LockBit Ransomware Operation Disrupted by Law Enforcement; Decryptor Released
Feb20

LockBit Ransomware Operation Disrupted by Law Enforcement; Decryptor Released

The world’s most harmful cybercrime group – LockBit – has had its infrastructure seized in a global law enforcement operation. Law enforcement agencies from 10 countries participated in Operation Chronos, which was led by the UK National Crime Agency (NCA) and was coordinated by Europol and Eurojust. Up until the takedown, Lockbit was the most prolific ransomware group in operation. The group has been active for 4 years...

Read More
The Mother of All Breaches: Exposed Database Contains 26 Billion Records
Jan23

The Mother of All Breaches: Exposed Database Contains 26 Billion Records

Cybersecurity researcher Bob Diachenko of Security Discovery and the team at CyberNews have uncovered what is thought to be the largest-ever collection of stolen data, consisting of more than 26 billion records. The database they identified on an open storage instance contains an astonishing 12 TB of data, and while there are likely to be duplicates in the database it is still thought to be the biggest collection of stolen data ever...

Read More
Black Basta Ransomware Decryptor Developed
Jan03

Black Basta Ransomware Decryptor Developed

Researchers at Security Research (SR) Labs have recently announced that they identified a weakness in the encryption algorithm used by Black Basta ransomware which can allow certain victims to recover their files for free. The researchers have released a suite of Black Basta Buster decryptor tools, that can be used for free. Black Basta ransomware uses intermittent encryption, which makes the encryption process more efficient and...

Read More
Google Agrees to Settle $5 Billion “Incognito” Privacy Lawsuit
Jan03

Google Agrees to Settle $5 Billion “Incognito” Privacy Lawsuit

Google has agreed to settle a $5 billion lawsuit that alleged it spied on people who used the Chrome Browser in incognito mode and the privacy modes of other Chromium browsers. The Google Chrome browser’s incognito mode includes greater privacy protections, allowing users to browse the Internet anonymously. A lawsuit – Brown et al v Google LLC et al – was filed in the U.S. District Court, Northern District of California in June...

Read More
FBI Seizes BlackCat Infrastructure – ALPHV Responds by Removing Restrictions for Affiliates
Dec20

FBI Seizes BlackCat Infrastructure – ALPHV Responds by Removing Restrictions for Affiliates

An international law enforcement operation has successfully disrupted the APHV/Blackcat ransomware operation. The Federal Bureau of Investigation (FBI) was able to gain access to the ransomware group’s servers and obtain decryption keys, which allowed the FBI to develop a decryption tool to help victims recover their files without paying the ransom. According to an announcement by the U.S. Department of Justice, the FBI was able to...

Read More
Black Basta Generated At Least $107 Million in Ransoms Since April 2022
Dec05

Black Basta Generated At Least $107 Million in Ransoms Since April 2022

An investigation of the Black Basta ransomware group by Corvus Insurance and Elliptic has revealed the group obtained at least $107 million in ransom payments from more than 90 victims since April 2022. Black Basta is a Russia-linked ransomware-as-a-service (RaaS) operation, where affiliates are recruited to conduct ransomware attacks for a cut of the profits. The group emerged after the infamous Conti ransomware operation was shut...

Read More

23andMe Confirms Hacker Stole Data of 6.9 Million Users

On Friday, the direct-to-consumer genetic testing company, 23andMe, confirmed that hackers gained access to the personal information of approximately 6.9 million customers in an October 2023 cyberattack. The incident came to light when a hacker posted on an online forum claiming they had obtained the profile information of millions of users and offered the data for sale. 23andMe investigated to determine the validity of the claims and...

Read More
COO of Cybersecurity Company Pleads Guilty to Attack on Georgia Hospitals to Drum up Business
Nov21

COO of Cybersecurity Company Pleads Guilty to Attack on Georgia Hospitals to Drum up Business

The former chief operating officer (COO) of a cybersecurity firm who hacked two hospitals in an attempt to win business has changed his plea to guilty in an attempt to avoid a lengthy jail term. On September 27, 2018, two hospitals that are part of Gwinnett Medical Center (GMC) in Georgia suffered cyberattacks that disrupted their phone systems and printers. Access was gained to the phone system and a command was sent that disabled...

Read More
CISA Publishes Healthcare Cybersecurity Mitigation Guide
Nov20

CISA Publishes Healthcare Cybersecurity Mitigation Guide

In New York state, the healthcare industry was the most targeted critical infrastructure sector in 2022 and attacks in the first half of 2023 have more than doubled. The HHS’ Office for Civil Rights reports that hacking incidents now account for 77% of all healthcare data breaches of 500 or more records nationwide and there has been a 278% increase in ransomware attacks in the past 4 years. So far in 2023, more than 102 million...

Read More
HHS Settles its First-Ever Ransomware Investigation for $100,000
Nov03

HHS Settles its First-Ever Ransomware Investigation for $100,000

The Department of Health and Human Services’ Office for Civil Rights (OCR) has announced its first-ever ransomware settlement. The investigation of the ransomware attack on Doctors’ Management Services uncovered multiple violations of the Health Insurance Portability and Accountability Act (HIPAA) and a $100,000 settlement was agreed upon. The healthcare industry has been extensively targeted by ransomware gangs over the past 5...

Read More
1Password Says Okta Environment Compromised Using Stolen Session Cookie
Oct25

1Password Says Okta Environment Compromised Using Stolen Session Cookie

The password manager provider 1Password has announced it has been affected by the recent data breach at the San Francisco-based identity and access management company Okta. Okta was contacted by its client, BeyondTrust, on October 2, 2023, after its security team identified suspicious activity that it believed may have stemmed from a data breach at Okta. On October 11, 2023, Okta confirmed that an unauthorized individual had gained...

Read More
Four Behaviors to Focus on During Cybersecurity Awareness Month
Oct02

Four Behaviors to Focus on During Cybersecurity Awareness Month

October is Cybersecurity Awareness Month – A month dedicated to raising awareness of the importance of cybersecurity and sharing some of the easy steps that everyone can take to improve privacy and security. Jen Easterly, Director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), is encouraging all Americans to stop and think before taking any action, whether online or in response to unsolicited text messages,...

