Ransomware in Q1 2024: Frequency, size of payments trending downwards, SMBs beware!
More organizations hit by ransomware gangs are starting to realize that it doesn’t pay to pay up: “In Q1 2024, the proportion of victims that chose to pay touched …
LastPass users targeted by vishing attackers
The CryptoChameleon phishing kit is being leveraged by vishing attackers looking to trick LastPass users into sharing their master password. “Initially, we learned of a …
Protobom: Open-source software supply chain tool
Protobom is an open-source software supply chain tool that enables all organizations, including system administrators and software development communities, to read and …
51% of enterprises experienced a breach despite large security stacks
Threat actors are continuing to successfully breach across the entire attack surface and the stakes are only getting higher: 93% of enterprises who admitted a breach reported …
New infosec products of the week: April 19, 2024
Here’s a look at the most interesting products from the past week, featuring releases from IDnow, Immuta, Privacera, Redgate, ShadowDragon, and Tanium. ShadowDragon Horizon …
Ivanti patches critical Avalanche flaw exploitable via a simple message (CVE-2024-29204)
The newest version of Ivanti Avalanche – the company’s enterprise mobile device management (MDM) solution – carries fixes for 27 vulnerabilities, two of …
Authorities take down LabHost, phishing-as-a-service platform
Law enforcement from 19 countries severely disrupted one of the world’s largest phishing-as-a-service platform, known as LabHost. This year-long operation, coordinated at the …
Cheap ransomware for sale on dark web marketplaces is changing the way hackers operate
Since June 2023, Sophos X-Ops has discovered 19 junk gun ransomware variants — cheap, independently produced, and crudely constructed — on the dark web. The developers of …
Who owns customer identity?
When I’m talking with prospective clients, I like to ask: which department owns customer identity? Everyone immediately looks towards a different team. While every team …
92% of enterprises unprepared for AI security challenges
Most industries continue to run almost two or more months behind in patching software vulnerabilities, endpoints remain vulnerable to threats, and most enterprise PCs must be …
Bots dominate internet activity, account for nearly half of all traffic
49.6% of all internet traffic came from bots in 2023, a 2% increase over the previous year, and the highest level Imperva has reported since it began monitoring automated …
Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation
While it initially seemed that protecting Palo Alto Network firewalls from attacks leveraging CVE-2024-3400 would be possible by disabling the devices’ telemetry, it has …
Featured news
Sponsored
Don't miss
- CrushFTP zero-day exploited by attackers, upgrade immediately! (CVE-2024-4040)
- The rising influence of AI on the 2024 US election
- 10 colleges and universities shaping the future of cybersecurity education
- What is multi-factor authentication (MFA), and why is it important?
- MITRE breached by nation-state threat actor via Ivanti zero-days