Computer security regulations have come a long way from their early beginnings. Even before the Federal Information Security Management Act (FISMA), there was the Computer Security Act of 1987 (CSA). The Computer Security Act was enacted by the 100th United States Congress in response to a lack of computer security protection measures, and a strong need for internal computer security governance for U.S. Federal agencies. Although the U.S.

The outbreak of COVID-19 has led many businesses to transition a large number of employees to remote work. The shift could end up becoming a long-term trend; it’s expected to continue after the pandemic ends. Therefore, it is more important than ever to develop strategies for managing and responding to risks within your organization. Internal risk management procedures will need to adapt to the issue of insider threats, a challenge which is compounded by remote work.

If high-tech gadgets are on your holiday shopping list, it is worth taking a moment to think about the particular risks they may bring. Under the wrong circumstances, even an innocuous gift may introduce unexpected vulnerabilities. In this blog series, VERT will be looking at some of the Internet’s best-selling holiday gifts with an eye toward their possible security implications.

According to last year’s Gartner forecast, public cloud services are anticipated to grow to $USD 266.4 billion by the end of this year, up from $USD 227.8 billion just a year ago. Clearly, cloud computing is making its way to cloud nine, (See what I did there?) leveraging the sweet fruits of being in the spotlight for a decade. However, the threats to public cloud security are growing at the same rate.

Imagine that you are in an elevator in a high rise building when suddenly the elevator starts to plummet with no apparent stopping mechanism other than the concrete foundation below. While this may sound like something from a Hollywood movie, consider the idea that a securely tethered, fully functional elevator is as vulnerable as it is smart.

The notion that the time we are living in now is “unprecedented” is a common one, but historians and philosophers alike will happily note that things are rarely so different that we can’t learn a lot from the past. Despite IT often being dominated by forward-thinking individuals developing novel and innovative new designs, a lot of the problems and potential solutions for IT security are ones that have stood the test of time.

Malicious actors are targeting Apple. Although Apple introduced a notarization mechanism to scan and prevent malicious code from running on Apple devices, attackers have found ways to circumvent this process. Such Apple-notarized malware constitutes a threat to macOS users. Let us start by exploring what Apple notarization is. We will then discuss some recent examples of Apple-notarized malware and some prevention techniques.

So, you’re a ransomware gang and you want to ensure that you have caught the attention of your latest corporate victim. You could simply drop your ransom note onto the desktop of infected computers, informing the firm that their files have been encrypted. Too dull? You could lock infected PCs and display a ghoulish skull on a bright red background (most ransomware seems to insist upon using a shade of red.

The use of publicly accessible MQTT brokers is prevalent across numerous verticals and technology fields. I was able to identify systems related to energy production, hospitality, finance, healthcare, pharmaceutical manufacturing, building management, surveillance, workplace safety, vehicle fleet management, shipping, construction, natural resource management, agriculture, smart homes and far more.

One significant negative implication of technology’s continual evolution is proportional advancement in nefarious internet activities, particularly cyber attacks. The past few years have seen a rising sophistication in cyber attacks at levels never experienced before. The worst fact is that attacks will likely only continue to get more advanced. To fight them, enterprises need to be armed with greater security tools. Legacy approaches to cybersecurity no longer cut it.