Read More
Publicly Shared SAS Token for Storage Account Causes 38 TB Data Leak at Microsoft
Sep19

Publicly Shared SAS Token for Storage Account Causes 38 TB Data Leak at Microsoft

Security researchers at Wiz have identified a major leak of internal data at Microsoft. The breach occurred three years ago in 2020 when an employee shared a URL for a blob store in a public GitHub repository while contributing to open source AI learning models. Wiz reported the data leak to the Microsoft Security Response Center (MSRC) in June, and on Monday, MSRC issued an advisory confirming this was an internal data leak involving...

Read More
QakBot Botnet Dismantled and 700,000 Infected Devices Cleaned
Sep04

QakBot Botnet Dismantled and 700,000 Infected Devices Cleaned

The U.S. Federal Bureau of Investigation (FBI) and the U.S. Department of Justice have recently announced that the QakBot malware network has been successfully dismantled and around 700,000 computers that had been infected with the malware have been cleaned. QakBot (aka QBot/Quackbot/Pinkslipbot) is a second-stage modular malware that was initially a banking Trojan and an information stealer, to which backdoor and self-propagation...

Read More
Data Breach Costs Reach Record High of $9.48 Million in the United States
Jul25

Data Breach Costs Reach Record High of $9.48 Million in the United States

Data breach costs have increased to record levels, with the average cost of a data breach now $4.45 million globally – a 2% increase from last year and a 15% increase since 2020. U.S. data breaches cost an average of $9.48 million and healthcare data breaches are the most expensive, costing an average of $10.93 million. This is the thirteenth consecutive year that healthcare data breaches have topped the list as the most expensive...

Read More
Cloud Transition Security Guidance Issued by CISA
Jul18

Cloud Transition Security Guidance Issued by CISA

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a factsheet to help organizations securely transition from on-premises to cloud and hybrid environments and ensure data and critical assets are properly secured. The factsheet can be used by network defenders, analysis, and incident responders and suggests several open source tools that complement those provided by cloud service platforms and providers (CSPs)....

Read More
Verizon 2023 DBIR: DoS Attacks Dominate 2022 Cyberattacks and BEC Attacks Double
Jun08

Verizon 2023 DBIR: DoS Attacks Dominate 2022 Cyberattacks and BEC Attacks Double

The recently published Verizon 2023 Data Breach Investigations Report provides insights into the tactics, techniques, and procedures that cyber actors are using to gain access to networks to achieve their objectives. The data for the report comes from security incidents and data breaches between Nov. 1, 2021, to Oct. 31, 2022, which this year includes 953,894 security incidents and 254,968 confirmed breaches, including more than...

Read More
University Alert System Hijacked by Ransomware Gang and Used to Aid Extortion
May10

University Alert System Hijacked by Ransomware Gang and Used to Aid Extortion

A ransomware gang has hijacked an alert system used by a university and used it to issue threats to staff and students to pressure the university into paying the ransom. The attack was conducted by the Avos ransomware gang on Bluefield University in Virginia. Like many universities, Bluefield has an emergency alert system that sends SMS messages and emails to staff and students to warn them about emergencies and threats, such as...

Read More
World Password Day – A Reminder to Improve Password Hygiene
May03

World Password Day – A Reminder to Improve Password Hygiene

The first Thursday of May is World Password Day, a day dedicated to raising awareness of the importance of password security and the promotion of password best practices. The idea of a Password Day came from the security researcher Mark Burnett, who suggested in 2005 in his Perfect Passwords book that everyone should have a password day where they took the time to update their passwords. In 2013, World Password Day became official and...

Read More
Concern Grows About Ease of Bypassing Bypass Security Controls of AI Chatbots
Apr17

Concern Grows About Ease of Bypassing Bypass Security Controls of AI Chatbots

Security researchers have demonstrated it is possible to hack the large language models that power AI-based chatbots such as ChatGPT to get around the security protections that have been put in place to prevent abuse, and by doing so get these chatbots to generate text about illegal activities and hate speech. These large language models have tremendous potential but there are growing fears that there is also considerable potential...

Read More
IT Professionals are Pressured into Keeping Security Breaches Quiet
Apr07

IT Professionals are Pressured into Keeping Security Breaches Quiet

Malicious actors are increasingly using automation to conduct sophisticated attacks at scale and organizations are struggling to defend against attacks. IT teams are typically incredibly overworked and lack the resources they need to proactively improve defenses, instead they are bogged down reacting to threats and dealing with security incidents. Security teams are under pressure to prevent breaches, but when security breaches occur,...

Read More
Atlassian Confirms SiegedSec Hackers Stole Employee Data and Office Floor Plans
Feb22

Atlassian Confirms SiegedSec Hackers Stole Employee Data and Office Floor Plans

The enterprise software provider, Atlassian, has confirmed that a hacking group has downloaded sensitive employee data and office floor plans, but says its systems were not breached. A threat group called SiegedSec recently announced on their Telegram channel that they had hacked into the software of Atlassian and exfiltrated sensitive data. In the announcement, they said they had stolen sensitive data from the $44 billion software...

Read More
One-fifth of the U.S. Department of the Interior Passwords Successfully Cracked in Password Test
Jan13

One-fifth of the U.S. Department of the Interior Passwords Successfully Cracked in Password Test

A recent investigation of the password management practices of the U.S. Department of the Interior has identified multiple password failures which are putting its internal network and applications at risk of compromise. The investigation was conducted by the Department of the Interior Office of Inspector General (DOI OIG) to determine how well the Department’s password management and enforcement controls were working. The...

Read More
Hacker Claims to Have Scraped the Data of 400 Million Twitter Users
Dec30

Hacker Claims to Have Scraped the Data of 400 Million Twitter Users

A hacker has recently posted a listing on a popular hacking forum advertising a data set that includes the public and private data of approximately 400 million Twitter users. The data was allegedly obtained by exploiting an API vulnerability in 2021 that has since been patched. The same vulnerability was exploited previously in a 5.4 million record data breach – one which the Irish Data Protection Commission has just started...

Read More
What are the HIPAA Password Requirements?
Dec18

What are the HIPAA Password Requirements?

Before answering the question what are the HIPAA password requirements, it is important to note that passwords are not a requirement of HIPAA if Covered Entities use an alternative authentication method to “verify that a person or entity seeking access to ePHI is the one claimed” (Security Rule Standard §164.312(d)). According to the Department of Human Services´ Guide to the Technical Security Standards there are three ways in which...

