Blog

Blog

"Junk gun" ransomware: the cheap new threat to small businesses

What's going on? A wave of cheap, crude, amateurish ransomware has been spotted on the dark web - and although it may not make as many headlines as LockBit, Rhysida, and BlackSuit, it still presents a serious threat to organizations. What's "junk gun" ransomware? It's a name coined by Sophos researchers for unsophisticated ransomware that is...
Blog

UK IT Leaders Are Prioritizing Cybersecurity: But Is This a Good Thing?

Tech leaders taking cybersecurity seriously is something of a double-edged sword. While it’s undoubtedly good that organizations are waking up to the genuine threat cyberattacks pose, it’s depressing that they must siphon off so many resources to protect themselves rather than using them for growth and innovation. A recent survey of UK technology...
Blog

"All for One and One for All": The EU Cyber Solidarity Act Strengthens Digital Defenses

Alexandre Dumas's timeless novel "The Three Musketeers" immortalized the ideal of unyielding solidarity, the enduring motto "All for one and one for all." In the face of ever-evolving threats in the digital realm, the European Union echoes this spirit with its landmark Cyber Solidarity Act. This new legislation recognizes that collective defense is...
Blog

Enhancing Endpoint Security with Advanced Host-Based Intrusion Detection Capabilities

In 2023, companies lost about $4.45 million on average because of data breaches. As cyber threats advance, securing endpoints is more important than ever. An advanced Host-based Intrusion Detection System (HIDS) provides a sturdy remedy to improve endpoint security. By monitoring and examining system responses and device status, HIDS identifies and...
Blog

37 Arrested as Police Smash LabHost International Fraud Network

Police have successfully infiltrated and disrupted the fraud platform "LabHost", used by more than 2,000 criminals to defraud victims worldwide. A major international operation, led by the UK's Metropolitan Police, has seized control of LabHost, which has been helping cybercriminals create phishing websites since 2021 to steal sensitive information...
Blog

Supply Chain Cybersecurity – the importance of everyone

I’m always surprised – and a little disappointed – at how far we have to go before supply chain cybersecurity gets the respect and attention it deserves. I sat down this week with a new client who wanted some help addressing several internal issues surrounding their IT systems. When I asked them about their relationship with the supplier –...
Blog

SCM and NERC: What You Need to Know

Security configurations are an often ignored but essential factor in any organization’s security posture: any tool, program, or solution can be vulnerable to cyberattacks or other security incidents if the settings are not configured correctly. Staying on top of all of these security configurations can be a daunting responsibility for security or...
Blog

Casting a Cybersecurity Net to Secure Generative AI in Manufacturing

Generative AI has exploded in popularity across many industries. While this technology has many benefits, it also raises some unique cybersecurity concerns. Securing AI must be a top priority for organizations as they rush to implement these tools. The use of generative AI in manufacturing poses particular challenges. Over one-third of...
Blog

ITRC's 2023 Data Breach Report Is a Mixed Bag

In the first quarter of every year, organizations around the world release reports summing up data breach trends from the previous twelve months. And every year, these reports say broadly the same thing: data breach numbers have gone up again. This year is no different. Or is it? Compromises Up, Victims Down However, the Identity Theft Resource...
Blog

DragonForce Ransomware - What You Need To Know

What's going on? A relatively new strain of ransomware called DragonForce has making the headlines after a series of high-profile attacks. Like many other ransomware groups, DragonForce attempts to extort money from its victims in two ways - locking companies out of their computers and data through encryption, and exfiltrating data from compromised systems with the threat of releasing it to...
Blog

Life in Cybersecurity: From Nursing to Threat Analyst

As digital threats increase, we see more professionals transition into cybersecurity. Some come from previous technical roles, and some do not. However, because cybersecurity is primarily a problem-solving industry, those who switch from other high-pressure, high-performance positions are often best prepared for the job. Take Gina D’Addamio, for...
Blog

Embracing Two-Factor Authentication for Enhanced Account Protection

Let’s start the second quarter of the year with boosting our security posture by adopting two-factor authentication methods on our accounts to make them more secure. Two-factor authentication (2FA) is an identity and access management security method that requires two forms of identification to access resources and data. The first factor you provide...
Blog

VERT Threat Alert: April 2024 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s April 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1101 as soon as coverage is completed. In-The-Wild & Disclosed CVEs CVE-2024-26234 This CVE describes a Proxy Driver Spoofing Vulnerability that, thanks to Microsoft’s new CWE listings, we...
Blog

Gone Phishing 2023: Here Are the Results!

Phishing is one of the most pertinent cybersecurity dangers for organizations to be concerned about in today’s digital landscape. Threat trends come and go, but phishing is a tried-and-true method that cybercriminals can adjust and adapt to all different manners of communication and evolving technology. Fortra’s Gone Phishing Tournament (GPT) is a...
Blog

AI/ML Digital Everest: Dodging System Failure Summit Fever

Summit Fever Syndrome, a cause of many extreme altitude climbers' deaths, is due to a lack of oxygen and mission blindness, which leads to impaired judgment where climbers take needless risks, disregard safety precautions, and make deadly errors. Deploying AI/ML models is like climbing Mount Everest. Both climbers and AI projects chase their peaks...
Blog

Exploring Advanced Tripwire Enterprise Capabilities

In today's digital landscape, it is important for organizations to depend upon the tools they use for cybersecurity. Large businesses can employ many security solutions, practices, and policies that must combine to create a robust and layered security strategy. While many of these tools are important and necessary, organizations often don't use them...
Blog

Security vs. Compliance: What's the Difference?

Security and compliance – a phrase often uttered in the same breath as if they are two sides of the same coin, two members of the same team, or two great tastes that go great together. As much as I would like to see auditors, developers, and security analysts living in harmony like a delicious Reese’s cup, a recent gap analysis that I was part of...