Monthly Archives: May 2024

New data covering cyber insurance claims through 2023 shows claims have increased while reaffirming what we already know: phishing and social engineering are the real problem.

Researchers at IBM X-Force are tracking several large phishing campaigns spreading an updated version of the Grandoreiro banking trojan.

Analysis of over 3.5 billion attacks provides insight into where threat actors are placing their efforts and where you should focus your cyber defenses.

Regardless of whether your environment is on-premises, in the cloud or hybrid, new data makes it clear that users are the top cybersecurity concern, and we cover what you can do about it.

Despite growing security investments in prevention, detection and response to threats, users are still making uninformed mistakes and causing breaches.

Rapid7 reports an interesting social engineering scheme that easily bypasses content filtering defenses and creatively uses a fake help desk to supposedly “help” users put down the attack.

A scam operation called “Estate” has attempted to trick nearly a hundred thousand people into handing over multi-factor authentication codes over the past year, according to Zack Whittaker at TechCrunch.

The US Federal Bureau of Investigation’s (FBI’s) San Francisco division warns that threat actors are increasingly using AI tools to improve their social engineering attacks.

New data shows that despite the massive evolution of the cybercrime economy, threat actors are sticking with the basics in social engineering attacks, with a goal at stealing data.

Attackers are exploiting Reflected Cross-Site Scripting (XSS) flaws to bypass security filters, according to a new report from Vipre. This technique allows attackers to send benign links in phishing emails that will redirect users to malicious sites.

Trend analysis of ransomware attacks in the first quarter of this year reveals a continual increase in the number of “unknown” initial attack vectors, and I think I might understand why.

New analysis of Q1’s ransomware attacks uncovers a single group responsible for the majority and discusses what makes them so successful.

The Royal Canadian Mounted Police (RCMP) in Nova Scotia is warning of spear phishing attacks that impersonate company managers. The scammers text company employees requesting a payment to cover an urgent business need.

“Reality Hijacked” isn’t just a title—it’s a wake-up call. The advent and acceleration of GenAI is redefining our relationship with ‘reality’ and challenging our grip on the truth.

Just when you think bad actors cannot sink any lower, they find a way to. In a recent chilling evolution of ransomware tactics, attackers are now also targeting the families of corporate executives to force compliance and payment. 

New data shows organizations are improving their ability to detect and respond to ransomware attacks, but is it fast enough to make a difference and stop attacks?

Like most observers, I celebrated Google’s recent announcement on April 9th about new multi-party approvals for a handful or so of common actions accomplished by super admins in Google Workspace.

In the quest to secure the integrity of elections, Arizona election workers have taken a groundbreaking step by participating in a first-of-its-kind drill meant to defend against a new wave of AI-generated threats.