Read More
Survey Reveals Serious Password Manager Mistake That Puts Millions at Risk of Identity Theft
Dec16

Survey Reveals Serious Password Manager Mistake That Puts Millions at Risk of Identity Theft

Passwords are often a security weak point, but not because of the level of security they provide. If a sufficiently long password is set following password best practices, the account would be well secured. A password of 15 characters containing upper- and lower-case characters, numbers, and symbols would take about a billion years to crack using the GPUs currently available, according to a study by Hive Systems. Increase it to 18...

Read More
63 Unique Zero Day Bugs Identified and Exploited at Pwn2Own Toronto 2022
Dec12

63 Unique Zero Day Bugs Identified and Exploited at Pwn2Own Toronto 2022

A contest run by Trend Micro’s Zero Day initiative at Pwn2Own Toronto 2022 that rewards hackers for identifying and exploiting zero-day vulnerabilities has seen exploits demonstrated for 63 unique zero-day bugs in consumer products, earning hackers a total of $989,750 in prize money. This was the 10th year that the contest has been held, and this year saw 26 contestants and teams try to hack the commercial software solutions of 66...

Read More
Public and Nonpublic Information of 5.4 Million Twitter Users Leaked
Nov28

Public and Nonpublic Information of 5.4 Million Twitter Users Leaked

A collection of public and non-public information of 5.4 million Twitter users has been released on a hacking forum and can be downloaded free of charge. This is not a recent data breach, but a batch of data that was first listed for sale in December 2021, which the hacker listed for $30,000 at the time. Public information on Twitter users was scraped and combined with legitimate phone numbers and email addresses, which are not...

Read More

The Worst Passwords of 2022 Revealed

The List of the worst passwords of 2022 has been published, pointing the spotlight on poor password practices. Despite the risks, these terrible passwords are still used by many people to “secure” their accounts. The worst passwords of 2022 do nothing of the sort. These passwords are top of the list in brute force attempts to access accounts and will provide almost instant access to any account that they have been used to secure. The...

Read More
CISA Issues Guidance on Vulnerability Categorization, Prioritization, and Management
Nov14

CISA Issues Guidance on Vulnerability Categorization, Prioritization, and Management

Many organizations struggle with vulnerability management due to the number and complexity of new resources and limited resources to devote to remediating vulnerabilities. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently issued guidance to help organizations improve vulnerability management by implementing an efficient process for assessing and remediating vulnerabilities. Large organizations generally...

Read More
Q3 Sees Insider Threat Incidents Reach All-Time High
Nov10

Q3 Sees Insider Threat Incidents Reach All-Time High

The Kroll Q3 2022 Threat Landscape report shows an increase in insider threat incidents, which reached the highest level to date in Q3, accounting for 35% of all unauthorized access incidents. Kroll has attributed the increase to the phenomenon known as the great resignation, where large numbers of employees are changing jobs following the COVID-19 pandemic. These incidents commonly occur during the employee termination process and...

Read More
Medibank Refuses to Pay Ransomware Gang to Prevent Release of Customer Data
Nov08

Medibank Refuses to Pay Ransomware Gang to Prevent Release of Customer Data

In October, Medibank, one of the largest private health insurers in Australia, suffered a ransomware attack that involved the theft of the data of almost 10 million customers. The group behind the attack is thought by some security researchers to be the notorious REvil ransomware gang. The new operation is known as BlogXX, after the name of the website used by the group. In conversations with victims, the group calls itself Sodinokibi...

Read More
Cybersecurity Awareness Month 2022 Focuses on People
Sep28

Cybersecurity Awareness Month 2022 Focuses on People

Cybersecurity Awareness Month 2022 runs from October 1 to October 31, with the month of October having been dedicated to improving awareness about cybersecurity since 2004. Throughout October, the U.S. Cybersecurity and Infrastructure Security (CISA) and the National Cybersecurity Alliance (NCA) will lead a collaborative effort  between government and industry to improve cybersecurity awareness in the United States and beyond. The...

Read More
TikTok Denies Theft of 2 Billion Data Records and Source Code
Sep06

TikTok Denies Theft of 2 Billion Data Records and Source Code

On September 3, 2022, a hacker operating under the name of AgainstTheWest claimed on a hacking forum that TikTok and WeChat had been breached and a database had been stolen from an Alibaba cloud repository that contained the personal information of users of the platforms. TikTok and WeChat are both Chinese companies; however, the companies are not owned by the same parent company, which suggests that the hacking claim may not be...

Read More
NSA and CISA Issue Guidance for Developers on Securing the Software Supply Chain
Sep02

NSA and CISA Issue Guidance for Developers on Securing the Software Supply Chain

Guidance has been released by the U.S. National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI) on steps that can be taken by developers to secure the software supply chain. Cybercriminals and nation-state threat actors have targeted the software supply chain to efficiently attack large numbers of businesses, such as the SolarWinds...

Read More
Claroty Reports 57% Increase in Disclosed XIoT Vulnerabilities in 1H, 2022
Aug25

Claroty Reports 57% Increase in Disclosed XIoT Vulnerabilities in 1H, 2022

There was a 57% increase in reported vulnerabilities affecting extended Internet of things (XIoT) devices in the first half of 2022, compared to the last half of 2021, according to the recently published State of XIoT Security: 1H, 2022 report from cybersecurity firm Claroty. XIoT is an umbrella term that covers connected cyber-physical devices within industrial, healthcare, and commercial enterprise IoT environments. Data collected...

Read More
NHS 111 Services Disrupted by Cyberattack on Managed Service Provider
Aug08

NHS 111 Services Disrupted by Cyberattack on Managed Service Provider

The National Health Service (NHS) in the United Kingdom is currently dealing with a cyberattack on one of its managed service providers, Advanced. Birmingham-based Advanced helps operate NHS 111 services. NHS 111 is a web and telephone service where patients can get quick health and mental health information on non-urgent medical matters. Advanced detected the cyberattack on Thursday, August 4, 2022, and has confirmed it has affected...

Read More
Data Breach Costs Reach Record High of $4.35 Million; $9.4m in the US
Jul29

Data Breach Costs Reach Record High of $4.35 Million; $9.4m in the US

The average cost of a data breach in 2022 has risen to $4.35 million and $9.4 million in the United States, according to the 2022 Cost of a Data Breach Report from IBM. For the past 17 years, IBM has been releasing annual reports that track the average cost of data breaches. 2022 has set new records for breach costs, with the average global cost of a data breach 2.6% higher than in 2021, and almost 13% higher than in 2020. This year’s...

