To most people, the process of logging into a Microsoft Windows machine is a simple process of entering a username and a password. However, for a cybersecurity professional, the process is a carefully orchestrated mechanism. Unfortunately, throughout the history of the various Windows operating system versions, criminals have also sought ways to disrupt this process in order to breach a network. The primary target of these attacks is the Security Account Manager (SAM).
In the digital-first era, the internet is not simply a luxury; it's a fundamental part of our daily lives. From business growth to personal connections, its impact is profound. However, this interconnectedness comes with a price: the rise of cybercrime. Exploring the 2023 Global Cybercrime Report, we uncover which countries face the highest risk and how this pervasive issue affects us all, no matter where we connect from.
Like every other industry, the healthcare sector is barely recognizable when compared to its state 20 years ago. It, too, has been transfigured by technology. While this has brought many impactful benefits, it has also introduced at least one major challenge: keeping sensitive patient information private.
Did you know the New-Age Therapeutic sector is unregulated? If that surprises you, then you’re not alone. I was a little surprised, too. Yes, there are various professional bodies a practitioner can join, and there are courses they can attend, but they aren’t forced to.
Individual users are often referred to as the weakest link in cybersecurity, as human error is a major contributor to security incidents of all kinds. However, employees can also be a significant asset when adequately trained in cybersecurity hygiene and best practices.
A WordPress plugin used on over 300,000 websites has been found to contain vulnerabilities that could allow hackers to seize control. Security researchers at Wordfence found two critical flaws in the POST SMTP Mailer plugin. The first flaw made it possible for attackers to reset the plugin's authentication API key and view sensitive logs (including password reset emails) on the affected website. A malicious hacker exploiting the flaw could access the key after triggering a password reset.
At Tripwire's recent Energy and NERC Compliance Working Group, we had the opportunity to speak with the Manager of Gas Measurement, Controls, & Cybersecurity at a large energy company. More specifically, we focused on SCADA and field assets of gas Operational Technology. The experience at the management level of such an organization provided a wealth of knowledge for the attendees.
Cloud providers are becoming a core part of IT infrastructure. Amazon Web Services (AWS), the world's biggest cloud provider, is used by millions of organizations worldwide and is commonly used to run sensitive and mission-critical workloads. This makes it critical for IT and security professionals to understand the basics of AWS security and take measures to protect their data and workloads.
Back in 1992, when I was more concerned about my acne breakouts and being selected for the Junior cricket team, a freshman at Purdue University was studying the impact of the 1988 Morris Worm event and how it brought about unwarranted changes on Unix systems as it propagated across the network, resulting in the first Denial of Service (DoS) attack.
The shifting sands of IT make the adage "you never know it all" ever more true as time goes by. I recall days when it felt like you could click through every major directory of Yahoo and know a little something about everything. I was a young man with a voracious reading appetite and an active imagination – both of which were thoroughly outpaced by the growth of the internet and my own developing maturity.
The payment industry is bracing for the transition to Payment Card Industry Data Security Standard (PCI DSS) 4.0, heralding significant changes in cybersecurity practices. As we approach the implementation of this revised standard, a critical focal point emerges: the role and new mandate of web application firewalls (WAFs) in ensuring compliance.
An attack surface is the total number of channels, pathways, or areas that threat actors can utilize to gain unauthorized access to networks. The result is that they can obtain private information or carry out a cyber-attack. An attack surface comprises the organizational assets a threat actor can exploit to gain unauthorized access. Attack surfaces include systems that are directly involved in mission-critical operations, as well as those that provide peripheral services or access to important data.
Anyone can get scammed. If you think you're somehow immune to being scammed, then, in my opinion, you're a prime target for being scammed. No one is too big, too clever, too security-savvy to avoid being duped because it's only human to make a mistake and screw up. And that certainly seems to be the case with Bill Lou.
At the turn of the millennium, few people were worried about cybercrime. The Good Friday Agreement had just come into effect, the US expelled a Russian diplomat for spying, and the threat of the Y2K bug loomed. ILOVEYOU, the computer worm that catapulted cybercrime into the public consciousness, was still five months away. Today, things couldn't be more different.
Continuous Integration and Continuous Delivery (CI/CD) security has become crucial to modern software development practices. As the speed of software development increases with DevOps and Agile methodologies, there is a growing need to ensure the integrity of software across the entire development pipeline.
In the dynamic realm of cybersecurity, the future of Zero Trust unfolds with promises and challenges. In the second part of the Zero Trust series, we explore the insights from industry experts, contemplate the intersection of trust and security, and chart a course for the evolving landscape of digital defense.