Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In today’s digital landscape, cybersecurity threats are evolving at an alarming rate. With the growing number of cyber-attacks and data breaches, businesses must prioritise their security measures to protect sensitive information and safeguard their reputation. Penetration testing is an essential component of this defence strategy.

We hear a lot about the cybersecurity skills gap, which the latest research puts at 3.4 million globally. There are lots of reasons why organizations find themselves dealing with a skills deficit — from an actual dearth of qualified talent to internal factors including turnover, lack of budget/competitive wages, limited opportunities for growth and promotion, and lack of training. One aspect that is within a company’s control, but is often unremarked, is unrealistic hiring practices.

Read how the latest addition to GitGuardian code security platform, automates vulnerability detection, prioritization, and remediation in software dependencies, directly impacting the health of your codebase.

You're browsing your inbox and spot an email that looks like it's from a brand you trust. Yet, something feels off. This might be a phishing attempt, a common tactic where cybercriminals impersonate reputable entities — we've written about the top 50 most impersonated brands used in phishing attacks. One factor that can be used to help evaluate the email's legitimacy is its Top-Level Domain (TLD) — the part of the email address that comes after the dot.

In February 2024, Lookout discovered an advanced phishing kit targeting the Federal Communications Commission (FCC), along with several cryptocurrency platforms. While most people think of email as the realm of phishing attacks, this threat actor — known as CryptoChameleon — used the phishing kit to build a carbon copies of single sign-on (SSO) pages, then used a combination of email, SMS, and voice phishing to target mobile device users.

Does your security team have dozens of tools to manage, all with disparate user experiences, data models, and capabilities? Unfortunately, this is the result of many traditional SIEM solutions that lack the ability to integrate all features. This creates a big challenge for your SOC because analysts have to ensure they’re using the right tool at the right time to detect attacks. But today, there’s a better option.

As the threat landscape continues to evolve, cybercriminals are relentlessly refining their phishing tactics. This means that many of the tips and tricks organizations have told their employees to use in the past to spot a malicious email are no longer as effective in safeguarding their digital environments. Here, we dissect three commonly cited phishing detection strategies and unveil their limitations in the face of advanced cyber threats.

In the intricate landscape of defense contracting, the Cybersecurity Maturity Model Certification (CMMC) has emerged as a beacon for fortifying the defense industrial base’s cybersecurity posture. Central to CMMC compliance is the critical process of scoping – a systematic approach to identifying systems and assets subject to assessments. Let’s delve into the essence of scoping, emphasizing its significance, and understanding how it evolves through different CMMC levels.

The European Union (EU) Artificial Intelligence Act is a key landmark legislation that represents one of the first laws to go into effect regarding the application and use of artificial intelligence (AI) technology. This historic regulatory framework was created to govern the use, development, and deployment of AI systems within the EU and establish an operational cyber framework for businesses.

Email makes modern communications work. We use email for keeping in touch with friends and family, organizing business activities, and tracking a variety of other needs. But how does email actually work and why do you get so many spam emails? That all comes down to email messaging protocols.