Read More
NIST Releases Updated HIPAA Security Rule Guidance
Jul26

NIST Releases Updated HIPAA Security Rule Guidance

The National Institute of Standards and Technology (NIST) has refreshed its HIPAA Security Rule compliance guidance. The guidance was last updated in 2008 and a lot has changed in the past 14 years ago, including the release of the NIST Cybersecurity Framework. The new guidance serves as a practical guide for the healthcare industry to help with the implementation of the HIPAA Security Rule, to better protect healthcare data from...

Read More
42% Of Americans Use the Same Password for Multiple Accounts
Jul22

42% Of Americans Use the Same Password for Multiple Accounts

A recent survey conducted on 2,000 Americans by OnePoll on behalf of AT&T has provided insights into the level of cybersecurity knowledge of Americans and the cybersecurity risks many people take when using the Internet. According to the survey, 70% of respondents said they felt they were knowledgeable about cybersecurity and understand how hackers gain access to sensitive information on devices, but in many cases that knowledge...

Read More
Web Server Hacking Incident Results in $875,000 HIPAA Fine for Oklahoma State University
Jul15

Web Server Hacking Incident Results in $875,000 HIPAA Fine for Oklahoma State University

On January 5, 2018, Oklahoma State University – Center for Health Sciences (OSU-CHS) reported a web server hacking incident to the U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR). The subsequent OCR investigation determined multiple areas of noncompliance with the Privacy, Security, and Breach Notification Rules of the Health Insurance Portability and Accountability Act (HIPAA). Yesterday, OCR...

Read More
Study Highlights the Importance of Password Complexity
Jul11

Study Highlights the Importance of Password Complexity

Poor security practices are commonly exploited by threat actors, and one of those practices that stands out is the exploitation of weak credentials. A password is often all that stands between a cyber threat actor and sensitive business data. If that password is chosen poorly, or heaven forbid is a default password that has not been changed, a hacker’s life is made so much easier. With the processing power of modern GPUs, weak...

Read More
PFC USA Data Breaches Affects Almost 660 Healthcare Provider Clients
Jul06

PFC USA Data Breaches Affects Almost 660 Healthcare Provider Clients

Professional Finance Company Inc., (PFC) one of the largest accounts receivable management agencies in the United States, has announced that it was the victim of a ransomware attack in February 2022. While the intrusion was detected promptly and was blocked on February 26, 2022, the forensic investigation confirmed that the attackers accessed files on its network, which included the personal information of individuals that had been...

Read More
Hacker Claims Records of 1 Billion Chinese Nationals Stolen from Shanghai National Police
Jul05

Hacker Claims Records of 1 Billion Chinese Nationals Stolen from Shanghai National Police

A hacker operating under the name ChinaDan claims to have stolen over 23 terabytes of data from Shanghai National Police (SHGA) databases. The dataset includes personal information on more than 1 billion Chinese nationals and several billion case records. The dataset, which spans several individual databases, is being offered for sale on hacking forums for 10 bitcoins – approximately $197,000. The data includes personal information...

Read More
How to Reduce Password Security Risks
Jun27

How to Reduce Password Security Risks

Passwords are used to prevent unauthorized access to accounts and data. While passwords can be effective, there are password security risks that need to be reduced to a low and acceptable level, otherwise, accounts and sensitive data could be extremely vulnerable to cyberattacks. Password Security Risks If everyone set a strong, unique, and suitably long password for every account, passwords would provide a good level of protection;...

Read More
Cybersecurity Agencies Recommend Using PowerShell to Improve Forensics and Incident Response
Jun23

Cybersecurity Agencies Recommend Using PowerShell to Improve Forensics and Incident Response

Windows PowerShell is a useful and powerful scripting language and configuration management tool that can be used by Windows and system administrators for creating scripts to automate tasks. PowerShell is also extremely useful to cyber threat actors, who often abuse PowerShell after gaining access to victims’ networks. By using PowerShell, they don’t have to download their own toolsets and can hide their malicious activity. The...

Read More
Exposed Elasticsearch Instance Exposed the Data of Millions of BeanVPN Users
Jun17

Exposed Elasticsearch Instance Exposed the Data of Millions of BeanVPN Users

18.5GB of connection logs of individuals who use the free Virtual Private Network (VPN) service provided by BeanVPN have been exposed over the Internet. The logs contained more than 25 million records and included IP addresses, time stamps, Play Service IDs, and other sensitive data. VPNs are used by many people to hide their identities online; however, the exposed data could be used to de-anonymize users and could be used in a wide...

Read More
Feds Announce Seizure of Domains Used for Selling Stolen Credentials and Conducting DDoS Attacks
Jun06

Feds Announce Seizure of Domains Used for Selling Stolen Credentials and Conducting DDoS Attacks

The Department of Justice (DOJ) and the Federal Bureau of Investigation (FBI) have announced they have seized the domain weleakinfo.to, along with two related domains – ipstress.in and ovh-booter.com – that were being used to sell access to stolen personal information and for conducting distributed denial of service (DDoS) attacks on victim networks. The domain seizures came following an international law enforcement...

Read More
General Motors Customers Targeted in Credential Stuffing Attack
May27

General Motors Customers Targeted in Credential Stuffing Attack

General Motors has announced that certain customer accounts have been accessed by unauthorized individuals. Between April 11 and April 29, 2022, suspicious logins were detected in customer accounts. The investigation revealed unauthorized individuals accessed certain customer accounts and redeemed their reward points for gift vouchers. The compromised accounts contained information such as names, addresses, dates of birth, personal...

Read More
Ransomware Attacks Increased 13% in a Year
May26

Ransomware Attacks Increased 13% in a Year

The 2022 Verizon Data Breach Investigations Report has been published, which shows the extent to which ransomware is being used in cyberattacks on businesses. Ransomware has proven to be a highly successful tool for monetizing system compromises. Threat actors gain initial access to the network, exfiltrate data, then encrypt files. Payment is demanded to prevent the sale or exposure of sensitive data and for the keys to decrypt files....

Read More
What is Password Spraying?
May25

What is Password Spraying?

What is password spraying? Password spraying is a commonly used brute force method for gaining access to accounts. Here we explain what it is and how to thwart it. What is a Brute Force Attack? A brute force attack is a trial-and-error method of gaining access to an account when the password for the account is not known. In an attack, many different passwords are tried for a specific account in the hope of guessing the correct...

