Archive

GRIT’s 2025 Report: Annual Vulnerability Analysis and Exploitation Trends

February 4, 2025 2024 saw an unprecedented surge in vulnerability disclosures, with over 39,000 vulnerabilities published.

Ongoing report: Babuk2 (Babuk-Bjorka)

January 29, 2025 Editor’s note: We will continue to provide updates as further information is forthcoming.

GRIT’s 2025 Report: Post-Compromise Detection Strategies

January 28, 2025 This blog marks the beginning of a series based on the findings in the GRIT 2025 Ransomware and Cyber Threat Report.

OT/ICS Security: Beyond the Easy Button

January 23, 2025 In the world of Operational Technology (OT) and Industrial Control Systems (ICS), security cannot rely on a “set it and forget it” mindset or an over-reliance on the lates…

Unveiling the GRIT 2025 Ransomware and Cyber Threat Report

January 16, 2025 The ransomware landscape is shifting, and understanding these changes is critical to staying ahead.

RansomHub Affiliate leverages Python-based backdoor

January 15, 2025 In an incident response in Q4 of 2024, GuidePoint Security identified evidence of a threat actor utilizing a Python-based backdoor to maintain access to compromised endpoints.

Considerations for a Balanced Critical Infrastructure Security Strategy

January 7, 2025 With the Presidential administration changeover happening soon, there has been much discussion of potential regulatory rollback, restructuring, or elimination of agencies like the Cybe…

Understanding and Taking Advantage of the NYDFS Risk Assessment Requirement

December 11, 2024 As organizations prepare for the coming year those affected by NYDFS may struggle to efficiently include the requirements in their plans.

RACE Conditions in Modern Web Applications

December 5, 2024 The concept of a RACE condition and its potential for application vulnerabilities is nothing new.

Developing and Implementing a Privacy Program

November 26, 2024 Privacy Privacy has evolved beyond compliance; its relevance in creating brand loyalty and customer trust has proven to build a competitive advantage for organizations with a compreh…

Building and Enhancing OT/ICS Security Programs Through Governance, Risk, and Compliance (GRC)

November 21, 2024 Operational Technology (OT) and Industrial Control Systems (ICS) are critical components of many industries, especially those within the 16 critical infrastructure sectors.

To Pay or Not to Pay: The Ransomware Dilemma

November 14, 2024 Disclaimer: In the majority of cases, the determination of whether or not to pay a ransom is a business decision, and this blog is intended solely to help decision-makers navigate th…