Clik here to view.
GenAI is Powering the Latest Surge in Modern Email Threats
Generative artificial intelligence (GenAI) tools like ChatGPT have extensive business value. They can write content, clean up context, mimic writing styles and tone, and more. But what if bad actors...
View ArticleClik here to view.
Email Security Brief: Sing Us a Song You’re the Piano Scam
What happened Proofpoint recently identified a cluster of activity conducting malicious email campaigns using piano-themed messages to lure people into advance fee fraud (AFF) scams. The campaigns...
View ArticleInside an Actual Threat Detection: Thwarting a CEO Impersonation Attack
Background Last year, the Federal Trade Commission (FTC) received more than 330,000 reports of business impersonation scams and nearly 160,000 reports of government impersonation scams. This...
View ArticleKeeping Content Fresh: 4 Best Practices for Relevant Threat-Driven Security...
The threat landscape moves fast. As new attack methods and social engineering techniques appear, organizations need to maintain security awareness programs that are relevant, agile and focused....
View ArticleHow cyber insurance shapes risk: Ascension and the limits of lessons learned
In May 2024, the news broke that Ascension, a St. Louis-based nonprofit healthcare system, had been hit by a ransomware attack that interrupted access to electronic records, disrupted use of other...
View ArticleBetter metrics can show how cybersecurity drives business success
Longtime security chief Pamela Fusco wanted to more clearly quantify the business value that her cybersecurity program provided to her former employer, a pharmaceutical company. So, she came up with...
View ArticleYou’re not doing enough to educate insiders about data protection
Our insiders need to be better educated in the art of protecting data — and by extension their own livelihoods. Everyone knows about risks from outside an organization, that’s the primary function of...
View ArticleCrowdStrike backs Microsoft’s demand for reducing kernel-level access
In a significant shift in the security landscape, CrowdStrike appears to be aligning with Microsoft’s demand to reconsider kernel-level access for security vendors after CrowdStrike’s Falcon update...
View ArticleGenerative AI takes center stage at Black Hat USA 2024
While the Black Hat USA 2024 conference, held in Las Vegas, has served as a launchpad for several cybersecurity tools and technologies, this year’s launches were all about leveraging the power of...
View ArticleAPT groups increasingly attacking cloud services to gain command and control
An increasing number of advanced persistent threat (APT) groups are leveraging cloud-based storage services offered by Microsoft and Google for command and control (C2) and data exfiltration,...
View ArticleRansomware attack paralyzes milking robots — cow dead
Even small farmers are not immune to cyberattacks. Vital Bircher, a farmer in Hagendorn, Switzerland, between Zurich and Lucerne, recently experienced an attack on his computer systems, which were...
View ArticleEU’s DORA regulation explained: New risk management requirements for...
What is the Digital Operational Resilience Act (DORA)? The Digital Operational Resilience Act (DORA) is designed to “consolidate and upgrade ICT [information and communications technology] risk...
View ArticleMusk’s X under scrutiny in Europe for data privacy practices
Elon Musk’s X platform faces legal action in Ireland, with the Data Protection Commission (DPC) filing High Court proceedings over concerns related to the handling of European users’ personal data....
View ArticleBack to the future: Windows Update is now a trojan horse for hackers
A recent discovery has revealed a serious flaw in Microsoft’s Windows Update. Instead of protecting computers, it can be tricked into installing older, vulnerable operating system versions. This...
View ArticlePhishers have figured out that everyone is afraid of HR
The most effective subject lines for phishing attacks are focused on things that employees tend to be scared to ignore, such as “HR”, “IT”, and “DropBox file shared”, based on a Q2 2024 top-clicked...
View ArticleS3 shadow buckets leave AWS accounts open to compromise
Researchers have found a new way to attack AWS services or third-party projects that automatically provision AWS S3 storage buckets. Dubbed Shadow Resource, the new attack vector can result in AWS...
View ArticleExclusive: CrowdStrike eyes Action1 for $1B amid fallout from Falcon update...
Cybersecurity giant CrowdStrike is in talks to acquire Action1, a cloud-based patch management and vulnerability remediation company for close to $1 billion. According to a source close to the matter...
View Article6 IT risk assessment frameworks compared
Technology is one of the greatest assets companies have, essential to running or supporting many business processes. It’s also one of the biggest risks. That’s why IT risk assessment frameworks are...
View Article5 key takeaways from Black Hat USA 2024
The infosecurity world came together in Las Vegas this week for Black Hat USA 2024, offering presentations and product announcements that will give CISOs plenty to consider. Here are the top takeaways...
View ArticleAMD CPUs impacted by 18-year-old SMM flaw that enables firmware implants
AMD has issued microcode updates for a wide range of server and desktop CPUs to address a vulnerability that could allow attackers to bypass protections for the System Management Mode (SMM) and...
View Article