Read More
Common Password Attacks and How to Avoid Them
May20

Common Password Attacks and How to Avoid Them

While passwordless authentication is becoming more popular, passwords remain the most common way of securing accounts and preventing unauthorized access. Passwords provide a degree of security, but there are several different password attacks that are effective at obtaining passwords to access the accounts they protect. In this post, we explain the most common password attacks, why they work, and how you can prevent them. Common...

Read More
One Fifth of Businesses Almost Forced into Insolvency Due to a Cyberattack
May17

One Fifth of Businesses Almost Forced into Insolvency Due to a Cyberattack

Many businesses struggle to survive following a cyberattack and data breach. According to a recent report from the Anglo-Bermudan insurance provider, Hiscox, one-fifth of businesses that suffered a serious cyberattack in the past 12 months nearly went insolvent as a result – 24% more than last year. It can take years of hard work to build a business, only for a mistake by an employee or an unpatched vulnerability to undo all that hard...

Read More
$150 Million Investment Plan Proposed for Improving Open-Source Security
May16

$150 Million Investment Plan Proposed for Improving Open-Source Security

At the Open Source Security Summit II in Washington D.C. last week, leaders of the open source community suggested a 2-year $150 million investment plan for improving open-source security in the U.S and upgrading cybersecurity resilience. More than 90 executives from over three dozen companies and government leaders were brought together by the Linux Foundation and the Open Source Software Security Foundation (OpenSSF) for the summit,...

Read More
What is Credential Stuffing?
May14

What is Credential Stuffing?

Credential stuffing attacks are common causes of data breaches. Here we explain what a credential stuffing attack is, why they are often successful, and steps that can be taken to stop these attacks from succeeding. What is a Credential Stuffing Attack? Credential stuffing is a type of brute force attack – an attack where multiple attempts are made to guess a correct password. In a traditional brute force attack, a threat actor tries...

Read More
66% of Mid-Sized Firms Suffered a Ransomware Attack in 2021
Apr28

66% of Mid-Sized Firms Suffered a Ransomware Attack in 2021

There was a massive rise in ransomware attacks on mid-sized organizations in 2021, according to the recently published State of Ransomware 2022 report from cybersecurity firm Sophos. The survey was conducted by Vanson Bourne on 5,600 mid-sized organizations in North and South America, Europe, the Middle East, Africa, Asia, and Asia-Pacific and revealed 66% of those organizations had suffered at least one ransomware attack in 2021, up...

Read More
CISA: Hackers Actively Exploiting Windows Print Spooler Privilege Escalation Flaw
Apr20

CISA: Hackers Actively Exploiting Windows Print Spooler Privilege Escalation Flaw

On February 2022 Patch Tuesday, Microsoft released a patch to fix a high severity Windows Print Spooler privilege escalation vulnerability, tracked as CVE-2022-22718, which was one of four privilege escalation vulnerabilities in the Windows Print Spooler component to be patched on February 8. The vulnerability was assigned a CVSS severity score of 7.8 out of 10 and was marked as ‘exploitation more likely’. Hackers can...

Read More
APT Actors Have Demonstrated the Capability to Attack ICS/SCADA Systems
Apr14

APT Actors Have Demonstrated the Capability to Attack ICS/SCADA Systems

Certain Advanced Persistent Threat Actors (APT) have demonstrated they have the capability to gain access to industrial control system (ICS) and supervisory control and data acquisition (SCADA) devices, including Schneider Electric programmable logic controllers (PLCs), OMRON Sysmac NEX PLCs, and Open Platform Communications Unified Architecture (OPC UA) servers, according to a joint cybersecurity alert issued by the U.S....

Read More
Microsoft Windows Autopatch to Replace Patch Tuesday
Apr12

Microsoft Windows Autopatch to Replace Patch Tuesday

Microsoft intends to replace Patch Tuesday with a new Windows Autopatch managed service, which is due to be launched in July 2022. The new automated patching service aims to speed up the patching of known vulnerabilities and reduce the cost of patch management and will turn Patch Tuesday into “just another Tuesday.” Microsoft will be making the Windows Autopatch managed service available free of charge to Windows 10 and 11...

Read More
Average Ransom Payments Increased by 78% in 2021
Mar24

Average Ransom Payments Increased by 78% in 2021

The average ransomware payment increased by 78% to $541,010 in 2021, according to the recently published 2022 Unit 42 Ransomware Threat Report from Palo Alto Networks, with the average ransom demand increasing by 144% to $2.2 million. Many ransomware gangs conducted attacks last year, but the Conti ransomware gang was the most prolific and was responsible for around one-fifth of all attacks worked on by the Unit 42 team. The REvil...

Read More
SEC Proposes 4-Day Cybersecurity Incident Reporting Deadline for Publicly Traded Companies
Mar14

SEC Proposes 4-Day Cybersecurity Incident Reporting Deadline for Publicly Traded Companies

New data breach reporting rule amendments have been proposed by the U.S. Securities and Exchange Commission (SEC) that require all publicly traded companies to report a material cybersecurity incident within 4 business days of discovery that a material cybersecurity incident has occurred. A material cybersecurity incident is any cybersecurity incident that shareholders would likely consider important. There are existing state and...

Read More
Alleged REvil Hacker Extradited to U.S. to Face Charges Over Kaseya Ransomware Attack
Mar11

Alleged REvil Hacker Extradited to U.S. to Face Charges Over Kaseya Ransomware Attack

One of the alleged affiliates of the notorious REvil/Sodinokibi ransomware-as-a-service (RaaS) operation has been extradited to the United States to face charges related to the ransomware attacks on Kaseya and other entities in the United States. The U.S. Department of Justice believes Yaroslav Vasinskyi, 22, a Ukrainian national, is a long-standing affiliate of the REvil ransomware gang who was responsible for breaching corporate...

Read More
Survey Highlights Struggles Companies Have with User-Friendly Access Management
Mar07

Survey Highlights Struggles Companies Have with User-Friendly Access Management

The password manager provider LastPass has recently published the findings of an IDC Global Survey on Identity and Access Management that has revealed many businesses are struggling to strike a balance between security and the user experience. Passwordless authentication is gaining traction, but passwords remain the primary way of preventing unauthorized account access. Password guidelines require passwords to be set that are of...

Read More

Poor Cybersecurity Practices Put Organizations’ Security at Risk

A recent survey commissioned by Mobile Mentor has revealed poor cybersecurity practices are commonplace working in highly regulated industries and those bad practices are a major threat to security. The survey was conducted by the Center for Generational Kinetics on 1,000 employees in the United States and 500 in Australia, all of whom worked in healthcare, education, finance, or the government. The study examined the endpoint...

