According to my research, it became clear that if CISO's focused on these three items, it would take care of 99% of the vulnerabilities. One: There are three top root hacking causes, and they comprise almost all of the cybersecurity risk most organizations face: These three most popular root hacking causes are often co-mingled together to bring about the desired effect.

The specter of cybercrime continues to grow, with losses soaring to $12.5 billion in 2023, according to the recently released Internet Crime Report by the FBI's Internet Crime Complaint Center (IC3). The revelations underline an alarming surge in cybercrime, affecting both business and personal interests alike, with the main attack vectors being investment fraud, business email compromises and an increased surge of ransomware attacks on nearly every critical infrastructure sector.

The construction of a more cyber resilient European Union (EU) took a remarkable step forward this past week as negotiators from the European Parliament and the European Council reached a provisional agreement on the proposed Cyber Solidarity Act. Proposed last year, the Cyber Solidarity Act is composed of three key pillars that seek to crack the daunting challenge of detecting, preparing for, and responding to cybersecurity threats and incidents that shake up the security sphere.

A recent report reveals a significant discrepancy in the priorities of mid-market IT departments when it comes to addressing cyber threats. It's somewhat ironic that IT professionals find themselves entangled in a logical paradox when responding to surveys, as demonstrated by Node4’s Mid-Market IT Priorities Report 2024.

New analysis of DNS queries shows material growth in phishing, malware and botnets and offers insight into how many threats the average person experiences. Most of the reports I cover use detection on an endpoint, a security solution, or the corporate network for their analysis, but the 2024 Annual Security Report from DNSFilter feels a bit more impartial because it uses DNS queries to determine whether whether malicious activity is occuring.

Researchers at Lookout have discovered a sophisticated phishing kit that’s targeting employees at the US Federal Communications Commission (FCC), as well as employees of cryptocurrency exchanges Binance and Coinbase. The kit also targets users of cryptocurrency platforms, including Binance, Coinbase, Gemini, Kraken, ShakePay, Caleb & Brown and Trezor.

A recent great article by BleepingComputer about domain hijacking and DMARC abuse reminded me that many companies and people do not understand DMARC well enough to understand what it does and how it helps to prevent phishing. And look-alike and neglected domains challenge its protective value to unknowledgeable email recipients. This article is about how to understand and proactively use DMARC. DMARC.

Analysis of the second half of 2023 shows attackers are getting more aggressive with email-based phishing attacks in both frequency and execution. Until there’s a catch-all way to stop malicious emails from being an effective means of initial attack, phishing will continue to grow as the primary initial attack vector for cybercriminals.