How the blurring of the “supply chain” opens your doors to attackers—and how you can close them
There have been more than 200 dedicated supply chain attacks over the past decade. Some of these campaigns have affected countless supplier networks and millions of customers …
QNAP NAS devices hit by DeadBolt and ech0raix ransomware
Taiwan-based QNAP Systems is warning consumers and organizations using their network-attached storage (NAS) appliances of a new DeadBolt ransomware campaign. There also …
Once is never enough: The need for continuous penetration testing
If you Google “How often should I do penetration testing?”, the first answer that pops up is “once a year.” Indeed, even industry-leading standards like PCI-DSS dictate that …
Four steps to successful empathetic investigations
How security conducts employee investigations needs to change. All too often, security investigations are an attempt to get an employee to admit to suspected wrongdoing. Times …
Attackers are leveraging Follina. What can you do?
As the world is waiting for Microsoft to push out a patch for CVE-2022-30190, aka “Follina”, attackers around the world are exploiting the vulnerability in a …
FluBot takedown: Law enforcement takes control of Android spyware’s infrastructure
An international law enforcement operation involving 11 countries has disrupted the spreading of the FluBot Android malware, which spreads via SMS and MMS and steals sensitive …
How cybercriminals are targeting executives at home and their families
Top executives and their families are increasingly being targeted on their personal devices and home networks, as sophisticated threat actors look for new ways to bypass …
Verizon 2022 DBIR: External attacks and ransomware reign
There has been an alarming rise (13%) in ransomware breaches – a jump greater than the past 5 years combined, Verizon Business has revealed in its 2022 Data Breach …
7 threat detection challenges CISOs face and what they can do about it
Security operations (SecOps) teams continue to be under a constant deluge of new attacks and malware variants. In fact, according to recent research, there were over 170 …
Phishers exploit Google’s SMTP Relay service to deliver spoofed emails
Phishers are exploiting a flaw in Google’s SMTP relay service to send malicious emails spoofing popular brands. Avanan researcher Jeremy Fuchs says that starting in April …
CMS-based sites under attack: The latest threats and trends
Payment card skimmers are becoming more common in exploit kits affecting WordPress websites and attackers are spending more time customizing them to avoid detection, …
How to recruit cybersecurity talent from atypical backgrounds
In this interview with Help Net Security, Max Shuftan, Director of Mission Programs & Partnerships at SANS Institute, talks about how companies and the cybersecurity …