Read More
Source Code and Internal Conti Ransomware Communications Leaked Online
Mar02

Source Code and Internal Conti Ransomware Communications Leaked Online

An unknown individual, believed to be a member of the Conti ransomware gang, has leaked sensitive internal Conti ransomware communications and the source code of its encryptor, decryptor, builder, BazarBackdoor APIs, and TrickBot C&C infrastructure. This week has seen the Conti ransomware gang suffer a series of damaging data leaks. First came the publication of internal communications between gang members that had been stolen...

Read More
CISA Warns Critical Infrastructure Entities About the Risk of Foreign Influence Operations
Feb22

CISA Warns Critical Infrastructure Entities About the Risk of Foreign Influence Operations

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning to critical infrastructure organizations about the threat of foreign influence operations. Malicious actors use a range of tactics to shape public opinion in targeted countries and undermine trust in critical infrastructure. These tactics can amplify division and sow discord, and typically involve the distribution of misinformation, disinformation,...

Read More
Free Cybersecurity Tools to Adopt to Improve Your Security Capabilities
Feb21

Free Cybersecurity Tools to Adopt to Improve Your Security Capabilities

Cybersecurity budgets are usually limited, so it is not possible to purchase multiple best-in-class cybersecurity solutions, but the good news is there are many free cybersecurity tools that can be adopted to improve security capabilities at zero cost. There is no silver bullet when it comes to cybersecurity. Several cybersecurity solutions must be used to protect against intrusions and detect and block attacks in progress, which can...

Read More
2021 Was a Record-breaking Year for Vulnerability Disclosures
Feb17

2021 Was a Record-breaking Year for Vulnerability Disclosures

Risk Based Security has released its 2021 vulnerability report which shows 2021 was a record-breaking year for vulnerability disclosures. 28,695 flaws were disclosed in 2021, which is a 23.3% increase from the 23,269 vulnerabilities disclosed in 2020. The exploitation of unpatched vulnerabilities is a common way for cybercriminals to gain access to business networks, especially ransomware actors, so it is vital for businesses to patch...

Read More
Safer Internet Day 2022: Improve Well-Being Online and Privacy and Security
Feb08

Safer Internet Day 2022: Improve Well-Being Online and Privacy and Security

Every year, a day is dedicated to making the Internet a safer place for children and young people; however, this year, rather than having a single day of activities, resources are being made available and events have been scheduled for every day of the week, with Tuesday, February 8, 2022, set as Safer Internet Day 2022. Safer Internet Day 2022 Each year has a different theme, and this year the event is focused is Improving Well-Being...

Read More
Hacker Steals $326 Million from the Wormhole Cryptocurrency Platform
Feb04

Hacker Steals $326 Million from the Wormhole Cryptocurrency Platform

A hacker has exploited a zero-day vulnerability in the Wormhole cryptocurrency platform and stole approximately $326 million in cryptocurrency. After exploiting the vulnerability, the hacker minted and stole 120,000 wrapped Ether tokens on the Solana blockchain, then converted 80,000 to Ethereum, then started to trade what remained on the Solana blockchain. The Wormhole platform is used to transfer cryptocurrency across different...

Read More
California Attorney General Shares Tips for Avoiding Identity Theft
Feb04

California Attorney General Shares Tips for Avoiding Identity Theft

California Attorney General Rob Bonta has provided Californians with tips for avoiding identity theft and fraud in recognition of Identity Theft Awareness Week 2022. Identity theft is where someone steals an individual’s personal data and uses the information to impersonate that individual in order to commit fraud, such as opening lines of credit in the victim’s name. As more people now rely on online services for work and personal...

Read More
January 28, 2022 is Data Privacy Day – A Day to Take Steps to Improve the Privacy of Personal Data
Jan28

January 28, 2022 is Data Privacy Day – A Day to Take Steps to Improve the Privacy of Personal Data

Today is Data Privacy Day – An annual day with a focus on raising awareness of best practices for keeping personal data private and confidential along with the techniques and tools that can be adopted by all individuals to better protect them against data theft, identity theft, and other types of fraud. Data Privacy Day – January 28 – started as Data Protection Day in 2006 and was initiated by the Council of Europe. Two years later,...

Read More
QNAP: Immediate Action Required to Prevent Deadbolt Ransomware Attacks on NAS Devices
Jan27

QNAP: Immediate Action Required to Prevent Deadbolt Ransomware Attacks on NAS Devices

QNAP, a Taiwanese manufacturer of network-attached storage (NAS) devices, has issued a warning to all customers to ensure they are running the latest software and to reconfigure their systems to improve resilience to ransomware attacks. A campaign has been identified involving a new ransomware variant called Deadbolt, which is being used in attacks on QNAP NAS devices that are exposed to the Internet. The campaign has only recently...

Read More
ITRC Says Record-breaking Numbers of Data Compromises Were Reported in 2021
Jan25

ITRC Says Record-breaking Numbers of Data Compromises Were Reported in 2021

New data from the Identity Theft Resource Center (ITRC) shows record numbers of data breaches were reported in 2021, beating the previous record of 1,506 data breaches set in 2017 by 23%. 1,862 data compromises were reported in 2021, which is a 68% increase from 2020. There was also a slight increase in the number of reported breaches involving sensitive information such as Social Security numbers, which jumped from 80% in 2020 to 83%...

Read More
Almost 6 Billion Credentials Were Leaked Online in 2021
Jan19

Almost 6 Billion Credentials Were Leaked Online in 2021

A new report from Atlas VPN has revealed nearly 6 billion accounts were affected by data leaks and data breaches in 2021, which made 2021 a record-breaking year for credential theft. Atlas VPN obtained information on data breaches from multiple sources and includes reported data breaches between January 1st, 2021, and December 31st, 2021. In total, more than 5.9 million unique sets of credentials were stolen or leaked online in 2021....

Read More
Accellion Proposes $8.1 Million Settlement to Resolve Class Action Data Breach Lawsuit
Jan19

Accellion Proposes $8.1 Million Settlement to Resolve Class Action Data Breach Lawsuit

Accellion has proposed an $8.1 million settlement to resolve a class action data breach lawsuit related to the December 2020 cyberattack on its legacy File Transfer Appliance. In December 2020, two Advanced Persistent Threat groups linked to FIN11 and the CLOP ransomware gang exploited vulnerabilities in the Accellion File Transfer Appliance (FTA) and exfiltrated a large about of customer data. Customers included law firms, insurance...

