Blog

Blog

Save the Embarrassment: The Value of Multi-Factor Authentication

These days, it’s not a matter of if your password will be breached but when. Major websites experience massive data breaches at an alarming rate. Have I Been Pwned currently has records from 705 sites comprising 12.6 billion accounts. This includes well-known names like Wattpad, Verifications.io, and Facebook. This is a 30% increase in the number of sites and a 10% increase in the number of...
Blog

What is a CMDB?

There are countless tools and technologies available to help an organization stay on top of its IT assets, and a configuration management database (CMDB) is an extremely useful one. The database keeps track of relevant information regarding various hardware and software components and the relationships between them. It allows IT teams to have an organized view of configuration items (CIs) that can...
Blog

Cyberattacks on Gaming Developers: Five Security Tips

Gaming companies collect data concerning user behavior for a variety of reasons: to inform investment and content decisions, enable game and advertisement personalization, and improve gameplay, to name a few. However, the data available provides a daunting task for those attempting to make use of it, as well as a ripe target for attackers. Effectively utilizing and protecting this data can be a...
Blog

Understanding Cybersecurity Footprinting: Techniques and Strategies

Footprinting, also known as fingerprinting, is a methodology used by penetration testers, cybersecurity professionals, and even threat actors to gather information about a target organization to identify potential vulnerabilities. Footprinting is the first step in penetration testing. It involves scanning open ports, mapping network topologies, and collecting information about hosts, their...
Blog

Fortifying IoT Devices: Unraveling the Art of Securing Embedded Systems

Interconnected, data-enabled devices are more common now than ever before. By 2027, it is predicted that there will be more than 41 billion new IoT devices . The emergence of each new device offers a fresh vulnerability point for opportunistic bad actors. In 2022, there were over 112 million cyberattacks carried out on IoT devices worldwide. Without sufficient protection, attackers can exploit...
Blog

Top 7 Technical Resource Providers for ICS Security Professionals

Attacks against industrial control systems (ICS) are on the rise. Cyberattacks are more prevalent, creative and faster than ever. So, understanding attackers’ tactics is crucial. The IBM Security X-Force Threat Intelligence Index 2023 highlights that backdoor deployments enabling remote access to ICS systems were the most common type of attacker action in 2022. The positive news is that 67% of...
Blog

Report Explores UK Companies’ Struggle to Address Growing Cybersecurity Threats

One of the most reliable constants in the cybersecurity world is that threats are always increasing as cybercriminals advance their tactics and develop new ones. It can be a daunting task for organizations to continually stay on top of these threats, protect their own data and assets, and monitor the threat landscape for changes. A recent report from UK cybersecurity consultancy group Savanti...
Blog

VERT Threat Alert: October 2023 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s October 2023 Security Updates , which includes a recently introduced release notes format. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1077 on Wednesday, October 11th. In-The-Wild & Disclosed CVEs CVE-2023-41763 While this vulnerability is labeled as a Skype for Business Elevation of Privilege Vulnerability, the...
Blog

Cybersecurity Trends to Watch in the US in the Next 5 Years

As cyber threats grow more frequent and sophisticated, the need for vigilant defense is paramount, and cybersecurity is top of mind for organizations nationwide. Understanding the threat landscape and current and future trends is crucial to designing effective security strategies to mitigate risk and keep companies, their employees, and their data safe. The following threat trends are of...
Blog

Compliance vs. Security: Striking the Right Balance in Cybersecurity

Compliance and security often go hand in hand as ideas that attempt to protect against cyber threats. While both compliance and security are designed to lower risk, they are not mutually inclusive—that is, not everything that is required for compliance will necessarily help with security, and not everything that bolsters security will necessarily put you in compliance. Both are vital to...
Blog

Decoding Data Security Posture Management - Separating Truth from Myth

Data is expanding beyond environments, applications, and geographical boundaries. It is safe to say that we are currently experiencing the era of the Big Bang of Data. It is driving economies and industries. Organizations that can leverage data to its fullest potential take the helm of their industry, leading it peerlessly. However, with the proliferation of data comes increasingly serious risks...
Blog

Revealed! The top 10 cybersecurity misconfigurations, as determined by CISA and the NSA

A joint cybersecurity advisory from the United States's National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) has shone a light on the top ten most common cybersecurity misconfigurations found in large private and public organisations. The report aims to detail the weaknesses found in many large organisations, and the need for software makers to properly...
Blog

Tripwire Patch Priority Index for September 2023

Tripwire's September 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the patch priority are patches for Microsoft Edge (Chromium-based) that resolve 5 vulnerabilities such as out of bounds memory access, type confusion, and use after free. Next on the patch priority list this month are patches for Microsoft Office, Excel, Word, and Outlook. The...
Blog

It’s Cyber Security Awareness Month V.19, and the Password Manager is Becoming Obsolete

Cyber Security Awareness Month kicked off its nineteenth anniversary this year. One would hope that after nearly two decades, this would be a time to celebrate, however, the outlook is not as bright as one would expect. There are so many aspects of cybersecurity that have been promoted to make the world a safer place, but one that stands out as the largest failure seems to be the use of password...
Blog

How MSSPs Help with Cybersecurity Compliance

While always a part of business, compliance demands have skyrocketed as the digital world gives us so many more ways to go awry. We all remember the Enron scandal that precipitated the Sarbanes-Oxley Act (SOX). Now, SOX compliance means being above board on a number of cybersecurity requirements as well. Fortra's Tripwire recently released a new guide: How Managed Services Can Help with...
Blog

What is NERC? Everything you need to know

Electric grids are part of every nation’s critical infrastructure. Every societal activity and business depends on reliable and safe electricity distribution. The US electric grid is a huge network of powerlines, distribution hubs, and renewable and non-renewable energy generators that is increasingly exposed to cyber-physical risks due to the accelerated reliance on cyber-enabled systems and IoT...
Blog

Key Takeaways from the 2023 Domain Impersonation Report

One of the most pervasive and unavoidable threats on the internet, domain impersonation can be used by bad actors as the basis for a wide range of attacks. The various ways in which cybercriminals make use of lookalike domains often fluctuate, and the first half of 2023 has exemplified this fact. Staying on top of security and not falling victim to these attacks requires knowing what the dangers...
Blog

ICS Environments and Patch Management: What to Do If You Can’t Patch

The evolution of the cyber threat landscape highlights the need for organizations to strengthen their ability to identify, analyze, and evaluate cyber risks before they evolve into security incidents. Known unpatched vulnerabilities are often exploited by criminals to penetrate Industrial Control Systems (ICS) environments and disrupt critical operations. Although the terms “patch management” and...
Blog

Fighting AI Cybercrime with AI Security

On August 10th, the Pentagon introduced " Task Force Lima ," a dedicated team working to bring Artificial Intelligence (AI) into the core of the U.S. defense system. The goal is to use AI to improve business operations, healthcare, military readiness, policy-making, and warfare. Earlier in August, the White House announced a large cash prize for individuals or groups that can create AI systems to...
Blog

ZeroFont trick makes users think that message has been scanned for threats

It's nothing new for cybercriminals to use sneaky HTML tricks in their attempt to infect computers or dupe unsuspecting recipients into clicking on phishing links. Spammers have been using a wide variety of tricks for years in an attempt to get their marketing messages past anti-spam filters and in front of human eyeballs. It's enough to make you wish that email clients didn't support HTML at all...