Non-compliance in cybersecurity marks a grave oversight. It involves neglecting established security protocols, leaving organizations vulnerable to malicious actors. Read on as we examine the potential risks of non-compliance, including heightened susceptibility to cyberattacks, the specter of data breaches, and the erosion of a company's hard-earned reputation. Risks of Non-Compliance Non...

What's happened? CISA, the United States's Cybersecurity and Infrastructure Security Agency, has ordered federal agencies to patch their iPhones against vulnerabilities that can be used as part of a zero-click attack to install spyware from the notorious NSO Group. A "zero-click attack"? That's an attack that doesn't require any interaction from the user. Often times a malicious hacker requires a...

Fileless malware, true to its name, is malicious code that uses existing legitimate programs in a system for compromise. It operates directly in the Random Access Memory (RAM) without requiring any executable files in the hard drive. Differing from conventional malware, fileless attacks are stealthier in nature, falling under the category of low-observable characteristics (LOC) attacks. Since...

The term Internet of Things (IoT) describes a network of technologies and services where various devices are interconnected and exchange data. These devices can be anything from wearable fitness trackers, smart televisions, and wireless infusion pumps to cars and many others. These internet-connected devices gather, process, and transmit a vast amount of data, including personal information...

Cyber threats are growing more sophisticated, covert, and frequent every day. This year alone has seen the likes of T-Mobile and PharMerica suffering serious security breaches. These incidents disrupted operations and threatened their bottom lines, not to mention the lingering aftereffects and negative brand perception in the eyes of their customers. Taking the recent Optus data security breach as...

Today’s VERT Alert addresses Microsoft’s September 2023 Security Updates , which includes a recently introduced release notes format. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1073 on Wednesday, September 13th. In-The-Wild & Disclosed CVEs CVE-2023-36761 Microsoft has indicated that a vulnerability impacting Microsoft Word, including the preview pane...

As the realm of technology continues to evolve, the significance of cloud computing has grown exponentially. This paradigm shift offers unparalleled scalability, efficiency, and cost-effectiveness benefits. However, with these advantages come a host of security challenges that need careful consideration. This article delves into the vital realm of cloud security, exploring the multifaceted...

Before the revolution of Information Technology (IT), the world experienced the revolution of Operational Technology (OT). Operational Technology is the combination of hardware and software that controls and operates the physical mechanisms of industry. OT systems play an important role in the water, manufacturing, power, and distribution systems that transformed the industry into the modern age...

It's easy to rest on our laurels. Prevent a few breaches – or go long enough without one – and you start to feel invincible. While our efforts are certainly laudable, we can't get too comfortable. As defenders, we always need to be on the hunt for what we've missed and ways to do better. Here are ten common cybersecurity mistakes that crop up (and how to avoid them): Failing to get executive suppo...

Tripwire's August 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the patch priority list this month are patches for Microsoft Office, Excel, Visio, Teams, and Outlook. The patches resolve 10 issues including remote code execution, information disclosure, security feature bypass, and spoofing vulnerabilities. Up next is a patch for Windows Defender...

A Texas court has heard how last month a gang of men used a Raspberry Pi device to steal thousands of dollars from ATMs. According to local media reports , three men were arrested in Lubbock, Texas, after attempting to steal "large sums of US currency" from ATMs. The men - 38-year-old Abel Valdes, 41-year-old Yordanesz Sanchez, and 33-year-old Carlos Jordano Herrera-Ruiz - were arrested on August...

The basic parameters that control how hardware, software, and even entire networks operate are configurations, whether they take the form of a single configuration file or a collection of connected configurations. For instance, the default properties a firewall uses to control traffic to and from a company's network, such as block lists, port forwarding, virtual LANs, and VPN information, are...

2023 Cost of a Data Breach: Key Takeaways It’s that time of year - IBM has released its “ Cost of a Data Breach Report .” This year’s report is jam-packed with some new research and findings that highlight how organizations are implementing security and risk mitigation techniques to help identify and contain data breaches. Key Takeaways The average total cost of a data breach has reached an all...

In a digital-first world, safeguarding sensitive data and ensuring compliance with industry regulations are paramount. Enter "Continuous Compliance" – a dynamic approach reshaping the cybersecurity paradigm . As a key part of an effective compliance strategy, continuous compliance is pivotal in fortifying security measures. This modern strategy empowers organizations to stay one step ahead of...

In the ever-evolving cybersecurity landscape, businesses face an exhaustive battle to safeguard their valuable data while complying with industry regulations. To address these challenges, innovative solutions have emerged to enhance network security. Network visibility remains a crucial focus. The profound impact of heightened visibility cannot be ignored, as it plays a crucial role in fortifying...

The Network and Information Security 2 ( NIS2 ) Directive is the European Union's (EU) second attempt at an all-encompassing cybersecurity directive. The EU introduced the legislation to update the much-misinterpreted Network and Information Security (NIS) Directive (2016) and improve the cybersecurity of all member states. It signed NIS2 into law in January 2023, expecting all relevant...

In an era of escalating financial crimes, the spotlight shines brightly on the rising concerns in the realm of cybersecurity. According to a recent survey , a staggering 68% of UK risk experts anticipate a surge in financial crime risks over the next year. These apprehensions echo globally, with 69% of executives and risk professionals worldwide foreseeing an upswing in financial crime risks...

The United States stands at a pivotal juncture for true digital and cyber security, with unlimited potential. The 2023 U.S. National Cybersecurity Strategy presents a fresh perspective on safeguarding digital territory—a perspective rooted in collaboration, innovation, and accountability. This moment poses a critical consideration of whether to invest in a future where collaboration is the norm...

Serverless architecture has increased in recent years, and is anticipated to grow by nearly 25% over the next decade, According to one source , the serverless architecture market was worth over $9 billion in 2022, with its compound annual growth rate projected to increase. The market could be worth over $90 billion by 2032. This indicates the immense amount of potential that this industry carries...

In cybersecurity, knowledge is everything. From APT intelligence to zero-day vulnerabilities, relevant and timely information can be the difference between a thwarted attack and a total disaster. With Business Email Compromise (BEC) attacks at their zenith, there has never been a better time for a comprehensive BEC report. As such, Fortra has released its 2023 BEC Trends, Targets, and Changes in...