SEXi? Seriously? What are you talking about this time?Don't worry, I'm not trying to conjure images in your mind of Rod Stewart in his iconic leopard print trousers. Instead, I want to warn you about a cybercrime group that has gained notoriety for attacking VMware ESXi servers since February 2024.Excuse me for not knowing, but what is VMWare EXSi?EXSi is a hypervisor - allowing businesses who...

Artificial intelligence (AI) has emerged as a promising solution to modernize power grids. The technology, alongside other upgrades like Internet of Things (IoT) connectivity, could make energy infrastructure more reliable and sustainable. However, AI power grids also pose significant cybersecurity risks.Attacks against critical infrastructure are becoming more common. As energy authorities ramp...

In our technologically advanced era, where cyber threats and data breaches are constantly evolving, it's crucial for companies to focus on Security Configuration Management (SCM) to protect their resources and information. Whether dealing with infrastructure, cloud services, industrial installations, or outsourced solutions, each environment presents unique security challenges that require...

As our interactions with the digital world grow, connections will be established within seconds, leading to more online attacks. One type of attack we may be exposed to is known as a Man-in-the-Middle (MitM) — a technique cyber attackers use to take over our online communications.The best way to stay safe online is with a better understanding of the problems caused by these digital attacks and...

In recent years, cloud technology has become integral to business operations. Compared to on-premises infrastructure, it allows for improved scalability and flexibility, cost savings, collaboration, security, and data loss prevention. The cloud computing market is set to reach $679 billion in value in 2024.But what are the trends currently defining the cloud computing market? According to Donnie...

What's happened?A new strain of the HardBit ransomware has emerged in the wild. It contains a protection mechanism in an attempt to prevent analysis from security researchers.HardBit? I think I've heard of that before.Quite possibly. HardBit first emerged in late 2022, and quickly made a name for itself as it attempted to extort ransom payments from corporations whose data it had encrypted.That...

A career in cybersecurity can be rewarding, challenging, and, frankly, lucrative. But it's not the easiest industry to break into: the skills required for a cybersecurity role are both niche and specific, the bar for entry is relatively high, and there are very few entry-level jobs available. But don't be disheartened. The cybersecurity industry is crying out for fresh talent. With hard work, a...

With Artificial Intelligence (AI) becoming more pervasive within different industries, its transformational power arrives with considerable security threats. AI is moving faster than policy, whereas the lightning-quick deployment of AI technologies has outpaced the creation of broad regulatory frameworks, raising questions about data privacy, ethical implications, and cybersecurity. This gap is...

Companies often go for high-end cybersecurity solutions because dealing with complex problems looks impressive. The appeal of fancy tech and advanced security challenges gives them a sense of achievement and a chance to show off their skills - and says they're serious about staying ahead of cyber crooks.However, this isn't always the best strategy. Many significant risks arise from simple...

Pig butchering scams came onto the scene a few years ago and have been gaining momentum ever since. A unique take on an old classic, pig butchering is a typical investment scam with a romantic or relationship-based twist. The large sums of "invested" money are typically funneled into fake crypto apps where they are promptly lost. Those who have fallen victim to pig butchering scams have taken out...

It seems like such a short time ago that the Security Standards Council released the newest version of the Payment Card Industry Data Security Standard (PCI DSS). It has been a full year, and version 4.0 is now in effect. Industries that adhere to the Standard were given the year to implement the new changes. The Standard includes limited exceptions for specific requirements, classifying them as...

What's RansomHub?Despite first appearing earlier this year, RansomHub is already considered one of the most prolific ransomware groups in existence.It operates a ransomware-as-a-service (RaaS) operation, meaning that a central core of the group creates and maintains the ransomware code and infrastructure, and rents it out to other cybercriminals who act as affiliates.How has RansomHub become such...

"Sextortion" scams represent some of cybercriminals' most brazen attempts to extract money from unwitting victims. These extortion techniques rely on fear and shame to get targets to pay up. Similar to individualized ransomware attacks, if the party refuses to pay the demand, public exposure will follow.As these attacks target individuals rather than companies, it is important for all employees to...

The Defense Information Systems Agency (DISA) is a Department of Defense (DoD) service provider that supplies a global information-sharing architecture for all DoD members "from the President on down." Their cybersecurity measures are among the best in the world. As Amy Probst, Lead Customer Management Specialist at DISA, explains, DISA’s Cybersecurity Service Provider (CSSP) program "monitors...

The IT and OT systems that support not only federal governmental agencies but also national critical infrastructure must be protected, but developing a security strategy effective against threats is no easy feat. It can be difficult to cover all of the necessary areas, given that these systems are “complex and dynamic, technologically diverse, and often geographically dispersed,” according to a...

Each day, it seems that we hear of another healthcare organization being compromised by a cyber attack. It is clear that the healthcare industry is the new favorite target amongst cybercriminals. Fortunately, vigorous efforts are available to combat these threats. We recently spoke to Errol Weiss, Chief Security Officer at Health-ISAC. Errol spearheads the information sharing and analysis center,...

What's happening?Security researchers have warned that a new ransomware group has taken an unusual twist on the traditional method of extorting money from its corporate victims.So what's different this time?Whereas many ransomware attacks see a company's company's data exfiltrated by attackers, and the threat made that stolen data will be sold to other cybercriminals or released to the public, the...

In Part 1, the existing global regulations around IoT were introduced. In this part, the challenge of complying with these rules is examined.The IoT Security ChallengeSecuring the Internet of Things (IoT) presents complex challenges that stem primarily from the scale, heterogeneity, and distributed nature of IoT networks:Inconsistent security standards: One of the most pressing issues is the...

Contrary to what one might expect, creating a File Integrity Monitoring (FIM) system is pretty easy. Practically anyone with a modicum of Python, Perl, or development skills can write an app or script to gather a file's checksum, compare it to a list or baseline, and tell you whether or not said file has changed.But creating a good FIM solution is hard. Many inadequate checkbox File Integrity...

Containerization has revolutionized application development, deployment, and management – and for good reason. The ability to automatically wrap an application and its dependencies into a single, easily deployable package helps developers focus on what they do best: writing code. Widely recognized as the go-to method to boost productivity and simplify the process, containerization keeps gaining...