The release of ChatGPT last November transformed public awareness, perception, and discourse about Artificial Intelligence (AI). Prior to the release, AI has long existed in now familiar technologies, devices, and processes. Perhaps one of the most common uses of AI is the Google search engine. Search engines rely on AI to scan the internet to...

Penetration testing is a vital part of cybersecurity strategy development, evaluating the strength of an organization’s infrastructure. To prevent attackers from exploiting security flaws in your software or networks, you want to discover them as soon as possible. Penetration testing is becoming increasingly common because it anticipates attacks...

It’s old news, but data is – and will remain for the foreseeable future – king. It has to be dealt with and handled responsibly, assigned to the right boxes, and stored properly. Why? Because everyone wants it, and there are increased efforts to obtain it by ever-more sophisticated and subtle bad actors. You wouldn’t put a piece of junk mail in a...

The massive increase in cyberattacks and the rapid evolution of advanced criminal techniques requires every single business in any sector to take protective measures to strengthen its cyber perimeter and minimize risk. To deal with this peril, businesses must incorporate security measures and comply with security standards and regulations to improve...

Mobile device use is pervasive, and has eclipsed traditional computing. We often hear how various malicious mobile apps are released into circulation. For these reasons, mobile app development needs to focus on cybersecurity just as much as it does on functionality and flexibility, if not more so. It’s an inevitable aspect of app development that...

Today’s VERT Alert addresses Microsoft’s January 2023 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1037 on Wednesday, January 11th. In-The-Wild & Disclosed CVEs CVE-2023-21549 A vulnerability in the SMB Witness Service was reported by two Akamai researchers, Stiv Kupchik and Ophir...

CISOs – the senior level executives responsible for developing and implementing cybersecurity programs for corporations and other organizations – are not happy campers these days. And it’s not just because they are chronically understaffed and under constant pressure. As it turns out, Chief Information Security Officers (CISOs) often don’t see eye...

In the language of technology, a sandbox is a safe testing environment that is isolated from the rest of your network or system. Developers use sandboxes to test their code before deployment. In cybersecurity, suspicious and potentially unsafe programs, software, and attachments are executed in sandboxes to detect malware and to avoid any harm...

The popularity of electric vehicles is partly a response to the desire of achieving sustainability and carbon footprint reduction. Automobile manufacturers are making substantial investments to tackle emissions issues, create environment-friendly vehicles, and align with Environmental, Social, and Governance (ESG) requirements. To achieve brand edge...

Tripwire's November 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the patch priority list this month are patches for Microsoft Office, Word, and Excel that resolve 8 vulnerabilities, including remote code execution, information disclosure, and security feature bypass vulnerabilities. Up next are...

The National Cyber Security Centre (NCSC) is the UK’s technical authority for cybersecurity. Established in 2016, it has worked to improve online safety and security, and has brought clarity and insight to an increasingly complex online world. In its 6th annual review, it gives insights to its understanding of the cyber environment affecting the UK....

The National Cyber Security Centre (NCSC) recently published important cybersecurity guidance to help protect retailers, which comes right as the holiday shopping season is in full swing. Retail organizations are no strangers to cyber attacks. In fact, some recent large-scale retail industry cyber attacks have included popular brands such as Guess,...

The holiday season has arrived, and cyberattacks are expected to increase with the upcoming celebratory events. According to The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) 2022 Holiday Season Threat Trends and summary report, ransomware and phishing attacks are expected to increase in retail. With the FIFA World Cup 2022,...

Network security is a significant topic that all organizations should consider as a major concern. Regardless of the industry, business, or scope of their operations, all enterprises need to have good network security practices in place to protect against cyberattacks. There are a plethora of different security solutions for different needs, and...

Today’s VERT Alert addresses Microsoft’s December 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1034 on Wednesday, December 14th. In-The-Wild & Disclosed CVEs CVE-2022-44698 This vulnerability allows a malicious individual to bypass SmartScreen, which does a reputation check based...

Businesses come in many different sizes, yet, they all share one similarity; the growing need for cybersecurity in today’s ever-changing technology landscape. While large companies with robust security infrastructure and experience may ward off many aspiring cybercriminals, small to medium-sized businesses (SMBs) prove to be ideal targets. Lacking...

During my time as a cybersecurity admin, I had the authority to decide what was going to be done, but I didn’t have the access to configure or install my own software. To make matters worse, despite having authority over the implementation, I was also held accountable for failures but again, without the necessary access to fix issues. This created a...

Tripwire's October 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft and Adobe. First on the patch priority list this month are patches for Chromium and Microsoft Edge based on Chromium. These patches resolve over 10 issues such as user-after-free, insufficient policy enforcement, and out-of-bounds write...

Digital payment systems are quickly becoming the norm. The speed and convenience of apps like PayPal and Apple Pay have led businesses and consumers to move away from cash, but this efficiency comes at a cost. These digital platforms are also attractive to cybercriminals. Mitigating any vulnerability starts with understanding how threat actors...

Identity governance, also known as access governance, is an integral part of any enterprise data protection and compliance framework. Seamless and timely access to required systems or resources can significantly increase employees’ productivity and performance. However, excessive privileges or unmonitored user access can often lead to internal and...