Security

New data covering cyber insurance claims through 2023 shows claims have increased while reaffirming what we already know: phishing and social engineering are the real problem. If you’ve read enough of my articles, you already know my view is a bit skewed towards the need for Read More

The malware-less and seemingly benign nature of business email compromise emails, mixed with impersonation techniques, are difficult to spot as being malicious, making them even more dangerous. I’ve covered both the threat of business email compromise and response-based email Read More

New data on the state of email security shows that nearly every organization has been the target of a phishing attack as attacks increase in sophistication. While organizations are attempting to shore up their cybersecurity defenses, Mimecast’s State of Email Security report Read More

The Ohio Supreme Court ruled in favor of an insurance company, determining that its contract to cover any direct physical loss or damage to property did not encompass ransom payments made when a hacker illegally gained access to medical billing software company EMOI’s Read More

With ransomware attacks becoming more frequent, evasion getting more sophisticated, and ransoms increasing, new data shows organizations aren’t fighting for staff and budget. As ransomware attacks now reach downtime costs of over $160 billion, this prevalent attack is Read More

Fresh data on data breach costs from IBM show phishing, business email compromise, and stolen credentials take the longest to identify and contain. There are tangible repercussions of allowing your organization to succumb to a data breach that starts with phishing, social Read More

Just in time for the holidays is a new, major cybersecurity threat that has tech companies mobilizing to remediate a software vulnerability. The Log4shell vulnerability was identified in Apache’s Log4J software library. The library enables developers to track changes in the Read More

A new notification from the FBI warns organizations of attacks at the perfect time when organizations are spending money, new people are being introduced, and operations are in flux. Threat actors like nothing more than a dash of chaos when it comes to timing their attacks. If Read More

Vendor Email Compromise requires first taking control of a strategic email account within the victim organizations. According to new data, cybercriminals are getting really good at this. Vendor Email Compromise – an attack where an email account is actually taken over rather than Read More

The fallout after a ransomware attack is more devastating than previously thought. New data spells out what you should really expect after being hit with ransomware. When we consider what happens after a ransomware attack, we normally think about remediation steps – Read More

It appears that working from home causes employees to develop some very bad cyber habits, demonstrating that cybersecurity hygiene went from bad to worse mid-pandemic. We’d like to think we’re just as secure while working from home. But a new survey from 2FA vendor Yubico of Read More

Researchers at Armorblox describe several recent phishing scams that managed to bypass email security filters. The first attempted to gain access to users’ Facebook accounts. “Recently, the Armorblox threat research team observed an email impersonating Facebook attempt to hit one Read More

Taking advantage of people’s need for financial assistance, these scammers pose as a bank offering “forgivable business loans to individuals impacted by the pandemic.” Nothing says lowlife more than someone who purposely targets those who are already down and out. Those Read More

With an average of 626 ransomware attacks weekly on health care organizations, it’s evident that the bad guys are stepping up their tactics and focus where they believe the money to be. Health care as a target industry has always been somewhere in the top 10 or even top five Read More

The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has sanctioned multiple ransomware criminals over the last few years, most notably the Russian cybercrime syndicate aptly named Evil Corp. However, not only Eastern European hackers were sanctioned, Read More