Read More
14 REvil Ransomware Gang Members Arrested by Russian Government
Jan14

14 REvil Ransomware Gang Members Arrested by Russian Government

The Federal Security Service (FSB) of the Russian Federation has announced 14 individuals suspected of being part of the notorious REvil ransomware operation have been arrested in coordinated raids on 25 properties in the Leningrad, Lipetsk, Moscow, and St. Petersburg regions of Russia. The FSB said the arrests were made after information was passed to the FSB from U.S. authorities about the leader of the REvil operation, along with a...

Read More
New York Attorney General Issues Business Guide for Credential Stuffing Attacks
Jan14

New York Attorney General Issues Business Guide for Credential Stuffing Attacks

The Bureau of Internet and Technology at the Office of the New York State Attorney General (OAG) has issued a Business Guide for Credential Stuffing Attacks to raise awareness of the threat and offer advice on steps that can be taken to prevent and mitigate attacks. Credential stuffing is a type of brute force attack where credentials stolen in previous data breaches are used to gain access to other online accounts. Bots are used to...

Read More
Google Announces the Acquisition of the Israeli Cybersecurity Company Siemplify
Jan06

Google Announces the Acquisition of the Israeli Cybersecurity Company Siemplify

Google has confirmed the acquisition of the Israeli cybersecurity firm Siemplify as it continues its push into the cloud-based and enterprise cybersecurity market. Siemplify was founded in Tel Aviv in 2015 by Amos Stern, Alon Cohen, and Garry Fatakhov and specializes in SOAR (security orchestration, automation, and response) technology that automates the security operations lifecycle. Siemplify has raised $58 million in investment...

Read More
LastPass Denies Data Breach After Users Claim Their Master Passwords Were Used to Access Their Vaults
Dec30

LastPass Denies Data Breach After Users Claim Their Master Passwords Were Used to Access Their Vaults

Several LastPass users have claimed their master passwords have been used by unauthorized individuals to access their password vaults, including individuals who claim never to have shared their master password with any other platform, which led to claims there had been LastPass data breach. The first attacks on users’ password vaults appear to have started on Monday, December 27, 2021. A password manager allows users to easily create...

Read More
Log4J Vulnerability Scanning Tool Released by CISA
Dec24

Log4J Vulnerability Scanning Tool Released by CISA

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a scanner that can be used to identify web services affected by the two recently disclosed Apache Log4J remote code execution vulnerabilities CVE-2021-44228 (Log4Shell) and CVE-2021-45046, which have been fixed, along with a further DoS vulnerability (CVE-2021-45105) in version 2.17. The scanner – available on GitHub here – was assembled with...

Read More
Actively Exploited Log4Shell Vulnerability in Apache Log4j is as Bad as it Gets
Dec13

Actively Exploited Log4Shell Vulnerability in Apache Log4j is as Bad as it Gets

A recently discovered vulnerability in the Apache Log4j Java-based logging library is widely considered to be one of the most dangerous vulnerabilities ever to be discovered, and it is being actively exploited in the wild. The flaw is easy to exploit, can be exploited remotely without authentication, and can allow remote code execution allowing a full server takeover. A proof-of-concept (PoC) exploit for the flaw is in the public...

Read More
Survey: 90% of IT Leaders Guilty of Reusing Passwords
Dec13

Survey: 90% of IT Leaders Guilty of Reusing Passwords

Bitwarden has released the results of its second annual Password Decisions Survey, which explored the technology being used by IT decision makers, the security risks they face and take, and their password management and password sharing practices. The survey was conducted on 400 IT decision makers by Propeller Insights. The survey confirmed that password manager solutions are now commonly used by businesses. 86% of respondents said...

Read More
30% of Security Breaches Are Caused by Poor Password Practices
Dec10

30% of Security Breaches Are Caused by Poor Password Practices

Passwords can provide a very good level of security but many people are guilty of poor password practices. While there are now alternatives to passwords that provide a greater level of security, we are not yet at the stage when passwords can be retired and passwords are likely to remain the main method of securing accounts for some time to come. GoodFirms decided to take a closer look at password practices people to identify some of...

Read More
FBI Seizes $2.3 Million in Ransomware Payments from Russian Affiliate of REvil and GandCrab RaaS Operations
Dec01

FBI Seizes $2.3 Million in Ransomware Payments from Russian Affiliate of REvil and GandCrab RaaS Operations

The Federal Bureau of Investigation (FBI) has seized 39.89 Bitcoins with a current value of around $2.3 million from a Russian national alleged to be an affiliate of the REvil (Sodinokibi) and GandCrab ransomware-as-a-service (RaaS) operations. According to a complaint that was unsealed on November 30, 2021, the funds were seized on August 3, 2021, from an Exodus wallet, which is used by individuals to store a range of different...

Read More
GoDaddy Data Breach Affects 1.2 Million Customers and 6 Web Hosts
Nov26

GoDaddy Data Breach Affects 1.2 Million Customers and 6 Web Hosts

On November 22, GoDaddy said it was the victim of a data breach that exposed the email addresses and customer numbers of up to 1.2 million active and inactive Managed WordPress users. The breach also exposed the original admin-level WordPress passwords for those accounts that were created when WordPress was first installed. The passwords could have allowed access to customers’ WordPress servers. Active customers also had their sFTP...

Read More
Survey Reveals Worrying Lack of Action by Consumers After Receiving a Breach Notification Letter
Nov22

Survey Reveals Worrying Lack of Action by Consumers After Receiving a Breach Notification Letter

The National Institute of Standards and Technology (NIST) no longer recommends regular password changes for employees, as while updating passwords every few months does improve password security on paper, forcing employees to regularly change passwords does not improve security in practice. In fact, it often makes things worse as employees start with a strong password, and over time the strength of their passwords decreases. One of...

Read More
Ransomware Attacks on CNA, Colonial Pipeline, and JBS the Result of Minor Security Lapses
Nov18

Ransomware Attacks on CNA, Colonial Pipeline, and JBS the Result of Minor Security Lapses

Ransomware attacks in 2021 have increased to record levels and no industry sector is immune. Cyber threat actors have become bolder and have conducted an increasing number of attacks on healthcare organizations, where the lack of access to systems and data has put patient safety at risk, while attacks on critical infrastructure have threatened food production and fuel availability. The escalation of attacks in the United States has...

