The past few years have been among the most challenging for most businesses. Lockdowns, staff reductions, and reduced revenues resulted in the demise of many businesses. For those who remained, the new onuses brought about by supply chain concerns and inflation present even greater reasons for maximum resilience in order to survive. With all the physical challenges of running a business, it is...

The FFIEC Cybersecurity Assessment Tool (CAT) is a diagnostic test designed to help institutions identify risks and gauge cybersecurity preparedness. The tool is primarily for financial and non-depository institutions, enabling organizations to make risk-driven security decisions informed by regular cybersecurity assessments and standardized risk measurement criteria. While it is voluntary...

It’s no secret that the U.S. power grid is one of the main foundations of the nation’s economy, infrastructure, and daily way of life. Now that almost everything is digitized, it is hinging on it even more. We wouldn’t be able to use even most vending machines (not to mention cell towers or the internet) without a working electrical supply, and the importance of keeping it safe cannot be...

The Gramm-Leach Bliley Act (GLBA or GLB Act), or financial modernization act, is a bi-partisan federal regulation passed in 1999 to modernize the financial industry. It repealed vast swathes of the Glass-Steagall Act of 1933 and the Bank Holding Act of 1956 , allowing commercial banks to offer financial services such as investments or insurance. It also controls how financial institutions deal...

Elon Musk's ascension isn't the first thing to cause waves of scams on Twitter , and it certainly won't be the last. On July 20th of 2022, data belonging to over 5 million Twitter users was put up for sale on the internet underground for $30,000. The FTC reported that we've experienced a recent "gold mine for scammers" and the April bump to a 10,000-character limit (for Twitter Blue) only makes...

The NSA has published a guide about how to mitigate against attacks involving the BlackLotus bootkit malware, amid fears that system administrators may not be adequately protected against the threat. The BlackLotus UEFI bootkit made a name for itself in October 2022, when it was seen being sold on cybercrime underground forums for $5,000. The news sent a shiver down the spines of many in the...

If you’re busy securing the perimeter, mandating strong authentication practices, and restricting software downloads, you may be missing the mark. (Just to be clear: if you are doing those things, keep it up. You’re off to a good start, and none of what follows here replaces classic and vital cybersecurity measures.) Protecting your organization from outside threats is foundational to any...

They say character isn’t gained in a crisis; it’s displayed in one. By the time the disaster hits, the time for preparation has passed. But what if you could go through that earth-shattering event beforehand so when the time came, you’d be ready? Well, in security, you can. And it's not called cheating – it's called Red Teaming . It’s done differently, it provides a different outcome, and it tests...

Zero trust is a hot topic in cybersecurity, and for a good reason. There is no one-size-fits-all solution to securing your data and networks; rather, zero trust offers a more holistic perspective comprised of many different safety measures and practices and a shift in perspective on security. As threat actors step up their efforts and business operations, and depend more and more on digital...

Digital technology is becoming an increasingly essential part of nearly every industry, and supply chains are no exception. In recent years, supply chains have become more dependent on digital solutions, from manufacturing, packing, and shipping processes, to storing records in the cloud. While digital technology increases speed, efficiency, and interconnectivity across industries, this increased...

Cybercrime has become a dominant concern for many businesses, as well as individuals. Cybercriminals will target any business, and any individual if they can realize a profit from their minimal efforts. One of the ways that criminals achieve their goals is through the use of malware that garners a fast profit, such as ransomware. More enterprising criminals will use more persistent malware, which...

The cybersecurity community is one of the best communities around. Whether it is our peers, our colleagues, or our managers, there are a number of great qualities that we all share. That’s one of the reasons that we’re so lucky to work in this industry. One of the more interesting aspects of the industry is that there are so many ways to accomplish a goal, and that doesn’t just apply to technical...

More than ten years after the hack of the now-defunct Mt. Gox cryptocurrency exchange, the US Department of Justice says it has identified and charged two men it alleges stole customers' funds and the exchange's private keys. Two Russians, 43-year-old Alexey Bilyuchenko, and Aleksandr Verner, 29, are charged with conspiring to launder 647,000 Bitcoins - in a cryptocurrency heist which would have...

If you mention data leakage to most people, they may think that it sounds like a problem for a plumber, but the phrase “data leak” has specific and troubling concerns for a business. Data leakage is a particular security threat, and there are many sources for data leaks. Data Breach Versus Data Leak Data breaches occur when an attacker from outside your organization gets into your IT ecosystem and...

What is the SEC? Founded 85 years ago at the height of the Great Depression, the Securities and Exchange Commission (SEC) has a clear mission: to protect investors, maintain fair, orderly, and efficient markets, and facilitate capital formation. Put simply, the SEC aims to protect US investors by maintaining a fair market. The SEC doesn’t work directly with investors, however. Instead, it...

If you, or your kids, are fans of Minecraft - you might be wise not to download any new mods of plugins for a while. Computer security researchers say that they have uncovered that cybercriminals have succeeded in embedding malware named "Fracturizer" within packages and plugins used to modify the behaviour and appearance of the phenomenally popular game. As Bleeping Computer reports , hackers...

Contrary to stereotype, today’s cyberattacks aren’t limited to complex tactics such as the use of zero-day exploits or polymorphic malware that flies under the radar of traditional defenses. Instead of going the extra mile to set such schemes in motion, most threat actors take a shortcut and piggyback the human factor. A combination of a would-be victim’s security awareness gap, insufficient...

It’s hard to be in the realm of technology and not hear about APIs these days. Whether it’s the launch of the ChatGPT API or news of a significant data breach at Twitter , APIs are having their time in the spotlight. Yet, despite their ubiquity, many still have questions about APIs' capabilities (and limitations). What are APIs for? What do they do? And what are they unable to do in the current...

On the surface, ransomware – malicious software designed to block access to a computer system until a sum of money is paid – appears to be off to yet another ruthless start in 2023 as one of the leading types of malware. Recent victims of public attacks in North America include industries such as health care, communication, education, and even government offices and municipalities. While this all...