Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Common misconceptions around MFA in M365 for MSPs

Despite its importance in securing client environments, MFA implementation often reveals knowledge gaps, misconfigurations, and missed opportunities to enforce best practices. In this article, we’ll dive into the most common pitfalls MSPs encounter with MFA and explore strategies to address them effectively. When MSPs search for answers, they're often met with a sea of information from others trying to make sense of things too.

How to Master Data Management in IoT: Tips and Techniques

Effective data management in IoT is essential for leveraging the vast data generated by interconnected devices. This article provides practical tips on collecting, processing, storing, and securing IoT data. Discover how to overcome challenges like scalability and data quality and implement strategies for better decision-making and operational efficiency.

EP 67 - The Password Problem

In this episode of the Trust Issues podcast, host David Puner sits down with Andrew Shikiar, the Executive Director and CEO of the FIDO Alliance, to discuss the critical issues surrounding password security and the innovative solutions being developed to address them. Andrew highlights the vulnerabilities of traditional passwords, their susceptibility to phishing and brute force attacks, and the significant advancements in passwordless authentication methods, particularly passkeys.

How ASPM Elevates Security for Today's Cloud Ecosystem

Cloud technology has revolutionized business operations, but the digital transformation required to adopt and scale cloud technology exposes vulnerabilities that traditional cybersecurity approaches struggle to address — often leaving organizations vulnerable to adversaries.

FBI Warns of Cybercriminals Using Generative AI to Launch Phishing Attacks

The US Federal Bureau of Investigation (FBI) warns that threat actors are increasingly using generative AI to increase the persuasiveness of social engineering attacks. Criminals are using these tools to generate convincing text, images, and voice audio to impersonate individuals and companies. “Generative AI reduces the time and effort criminals must expend to deceive their targets,” the FBI says.

Why Controversial Phishing Emails Do Not Work

Frequently, when a cybersecurity training manager sends out a controversial simulated phishing attack message that angers a bunch of employees and ends up making headlines, we get called by the media to comment on the story. Here are some examples of potentially controversial simulated phishing messages: I have read many stories of security awareness training managers sending simulated phishing emails with these types of messages, often around Christmas or other national holidays.

The Rise of Phishing Attacks: How New Domain Extensions Are Fueling Cyber Crime

In recent years, the world of cybersecurity has witnessed a concerning trend: a significant increase in phishing attacks. A new study reveals that these attacks have surged by nearly 40% in the year ending August, 2024. What's particularly alarming is the role played by new generic top-level domains (gTLDs) in this spike. While gTLDs like.shop, .top, and.xyz make up only 11% of new domain registrations, they account for a staggering 37% of reported cybercrime domains.