Read More
Legitimate FBI System Hacked and Used to Send Spam Emails About Fake Cyberattack
Nov15

Legitimate FBI System Hacked and Used to Send Spam Emails About Fake Cyberattack

A spam email campaign involving at least 100,000 emails has been conducted using ‘hacked’ FBI-owned servers. The messages advised the recipients that their network had been breached and data was stolen. The emails were sent from the legitimate [email protected] email account and, as such, were passed by the DomainKeys Identified Mail (DKIM) mechanism. The Spamhaus project said the messages were delivered to at least 100,000 mailboxes,...

Read More
House of Representatives Passes Two Bills to Help SMBs Improve Cybersecurity
Nov05

House of Representatives Passes Two Bills to Help SMBs Improve Cybersecurity

Two bills have been passed by the U.S. House of Representatives that will help small- and medium-sized businesses improve cybersecurity. The Small Business Administration (SBA) Cyber Awareness Act of 2021 sailed through with a vote of 423/0, and the Small Business Development Center Cyber Training Act of 2021 had strong support, being passed with a vote of 409/14. The SBA Cyber Awareness Act of 2021 was introduced by Reps. Young Kim...

Read More
BlackMatter Ransomware Operation Shuts Down
Nov03

BlackMatter Ransomware Operation Shuts Down

Law enforcement agencies around the world have stepped up their efforts to disrupt ransomware gangs in recent months. The infrastructure of the notorious REvil ransomware gang was recently compromised by law enforcement in an international operation, Europol announced a dozen key members of ransomware gangs had been arrested in Ukraine and Switzerland, and now the BlackMatter ransomware gang has announced it is shutting down its...

Read More
Europol Announces Arrest of 12 Individuals Suspected of Conducting Over 1,800 Ransomware Attacks
Nov01

Europol Announces Arrest of 12 Individuals Suspected of Conducting Over 1,800 Ransomware Attacks

Ransomware gangs have been able to conduct thousands of attacks on businesses with little threat of being caught, but the massive increase in attacks in 2020 and 2021 has seen law enforcement efforts to combat the cybercriminal activity stepped up. In the United States, ransomware attacks have been elevated to a level similar to terrorist attacks following high profile attacks on critical infrastructure, with the U.S. and its partners...

Read More
REvil Outages and Shutdown Due to Multinational Law Enforcement Effort
Oct26

REvil Outages and Shutdown Due to Multinational Law Enforcement Effort

The ransomware attacks on Colonial Pipeline and JBS hammered home the point that ransomware attacks are a national security issue that threatens the lives of all Americans, rather than simply attacks on U.S. businesses. Following the attacks, the White House announced that additional steps would be taken to deal with the ransomware threat and disrupt the activities of ransomware groups, with additional resources made available to...

Read More
Sinclair Broadcast Group Suffers Evil Corp Ransomware Attack
Oct22

Sinclair Broadcast Group Suffers Evil Corp Ransomware Attack

The prolific Russian cybercriminal group Evil Corp has started using a new ransomware variant named Macaw Locker. The latest attack was conducted on the U.S. telecommunications conglomerate Sinclair Broadcast Group. Sinclair Broadcast Group is the second largest TV station operator in the United States and owns and operates 185 TV stations and 620 channels. The attack caused disruption to IT systems, with the technical difficulties...

Read More
$5.2 Billion in Ransomware Payments Identified by FinCEN
Oct21

$5.2 Billion in Ransomware Payments Identified by FinCEN

The U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) has identified $5.2 billion in outgoing Bitcoin transactions in cryptocurrency wallets linked to ransomware gangs, highlighting the extent to which ransomware is being used in attacks in the United States and how much money is being made by ransomware threat actors. FinCEN analyzed 635 Suspicious Activity Reports (SARs) filed by financial institutions...

Read More
Reporter Referred to Missouri Prosecutor for Notifying State About Data Leak
Oct18

Reporter Referred to Missouri Prosecutor for Notifying State About Data Leak

A reporter at the St. Louis Post-Dispatch who alerted the Missouri Department of Elementary and Secondary Education (DESE) that a web application was leaking the sensitive data of teachers and other school workers has been reported to the Cole County prosecutor by state Governor Mike Patterson. Governor Patterson has also threatened to initiate criminal proceedings against anyone who assisted the reporter or who also accessed the...

Read More
Operator of Botnet Used for DDoS and Password Spraying Attacks Arrested in Ukraine
Oct12

Operator of Botnet Used for DDoS and Password Spraying Attacks Arrested in Ukraine

A hacker alleged to be the creator and manager of a powerful botnet consisting of more than 100,000 devices has been arrested by law enforcement officers in Ukraine. The unnamed hacker was arrested at his home in Prykarpattia and computer equipment was seized that was being used to control the botnet. The botnet was used by paying customers for a variety of attacks, including Distributed Denial of Service (DDoS) attacks, spamming,...

Read More
Ransomware Intrusion Actor FIN12 is Aggressively Targeting the Healthcare Sector
Oct08

Ransomware Intrusion Actor FIN12 is Aggressively Targeting the Healthcare Sector

While healthcare providers were struggling to cope with providing care to COVID-19 patients during the pandemic, they have been under attack from ransomware gangs. One group which has been particularly active and has been targeting the healthcare industry is FIN12. Approximately 20% of the attacks conducted by FIN12 since September 2020 have been on the healthcare industry, with other targeted sectors including education,...

Read More
9 out of 10 Malware Delivered via HTTPS Encrypted Connections
Oct05

9 out of 10 Malware Delivered via HTTPS Encrypted Connections

The latest Internet Security Report from WatchGuard Technologies has confirmed the majority of malware infections occur via HTTPS encrypted connections, which demonstrates the importance of implementing a web filtering solution capable of HTTPS inspection. If HTTPS inspection is not enabled, businesses will have no visibility into HTTPS encrypted traffic and 9 out of 10 malware downloads will not be identified and blocked. The Q2,...

Read More
October is National Cybersecurity Awareness Month
Oct04

October is National Cybersecurity Awareness Month

2021 National Cybersecurity Awareness Month has kicked off with the goal of improving awareness of cybersecurity and the importance of adopting cybersecurity best practices to make it harder for hackers, phishers, and online scammers to succeed. Digital safety and security have never been more important, with cyberattacks on businesses at record levels and ransomware gangs conducting huge numbers of attacks. “Our Nation is under a...

Read More