books and movie that came out in the 1980s. Or perhaps you're thinking of an unrelated ransomware of the same name which emerged in 2017. Maybe that's it. So...

Data breaches and cyberattacks have become worryingly commonplace in today’s digital world, and cybersecurity and cyber resilience are now crucial for every organization, small and large. These two strategies work together to protect data at different stages of a cyberattack. Ideally, organizations should rely on both to achieve maximum cyber protection...

This piece was originally published on Fortra’s AlertLogic.com Blog. Thinking about your own network isn’t enough to keep your business safe and profitable. As more buyers, sellers, and partners collaborate ever more closely across the world, supply chain IT risks are rising with no slowdown in sight. According to the Identity Theft Resource Center,...

The Open Systems Interconnection (OSI) model is a conceptual framework developed by the International Standards Organization (ISO). It has been in use for over 40 years, and is cited in every computer network book. It is also a favorite resource for just about every cybersecurity exam. The OSI model is represented in seven layers that help us understand...

Businesses should patch their TP-Link routers as soon as possible, after the revelation that a legendary IoT botnet is targeting them for recruitment. The notorious Mirai botnet, which hijacks control of vulnerable IoT devices, is now exploiting TP-Link Archer AX21 routers to launch distributed denial-of-service (DDoS) attacks. The warning comes from...

“The cyber economy is the economy” Those words were spoken by the US National Security Advisor way back in 2005, and it is remarkable to see how prescient they were. The economy is not only supported by the cyber world, but that world is entirely data driven. Data has become a primary focus, not just for regulatory fodder, but for business survival. ...

Cloud Security Challenges Organizations embracing cloud environments must understand that cloud applications and services have become popular targets for cybercriminals. A few notable and inherent risks with cloud deployments include: API Vulnerabilities Unfortunately, API exploits are on the rise, costing organizations dearly. Whether it’s stolen...

This piece was originally published on Fortra’s AlertLogic.com Blog. If you’re building an application, you want to ensure it’s reliable, consistent, and rapidly deployable in any cloud environment. That’s what containers are used for — packaging instructions into a digital object for reuse. Without them, you’ll struggle to run some application...

The phone rings, displaying "Potential Spam," warning of the possible downfall of accepting the call. We also have the option to set specific ringtones for the special people in our lives, so we audibly know immediately who’s calling. For other callers, like the once-a-year important call from our insurance or investment rep, we'll at least add their...

Iranian state-sponsored hacking group Charming Kitten has been named as the group responsible for a new wave of attacks targeting critical infrastructure in the United States and elsewhere. The group (who are also known to security researchers by a wide variety of other names including Mint Sandstorm, Phosphorous, Newscaster, and APT35) has been...

This piece was originally published on Fortra’s AlertLogic.com Blog. A Comprehensive Guide to Understanding WAFs: How it Works, Types, and Security Models Web applications drive digital transformation, remote work, employee productivity, and consumer interactions. The ability to connect to critical applications over the internet gives workforce...

Spring is here! Who’s up for some digital spring cleaning? Digital de-cluttering helps you organize your life and has the bonus of reducing your vulnerability to common threats. But knowing where to begin can be hard; most of us leave a larger digital footprint than we realize. I have created a checklist to help you clear away the clutter and reap the...

The K-12 Report breaks down the cyber risks faced by public schools across the country and is sponsored by the CIS (Center for Internet Security) and the MS-ISAC (Multi-State Information Sharing & Analysis Center). Published “to prepare K-12 leaders with the information to make informed decisions around cyber risk”, the report provides a data-driven...

Three Nigerian nationals face charges in a US federal court related to a business email compromise (BEC) scam that is said to have stolen more than US $6 million from victims. 29-year-old Kosi Goodness Simon-Ebo was extradited from Canada to the United States earlier this month, according to a Department of Justice press release, and will appear before...