Are cybercriminals counting on the victim’s simple cost-to-benefit decision to have their cyber-insurer pay the ransom? And, if so, are they targeting companies with cyberinsurance? We’ve discussed the rising uptick of ransomware attacks in frequency, sophistication, and Read More

Social engineering tactics seek to use any means that’s familiar to the intended victim – and unsubscribing is perceived as being so benign, it may just be the perfect way to fool your users. While I can’t think of a single website I’ve visited in the last year that sends me an Read More

A Florida city is still struggling to recover from a ransomware attack two weeks after the city paid the ransom, according to the New York Times. The attack began after a city employee downloaded a malicious document that arrived in an email. This document downloaded the Emotet Read More

It’s impossible to avoid the risk of phishing attacks entirely, since employees still need to do their jobs, as Kelly Sheridan at Dark Reading puts it. Sheridan points to a recent report from Cisco which shows that phishing attacks are increasing in number while getting harder to Read More

Payment fraud continues to soar, as a record 82 percent of organizations reported incidents in 2018, according to the 2019 AFP Payments Fraud & Control Survey, underwritten by J.P. Morgan. Large organizations were particularly vulnerable to payments fraud, as businesses with Read More

Passwords serve as the foundation for most security today. But security vendor SpyCloud has recovered over 3.5 billion credentials, demonstrating just how insecure they really are. We’d like to think that in this day and age, users are aware that they need to use secure Read More

New data shows a surge in attacks, what industries are targets, which users are at risk, and what you can expect to see in the future. It’s a simple trend, really: cybercriminals are getting smarter on how they play the cyberattack game. They are no longer resorting to shotgun Read More

There’s yet another reason to not let your employees go looking for a new job on company time: cybercriminals are now leveraging recruitment sites. According to risk intelligence vendor Flashpoint, the number of mentions of activity, the availability of compromised credentials, Read More

Troy Hunt, the founder of Haveibeenpwned came out with some brand new numbers that show there’s bad news and there’s more bad news. A few months ago he launched V2 of his Pwned Passwords list (half a billion of them) and the idea is to make them into a blacklist, as Read More

Webroot revealed results from its 2018 annual threat report, which demonstrated attackers are constantly trying new ways to get around established defenses. The data illustrates that attacks such as ransomware are becoming a worldwide threat and are seamlessly bypassing legacy Read More

For the second year in a row, “123456” remained the top password among the millions of cleartext passwords exposed online thanks to data breach incidents at various providers. While having “123456” as your password is quite bad, the other terms found on a Read More

Kon Leong at Harvard Business Review wrote an excellent article about the problem of employees exposing your organization to cyber threats through human error. Here is an extract: Today, cybersecurity has expanded far beyond its traditional domain of external threats, typified by Read More

Our colleagues at Phishme released the results of their US Phishing Response Trends Report, which looked at the phishing response strategies of two hundred senior IT security decision-makers across a variety of large industries in the United States. The report shows that Read More

Executive Summary The second annual Cyren-Osterman Research U.S. security survey shows a significant disconnect between rising IT security spending and a low level of confidence in current protection, among many topics covered in the 24-page report, “IT Security at SMBs: Read More