In 2023, companies lost about $4.45 million on average because of data breaches. As cyber threats advance, securing endpoints is more important than ever. An advanced Host-based Intrusion Detection System (HIDS) provides a sturdy remedy to improve endpoint security . By monitoring and examining system responses and device status, HIDS identifies and tackles nefarious behaviors that are often...

Today’s VERT Alert addresses Microsoft’s April 2024 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1101 as soon as coverage is completed. In-The-Wild & Disclosed CVEs CVE-2024-26234 This CVE describes a Proxy Driver Spoofing Vulnerability that, thanks to Microsoft’s new CWE listings , we know is tied to Improper Access Control . From a...

On an ordinary day, you're casually surfing the web and downloading some PDF files. The document icons seem pretty legitimate, so you click without a second thought. But, to your surprise, nothing happens. A closer look reveals that what you believed to be a harmless PDF was, in fact, an executable file. Panic sets in as your settings lock up, and even accessing the task manager becomes impossible...

The demand for innovative threat detection and intelligence approaches is more pressing than ever. One such paradigm-shifting technology gaining prominence is Federated Learning (FL). This emerging concept harnesses the power of collaborative intelligence, allowing disparate entities to pool their insights without compromising sensitive data. A report by Apple suggests that the number of data...

What Is a Host-Based Intrusion Detection System (HIDS)? A host-based intrusion detection system, or HIDS , is a network application that monitors suspicious and malicious behavior, both internally and externally. The HIDS’ job is to flag any unusual patterns of behavior that could signify a breach. By bringing this activity to the team’s attention, the HIDS enables in-house staff to investigate...

Today’s VERT Alert addresses Microsoft’s February 2024 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1093 as soon as coverage is completed. In-The-Wild & Disclosed CVEs CVE-2024-21351 This CVE describes a bypass in the Windows SmartScreen Security Feature. At this point, these bypasses have become relatively common and are frequently...

One of the most common factors that can lead to cybersecurity incidents is a security misconfiguration in software or application settings. The default settings that come with the implementation of these tools and solutions are often not configured securely, and many organizations do not invest the time and resources into ensuring that they are. Several regulatory organizations have established...

Today’s VERT Alert addresses Microsoft’s January 2024 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1088 as soon as coverage is completed. In-The-Wild & Disclosed CVEs There were no in-the-wild or disclosed CVEs included in the January Patch Tuesday drop. CVE Breakdown by Tag While historical Microsoft Security Bulletin groupings are...

Earlier this year, the SEC proposed a new set of rules on cybersecurity governance , which would require public companies to make appropriate disclosures of cyber risks and management procedures. Although the amendments target the financial sector, it is one more evidence of the fact that cybersecurity is no longer a backburner component of business operations. It is a critical factor that can...

Frankly stated, operational resilience is your ability to climb the mountain, no matter the weather. Businesses now need more than a good security structure to weather the storms of AI-driven threats, APTs, cloud-based risks, and hyper-distributed environments. And more importantly, operational resilience in 2024 requires a paradigm shift. Attackers aren’t out there doing the bare minimum . As the...

Today’s VERT Alert addresses Microsoft’s December 2023 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1086 on Wednesday, December 13th. In-The-Wild & Disclosed CVEs CVE-2023-20588 AMD has released AMD-SB-7007 – Speculative Leaks Security Notice , which describes how some AMD processors can potentially return speculative data after a...

Organizations looking to protect their sensitive data and assets against cyberattacks may lack the ability to build a cybersecurity strategy without any structured help. The National Institute of Standards and Technology ( NIST ) has a free, public framework to help any organization mature its IT security posture. Recently, the institute published an updated version of the cybersecurity framework...

Today’s VERT Alert addresses Microsoft’s November 2023 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1082 on Wednesday, November 15th. In-The-Wild & Disclosed CVEs CVE-2023-36033 A vulnerability in the Microsoft Desktop Window Manager (DWM) could allow an attacker to gain SYSTEM level privileges. This vulnerability has been publicly...

A recent report from RPC has revealed that cybersecurity breaches in UK pension schemes increased by 4,000% from 2021/22 to 2022/23. Understandably, the announcement has raised serious concerns about the efficacy of financial service organization’s cybersecurity programmes. Although the reasons for cyberattacks on financial services are fairly obvious – potential financial gains, troves of...

Footprinting, also known as fingerprinting, is a methodology used by penetration testers, cybersecurity professionals, and even threat actors to gather information about a target organization to identify potential vulnerabilities. Footprinting is the first step in penetration testing. It involves scanning open ports, mapping network topologies, and collecting information about hosts, their...

Today’s VERT Alert addresses Microsoft’s October 2023 Security Updates , which includes a recently introduced release notes format. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1077 on Wednesday, October 11th. In-The-Wild & Disclosed CVEs CVE-2023-41763 While this vulnerability is labeled as a Skype for Business Elevation of Privilege Vulnerability, the...

On August 10th, the Pentagon introduced " Task Force Lima ," a dedicated team working to bring Artificial Intelligence (AI) into the core of the U.S. defense system. The goal is to use AI to improve business operations, healthcare, military readiness, policy-making, and warfare. Earlier in August, the White House announced a large cash prize for individuals or groups that can create AI systems to...

The then-new 2014 NIST Cybersecurity Framework (CSF) was designed to plug security gaps in operational technology. It’s still in use today and more relevant than ever. Fortra’s whitepaper provides a cohesive review of this security staple and how to glean the best out of it for your strategy. A Brief History of NIST CSF “The full maximum NIST Cybersecurity Framework is about as big an umbrella as...

Patience is one of those time-dependent, and often situational circumstances we experience. Few things define relativity better than patience. Think of the impatience of people who have to wait ten minutes in a line at a gas station, yet the thought of waiting ten minutes for a perfectly brewed cup of coffee seems entirely reasonable. It can’t be about the cost, since even the smallest cup of...