I logged into one of my online accounts today, and the entire interface was different. At first, I checked to make sure that I was actually on the correct site. Once I confirmed that, I just accepted that the company who runs the software made changes that would improve the performance and functionality of the software. Once I logged in, I noticed...

Business email compromise (BEC) is a dangerous type of email spoofing that targets businesses, aiming to damage them in some way. Overall, BEC “is one of the most financially damaging online crimes,” according to a joint Cybersecurity Advisory by the Federal Bureau of Investigation (FBI), the Food and Drug Administration Office of Criminal...

Is your security tool an island? Does it do its singular task with little more to offer than what it says on the package? Too many security offerings behave as singular entities, forcing you to constantly perform task switching to complete a job. If you are using a robust tool, then you may not be taking full advantage of its capabilities. Many...

Tripwire's February 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the patch priority list this month is a patch for Microsoft Defender for Endpoint that resolves a security feature bypass vulnerability. Next are patches for Microsoft Edge that resolve 15 vulnerabilities, including remote code...

Security threat actors are becoming smarter, and their attacks more devious. Staying ahead of cybercriminals and vulnerabilities is the only way to defeat the attackers at their own game. If you want to protect your organization from cyber threats, then you need to think like an attacker. Operational security, also known as OPSEC, is a discipline...

Organizations are progressively moving towards a predominantly cloud-based computing environment. What this means is that essentially all of their back-end infrastructure, systems, and client-facing applications can be accessed and distributed through the cloud. Modern cloud computing goes a step further than simply being present in a virtual...

What Is Kubernetes Observability? Kubernetes observability refers to the ability to monitor and diagnose the performance and behavior of a Kubernetes cluster and its applications. This includes monitoring resource usage, tracking the status of pods and deployments, and identifying and troubleshooting errors. Observability tools for Kubernetes...

As governments and organizations standardize and harmonize their responses to better mitigate the increasing number of cyber-attacks, so do cybercriminals. In Europe, security decision-makers and businesses face similar attack techniques as their global counterparts. While the methodologies employed are identical because they all rely on the same...

Mail filters play a huge role in protecting organizations from cyberattacks. Even though their task is quite small, they are very important for an organization’s ability to deter many malicious phishing and spam emails before delivery to a person’s inbox. According to the IBM X-Force Threat Intelligence Index, 40% of attacks in the manufacturing...

Application dependencies occur when technology components, applications, and servers depend on each other to provide a business solution or service. Developers have a specific technology stack in mind when building solutions. This can typically include operating systems, database engines, and development frameworks (such as .Net or Java), as well as...

The owner of a Russian penetration-testing company has been found guilty of being part of an elaborate scheme that netted $90 million after stealing SEC earning reports. For nearly three years, 42-year-old Vladislav Klyushin - the owner of Moscow-based cybersecurity firm M-13 - and his co-conspirators had hacked into two US-based filing agents used...

When it comes to acronyms, Technology and Cybersecurity often rival various branches of government. Technology acronyms are usually somewhat bland, amounting to little more than the arcane argot of the profession, such as SOC, SIEM, and DNS. Government, however, rarely disappoints in its inventiveness, whether it is the acronym of the Puppies...

The Compliance Landscape Only those hiding from the news, prospects, and customers can miss the data security and privacy challenges that are occurring. More businesses are relying on data analytics (garnered from data collection) for more and improved service and product offerings. More individuals want data privacy and security. More nations...

Today’s VERT Alert addresses Microsoft’s February 2023 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1042 on Wednesday, February 15th. In-The-Wild & Disclosed CVEs CVE-2023-21823 The first vulnerability in the list this week is CVE-2023-21823, a vulnerability in Windows Graphic Component...

A brute force attack is an attempt to reveal passwords and login credentials in order to gain access to network resources. These attacks are mainly done with the purpose of gaining unauthorized, and undetected access to compromise systems. Threat actors usually prefer this attack method since it is simple to carry out, and can cause significant...

Tripwire's January 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft and Adobe. First on the patch priority list this month are patches for Microsoft Visio and Microsoft Office that resolve 6 vulnerabilities, including remote code execution and information disclosure vulnerabilities. Next are patches for Adobe...

February 7th is the 20th Safer Internet Day, a day to focus on addressing ways to reduce the risks created by our now very online world. Painting the internet as an inherently dangerous place full of predators and … would be using too broad a brush. The internet is an amazing technology - an information sharing resource unrivaled in depth, breadth,...

Industrial control systems are fundamental to all industrial processes, from power generation to water treatment and manufacturing. ICS refers to the collection of devices that govern a process to ensure its safe and effective execution. These devices include Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS)...

It’s another new year and hence another occasion to predict how the cybersecurity landscape will evolve in 2023. Once again, it will be challenging, as most every year is, and could wind up being an unusually difficult 12 months because of multiple headwinds. One is that it has become clear that a huge increase in remote working is here to stay, if...

2022 saw privacy truly take hold in the U.S., while Europe buttressed its position as the global leader and other regions worked to get up-to-speed with new or amended laws. U.S. Privacy in 2022 Laws passed in 2021 and 2022 meant many U.S. companies spent the past year preparing for new privacy requirements that came into effect on January 1st in...