The latest strain of Snatch ransomware performs a devious task to ensure tools designed to protect against ransomware are nowhere to be found during encryption. This one is pure, evil genius! The latest variant of Snatch has been identified by the researchers at Sophos. Infecting Read More

Leveraging vulnerable website content management platforms, these attacks seek to trick users into installing malware under the guise that their web browser is out-of-date. We all know that eventually, your web browser will need to be updated. So, it’s not so out-of-the-ordinary Read More

A new report from the National Cyber Security Alliance sheds some light on how prepared small- and medium-size businesses are and what the aftermath of a data breach really looks like. When 1,000 small business owners open up to talk about cybersecurity, it’s probably a good idea Read More

Are cybercriminals counting on the victim’s simple cost-to-benefit decision to have their cyber-insurer pay the ransom? And, if so, are they targeting companies with cyberinsurance? We’ve discussed the rising uptick of ransomware attacks in frequency, sophistication, and Read More

Social engineering tactics seek to use any means that’s familiar to the intended victim – and unsubscribing is perceived as being so benign, it may just be the perfect way to fool your users. While I can’t think of a single website I’ve visited in the last year that sends me an Read More

A Florida city is still struggling to recover from a ransomware attack two weeks after the city paid the ransom, according to the New York Times. The attack began after a city employee downloaded a malicious document that arrived in an email. This document downloaded the Emotet Read More

It’s impossible to avoid the risk of phishing attacks entirely, since employees still need to do their jobs, as Kelly Sheridan at Dark Reading puts it. Sheridan points to a recent report from Cisco which shows that phishing attacks are increasing in number while getting harder to Read More

Payment fraud continues to soar, as a record 82 percent of organizations reported incidents in 2018, according to the 2019 AFP Payments Fraud & Control Survey, underwritten by J.P. Morgan. Large organizations were particularly vulnerable to payments fraud, as businesses with Read More

Passwords serve as the foundation for most security today. But security vendor SpyCloud has recovered over 3.5 billion credentials, demonstrating just how insecure they really are. We’d like to think that in this day and age, users are aware that they need to use secure Read More

New data shows a surge in attacks, what industries are targets, which users are at risk, and what you can expect to see in the future. It’s a simple trend, really: cybercriminals are getting smarter on how they play the cyberattack game. They are no longer resorting to shotgun Read More

There’s yet another reason to not let your employees go looking for a new job on company time: cybercriminals are now leveraging recruitment sites. According to risk intelligence vendor Flashpoint, the number of mentions of activity, the availability of compromised credentials, Read More

Troy Hunt, the founder of Haveibeenpwned came out with some brand new numbers that show there’s bad news and there’s more bad news. A few months ago he launched V2 of his Pwned Passwords list (half a billion of them) and the idea is to make them into a blacklist, as Read More

Webroot revealed results from its 2018 annual threat report, which demonstrated attackers are constantly trying new ways to get around established defenses. The data illustrates that attacks such as ransomware are becoming a worldwide threat and are seamlessly bypassing legacy Read More

For the second year in a row, “123456” remained the top password among the millions of cleartext passwords exposed online thanks to data breach incidents at various providers. While having “123456” as your password is quite bad, the other terms found on a Read More

Kon Leong at Harvard Business Review wrote an excellent article about the problem of employees exposing your organization to cyber threats through human error. Here is an extract: Today, cybersecurity has expanded far beyond its traditional domain of external threats, typified by Read More