How big is Ransomware? The San Francisco 49ers, confirmed a ransomware attack, Cisco was attacked by the Yanluowang ransomware gang, and Entrust was attacked by Lockbit. And that’s just a handful of ransomware accounts noted in 2022. On the surface, ransomware is relatively easy for any criminal to perpetrate, however, those who develop this...

The cybersecurity landscape is continuously evolving. It has led businesses to question how they are protecting themselves and their consumers from data breaches. Since 2014, the Department for Digital, Culture, Media and Sport (DCMS) has commissioned the Cybersecurity Breaches Survey of the UK to understand what protections are in place, and where...

When did you last have a light-bulb moment? For me, it was very recent. I was working with a client, supporting them in their latest Payment Card Industry Data Security Standard (PCI DSS) annual compliance assessment, and, in discussion with the Qualified Security Assessor (QSA), I had a sudden urge to challenge something we’ve all, always, believed to...

From its inception, the automotive industry has been shaped by innovation and disruption. In recent years, these transformations have taken shape in rapid digitization, ever-growing Electric Vehicle (EV) infrastructure, and advanced connectivity. These shifts have redirected the automotive industry, meeting and surpassing customer expectations for what...

Security researchers have released a new decryption tool that should come to the rescue of some victims of a modified version of the Conti ransomware, helping them to recover their encrypted data for free. Conti was one of the most notorious ransomware groups, responsible for hundreds of attacks against organisations, which netted criminals over $150...

Legacy gas and coal plants are being aged out – and no one wants to pay enough to keep them going. With increased pressure from green energy laws and added competition from renewable sources, these monsters of Old Power are being shown the door. Considering they've predated and precipitated all Industrial Revolutions (except for this last one – that was...

The world of security advisories is disjointed, with disparate systems holding critical documentation in various formats. To make matters more challenging, despite living in a digital-first era, most of these documents are not legible for machines and must be parsed, reviewed, or referenced by humans. As system administrators contend with a rapidly...

A Rootkit is a malicious program composed of malware that is created to provide prolonged root-level or privileged-level access to a computer. It remains hidden in the computer system while maintaining control of the system remotely. Rootkits have the ability to steal data, eavesdrop, change system configurations, create permanent backdoors, deactivate...

Today’s VERT Alert addresses Microsoft’s March 2023 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1046 on Wednesday, March 15th. In-The-Wild & Disclosed CVEs CVE-2023-24880 Up first this month is a publicly disclosed and exploited vulnerability impacting Windows SmartScreen. SmartScreen...

If you were to poll the folks in a typical office about which aspect of the infamous CIA Triad was most important to them, you would likely get different answers from different people. While confidentiality, integrity, and availability are all important and serve to function together, for the sake of fun, what if you had to choose one factor as the most...

If you blinked, you might have missed it… On October 25th 2022, the new standard for the Information Security Management System,  ISO27001 was released. Without fuss, and without fanfare. But, to quote a famous movie, “There was a great disturbance in the force.” ISO27001 is possibly one of the world's best-known standards for Information Security...

The number of direct physical attacks on U.S. power grids soared 77 percent last year to 163, a record-high, according to the US Energy Department. Reliable electricity is essential to the convenience of modern life, and also functions as a crucial contribution to America’s economy and level of comfort. Yet citizens take it for granted, rarely thinking...

The US Transportation Security Administration (TSA) has issued new requirements for airport and aircraft operators who, they say, are facing a "persistent cybersecurity threat." The agency's new directive compels the aviation industry to improve their defences against malicious hackers and cybercriminals, just days after Preisdent Biden announced its...

APIs will continue to drive business and accelerate digital transformation this year to the extent that nearly no other technology can; according to the 19th Developer Economics survey by Slashdata, almost 90% of all developers use APIs. This makes them a target for attackers who aren’t afraid to engage in any tactic, especially tried-and-true methods...

I logged into one of my online accounts today, and the entire interface was different. At first, I checked to make sure that I was actually on the correct site. Once I confirmed that, I just accepted that the company who runs the software made changes that would improve the performance and functionality of the software. Once I logged in, I noticed that...

Business email compromise (BEC) is a dangerous type of email spoofing that targets businesses, aiming to damage them in some way. Overall, BEC “is one of the most financially damaging online crimes,” according to a joint Cybersecurity Advisory by the Federal Bureau of Investigation (FBI), the Food and Drug Administration Office of Criminal...

Is your security tool an island? Does it do its singular task with little more to offer than what it says on the package? Too many security offerings behave as singular entities, forcing you to constantly perform task switching to complete a job. If you are using a robust tool, then you may not be taking full advantage of its capabilities. Many...

Malware as a Service is the unlawful lease of software and hardware from the Dark Web to carry out cyber attacks. The threat actors who use this service are provided with botnet services and technical support by the MaaS owners. This service opens doors to anyone with minimal computer skills to use and distribute pre-made malware. The data that is...

Tripwire's February 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the patch priority list this month is a patch for Microsoft Defender for Endpoint that resolves a security feature bypass vulnerability. Next are patches for Microsoft Edge that resolve 15 vulnerabilities, including remote code execution...

Willie Sutton, the criminal who became legendary for stealing from banks during a forty year career, was once asked, "Why do you keep robbing banks?" His answer? "Because that's where the money is." However, today there's a better target for robbers today than banks, which are typically well-defended against theft... Cryptocurrency wallets. Trezor,...