Monthly Archives: January 2023

I have been doing some research on Secure Email Gateways. The picture is not that pretty.  Below I will summarize what I found.

Cybercriminals attack schools, the FCC looks to change data breach rules and artificial intelligence alters the cybersecurity landscape. Here are the latest threats and advisories for the week of January 13, 2023. Threat Advisories and Alerts How Businesses Can Securely … Read More

Phishing attacks are now the top vector for ransomware delivery, according to researchers at Digital Defense. Phishing emails can be highly tailored to specific employees in order to trick them into downloading malicious files.

Government workers are prime targets for social engineering attacks, according to Kaitlyn Levinson at GCN. Attackers use different tactics to target government employees in specific roles. Levinson quotes Rita Reynolds, Chief Information Officer for the National Association of Counties, as … Read More

Some excellent work here. An internal US Government agency audit audit showed that a fifth of passwords were easy to crack. Their recently published study showed that hashes for well over 80,000 AD accounts included passwords like Password1234, Password1234!, and … Read More

By Diana-Lynn Contesti, CISSP-ISSAP, ISSMP, CSSLP, SSCP In recent years, we have seen the threat landscape become increasingly complex as threat actors use sophisticated techniques to exploit vulnerabilities of weak passwords, missing patches and antiquated software, thus gaining access to … Read More

An Italian citizen named Filippo Bernardini has pleaded guilty in New York to stealing more than a thousand unpublished book manuscripts from various well-known authors. The targeted authors included Margaret Atwood, Ian McEwan, Sally Rooney, and Ethan Hawke.

The recent hack (at least 7th) of the LastPass password manager has lots of people wondering if they should use a password manager.

We strongly recommend that you use a password manager to reduce password reuse and improve complexity, but you may be wondering if it’s really worth the risk. Is it safe to store all of your passwords in one place? Can … Read More

Reuters describes a cyberespionage campaign carried out by the hitherto little-known threat group researchers track as “Cold River.” The group is circumstantially but convincingly linked to Russian intelligence services (possibly the FSB, although that’s unclear) through its Russophone operations and … Read More

As practitioners know all too well, it is paramount to remain up to date with the changing landscape of cybersecurity. We regularly conduct Job Task Analysis (JTA) studies to review exam content and outlines to ensure the accuracy, relevance and … Read More

A rise in the reliance on unmanaged mobile devices, matched with a lack of patching and increased attacks seeking solely to steal credentials was a perfect storm for government.

The LockBit ransomware gang apologizes, Google settles privacy lawsuits and cybercriminals impersonate brands and the U.K. government. Here are the latest threats and advisories for the week of January 6, 2023. Threat Advisories and Alerts Cybercriminals Impersonate Brands with Search … Read More

Representing more than half of all cyber loss, new data shows these attacks all begin with employees falling for social engineering, phishing, and business email compromise.

Interest in the handheld open-source multi-function cybersecurity tool by techies has risen to a new campaign seeking to steal crypto funds through illegitimate “sales” of the device.

ZDNet summarized the problem as follows: “Up to 1,981 schools, 290 hospitals, 105 local governments and 44 universities and colleges were hit with ransomware in the US alone during 2022, demonstrating how ransomware attacks remain a significant cyber threat to … Read More

The UK’s National Cyber Security Centre (NCSC) has outlined the top six most impersonated UK government agencies in 2022. The most impersonated entity was the National Health Service (NHS), followed by TV Licensing, HM Revenue & Customs, Gov.uk, DVLA, and … Read More

Researchers at Check Point have shown that Large Language Models (LLMs) like OpenAI’s ChatGPT can be used to generate entire infection chains, beginning with a spear phishing email. The publicly available AI can be asked to write a targeted phishing … Read More