Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A journalist in Pennsylvania was targeted by phishing attacks that involved thread hijacking, according to Brian Krebs at KrebsOnSecurity. The journalist for LancasterOnline, Brett Sholtis, had written a story last year about a wealthy businessman named Adam Kidan who pleaded guilty to fraud in 2005. Several months after the story was published, Sholtis received two emails from Kidan’s email account.

The UK government's third phase of research shows how well UK organizations have been improving their cybersecurity efforts but indicates that the risk from certain attacks have only been reduced marginally. As part of the UK government’s National Cyber Strategy, their Cybersecurity Longitudinal Survey has been run three times to show how well UK businesses and charities are working to improve their state of cybersecurity.

I recently saw a post on LinkedIn from a managed service provider (MSP) who had turned down an opportunity because the prospect used Google Workspace. While I understood their reasoning for doing this, it did get me thinking: Why are MSPs so hesitant to work with Google? I created a casual poll on LinkedIn and the results revealed a significant trend: a majority of MSPs seem to be bypassing Google Workspace as a viable service offering.

As the adoption of AI models, particularly large language models (LLMs), continues to accelerate, enterprises are growing increasingly concerned about implementing proper security measures to protect these systems. Integrating LLMs into internet-connected applications exposes new attack surfaces that malicious actors could potentially exploit.

Dive into our recap of AltCloudCon, a community-led, developer-focused event offering practical insights for responsibly harnessing AI and securing cloud infrastructure.

By being aware of these scams and taking steps to protect yourself, you can safeguard your personal and financial information.

In the face of increasingly frequent and severe cyber attacks, organizations with strong cybersecurity maturity are working hard to manage and mitigate their risk, while recognizing that these may no longer be enough.

You should use a password manager in 2024 because a password manager protects your login credentials and keeps your online data safe. Password managers do more than just protect and store passwords; they also store your passkeys, generate new, strong passwords, and let you store and securely share important documents such as medical records, identification cards, credit cards and more. Continue reading to learn why using a password manager is important in 2024 and the risks associated with not using one.

It seems as though responders cannot catch a break when it comes to 0-day vulnerabilities and supply chain compromise avenues. On March 29th, 2024, the Cybersecurity & Infrastructure Security Agency published an alert regarding a supply chain compromise of the XZ Utils package. At time of writing, there is no information regarding exploitation of the vulnerability and follow-on post-compromise activity.

On March 28th, Red Hat released an advisory for CVE-2024-3094 which is a critical vulnerability identified in XZ Utils – a widely used data compression software included in many Linux distributions. This vulnerability stems from a backdoor inserted in versions 5.6.0 and 5.6.1 of XZ Utils and has been given a CVSS score of 10 out of 10, indicating its severity as critical.