Jetpack, an extremely popular WordPress plugin that provides a variety of functions including security features for around five million websites, has received a critical security update following the discovery of a bug that has lurked unnoticed since 2012. Jetpack's maintainers, Automattic, announced on Tuesday that it had worked closely with the WordPress security team to push out an automatic...

Not all Risks Become Threats Insider threats are an updated version of the wolf in sheep's clothing - the people we rely on to safeguard systems and data can sometimes be the ones who pose the greatest risk. From malicious actors to negligent employees, insider threats come in many forms and can have devastating consequences for organizations of all sizes. Who’s an Insider? An insider is “anyone...

Cybersecurity has risen to become a major concern for nearly every industry. With the constant stream of news about the escalating numbers of breaches, it is understandable that governments have taken a more active role by passing cybersecurity and privacy legislation. Some of the industries are not top of mind to many people. For example, few people are aware of all of the industries that make up...

How many internet-connected devices do you own? If you took a quick inventory around your house, you may be surprised at exactly how many there are. Have you ever wondered how they all communicate, not only with each other, but with the internet as well? This is, in part the result of technology known as IP addressing. What is an IP address? An IP (Internet Protocol) address is your computer's...

The US healthcare sector continues to be aggressively targeted by ransomware operators. Royal and BlackCat are two of the more recent – and highly sophisticated – ransomware threats. These two new flavors of ransomware pose serious potential impacts on the healthcare sector, but there are appropriate mitigation and defense strategies that organizations can take to protect against them. What is...

Bad enough for your company to be held to ransom after a cyber attack. Worse still to then have one of your own employees exploit the attack in an attempt to steal the ransom for themselves. That's the situation gene and cell therapy firm Oxford BioMedica found itself in. On 27 February 2018, the Oxford-based firm discovered that it had suffered a cyber attack after it received a ransom demand...

Polymorphic and metamorphic malware constantly changes itself in order to avoid detection and persistently remain on the system. This adaptive behavior is the main distinctive attribute of these types of malware, which is also why they are harder to detect; it is also why they pose a great threat to systems. On the surface, the functionality of this sort of changing and mutating malware appears...

This one took a bit longer to read than most of the books we review, but that’s entirely on me… everyone else finished it a while ago. This time around, we’re looking at How to Hack Like a Legend: Breaking Windows by Sparc Flow. The No Starch Press page says that the book is “packed with interesting tricks, ingenious tips, and links to useful resources to give you a fast-paced, hands-on guide to...

The Tripwire Vulnerability Exposure and Research Team (VERT) keeps its finger on the cybersecurity pulse. Check out some of the stories that stood out for us recently: Multiple Vulnerabilities in Netgear Routers Netgear RAX30 routers are subject to multiple vulnerabilities. These vulnerabilities could be chained together to achieve an authentication bypass and code execution. It is advised that...

The Artificial intelligence (AI) based language model, ChatGPT, has gained a lot of attention recently, and rightfully so. It is arguably the most widely popular technical innovation since the introduction of the now ubiquitous smart speakers in our homes that enable us to call out a question and receive an instant answer. But what is it, and why is it relevant to cyber security and data...

Gabrielle is a security engineer. She deploys tools to scan for threats and vulnerabilities, read logs, and manage the security risks for her company, but is all that data really helping? Sometimes, it seems like she works in a noise factory instead of a SOC. The cacophony of all the log and event data and vulnerability scans are pouring into the SIEM, and it’s Gabrielle’s job to listen to the...

The US Cybersecurity and Infrastructure Security Agency (CISA), FBI, and others have issued a joint alert, advising organisations of the steps they should take to mitigate the threat posed by BianLian ransomware attacks. BianLian, which has been targeting different industry sectors since June 2022, is a ransomware developer, deployer and data extortion group which has predominantly targeted...

‘A ship in port is safe, but that's not what ships are built for,’ said Dr. Grace Hopper, Rear Admiral of the US Navy and a computer pioneer. As soon as the ship leaves the harbor, or even the dock, there are risks. Depending on conditions and purposes, the ship's crew might decide they are negligible, that they can be recovered from, or that the potential rewards are worth the risk. The same...

While there are an estimated 30,000 daily cyber attacks on business websites, there are roughly ten times as many attacks against social media accounts every single day, equating to roughly 1.4 billion accounts every month. Social media attacks and scams have become pervasive problems, with threat actors finding innovative new ways to deceive users and steal their information. While social media...

2023 started much the same as the year before, with state legislatures producing an impressive list of privacy-related bills in the U.S. Twenty-three states introduced comprehensive privacy legislation, with many more targeted privacy bills being considered as well. Iowa's governor signed the sixth comprehensive privacy law to close out the quarter. Internationally, things started rather slowly —...

A Social engineering attack is the process of exploiting weaknesses in human psychology to manipulate and persuade others to perform in a way that is harmful. Prior to the digital age, criminals would carry out these attacks in person, in what was known as a confidence game. The perpetrators were referred to a “con men”, regardless of their gender. In the cybersecurity realm, these attacks are...

What is Akira? Akira is a new family of ransomware, first used in cybercrime attacks in March 2023. Akira? Haven't we heard of that before? Maybe you're thinking of the cyberpunk Manga comic books and movie that came out in the 1980s. Or perhaps you're thinking of an unrelated ransomware of the same name which emerged in 2017. Maybe that's it. So what's the scoop with the new Akira ransomware...

Data breaches and cyberattacks have become worryingly commonplace in today’s digital world, and cybersecurity and cyber resilience are now crucial for every organization, small and large. These two strategies work together to protect data at different stages of a cyberattack. Ideally, organizations should rely on both to achieve maximum cyber protection. Cybersecurity refers to the measures taken...

This piece was originally published on Fortra’s AlertLogic.com Blog. Thinking about your own network isn’t enough to keep your business safe and profitable. As more buyers, sellers, and partners collaborate ever more closely across the world, supply chain IT risks are rising with no slowdown in sight. According to the Identity Theft Resource Center, supply chain attacks surpassed malware incidents...

The Open Systems Interconnection (OSI) model is a conceptual framework developed by the International Standards Organization (ISO). It has been in use for over 40 years, and is cited in every computer network book. It is also a favorite resource for just about every cybersecurity exam. The OSI model is represented in seven layers that help us understand how communications between computer systems...