During my time as a cybersecurity admin, I had the authority to decide what was going to be done, but I didn’t have the access to configure or install my own software. To make matters worse, despite having authority over the implementation, I was also held accountable for failures but again, without the necessary access to fix issues. This created a...

Tripwire's October 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft and Adobe. First on the patch priority list this month are patches for Chromium and Microsoft Edge based on Chromium. These patches resolve over 10 issues such as user-after-free, insufficient policy enforcement, and out-of-bounds write...

Digital payment systems are quickly becoming the norm. The speed and convenience of apps like PayPal and Apple Pay have led businesses and consumers to move away from cash, but this efficiency comes at a cost. These digital platforms are also attractive to cybercriminals. Mitigating any vulnerability starts with understanding how threat actors...

Identity governance, also known as access governance, is an integral part of any enterprise data protection and compliance framework. Seamless and timely access to required systems or resources can significantly increase employees’ productivity and performance. However, excessive privileges or unmonitored user access can often lead to internal and...

Zero trust is a security approach which replaces the traditional network edge. Since network resources can be anywhere – on-premises, in the cloud, or a hybrid of both – zero trust is built towards an identity-centric approach. This places people and resources at the heart of the security architecture. What is a zero-trust model? The most...

UK police are texting 70,000 people who they believe have fallen victim to a worldwide scam that saw fraudsters steal at least £50 million from bank accounts. 200,000 people in the UK, including the elderly and disabled, are thought to have been targeted by conmen who masqueraded as highstreet banks. Scammers paid a subscription to a service...

In the business world, compliance means making sure that companies of all sizes are meeting the standards set by regulatory or oversight groups in various laws and standards, such as HIPAA, PCI DSS, SOX, and GDPR. Sometimes, an organization will self-impose its compliance by adhering to guidance and frameworks from organizations such as NIST, ISACA,...

It would be nice to imagine that when cyber criminals look for their next target, they ignore the small- and medium-sized businesses (SMBs) that simply can’t afford an attack. Unfortunately, that’s not the case. In fact, 43% of cyber attacks are directed at SMBs. Today, a massive 80% of North American SMBs are at risk of a cyber attack. This is...

Tripwire's September 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the patch priority list this month are patches for Chromium and Microsoft Edge based on Chromium. These patches resolve over 20 issues such as user-after-free, insufficient policy enforcement, out-of-bounds write, and heap buffer...

If the eyes are the window to the soul, then the Application Programming Interface (API) is the window to the software.After all, an API is a way for products to communicate with each other through a documented interface, just as the eye is a human interface, communicating with the outside world (but it’s not as well-documented as to meanings). APIs...

Being in a more connected environment benefits all of us, from those using social media to stay in touch with far-away relatives, to businesses enjoying the rewards of remote working. But, while connectivity is great and offers many positives, it also creates vulnerabilities.Companies that handle sensitive data may find themselves the target and...

Do you know what “fangxiao” means in simplified Chinese? Before you Google it, let me tell you that it stands for “imitate” and this is exactly what Fangxiao phishing campaign actors try to do – imitate and exploit the reputation of international, trusted brands by promising financial or physical incentives to trick victims into further spreading...

In response to increasing societal concerns about the way businesses store, process, and protect the sensitive data they collect from their customers, governments and standardization organizations have enacted a patchwork of regulations and laws. Some of these are generic regulations (CCPA, GDPR), while others are industry specific (SOX, NERC, HIPAA...

Artificial Intelligence (AI) is a trending topic for many industries now. A variety of organizations currently employ AI mechanisms to support their operational functions. Automated tasks, natural language processing, deep learning, and problem-solving; such AI characteristics have made business tasks much easier. The factor of security in AI is...

Today’s VERT Alert addresses Microsoft’s November 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1029 on Wednesday, November 9th. In-The-Wild & Disclosed CVEs CVE-2022-41091 This vulnerability allows a malicious individual to bypass Mark of the Web. Mark of the Web is what is used to...

As the healthcare industry becomes more digitally inclined, there’s a need for systems to be put in place to avoid breaches in the security of data records. Most healthcare organizations are already embracing the DevOps (Development and Operations) model, but unfortunately, security seems to be neglected, resulting in data breaches and numerous cyber...

The third quarter saw some major developments across the privacy space. In the U.S., we saw a federal bill for comprehensive privacy achieve more than ever before, children’s privacy proved to remain a top concern, and the Federal Trade Commission formally began its heavily criticized “Magnuson-Moss rulemaking” process. Not to be outdone, the...

Compliance is an essential aspect of every organization, and in business terms, it entails ensuring that organizations of all sizes, and their personnel, comply with national and international regulations, such as GDPR, HIPAA, and SOX. When guaranteeing compliance, many firms frequently overlook security. Gary Hibberd states that compliance...

If you’re not aware already, then be prepared for change, because a new version of ISO27001 was published in October 2022! It’s all very exciting! The last change to the standard was in 2017. The changes made back then were fundamentally cosmetic, with a few minor tweaks to wording. The changes barely caused a ripple and, even today, organisations...

If you were to take a look at the cybersecurity news cycle, you’d be forgiven for thinking that it’s only large enterprises with expansive customer bases and budgets that are the most vulnerable to attacks. But that’s not entirely true. Even if it’s at a much smaller scale, small- and medium-sized businesses (SMBs) still have stores of sensitive...