No, you don’t have to change your password every 90 days. This idea of regularly changing your password is known as password rotation. The main benefit of changing your passwords so often is to prevent unauthorized users from accessing private information. For personal accounts, changing your passwords every 90 days can actually end up being worse than keeping them the same.

Nowadays, financial organizations rely heavily on information and communication technology (ICT) to support remote operations. While ICT enhances operational efficiency and customer experience, it significantly increases cybersecurity risks in the financial sector. To mitigate cybersecurity risks related to ICT, the European Union (EU) has developed a specific regulation: the Digital Operational Resilience Act.

For over a decade, a massive vulnerability that could have unleashed a huge supply chain attack lay dormant. Luckily the good guys found it first or so it seems. This month we are taking a look at CVE-2024-38368.

While the Fourth of July is typically considered a day of celebration for those in the U.S., many don’t realize it’s also a period of heightened risk. In fact, this isn’t unique to the Fourth of July: holidays often see an uptick in cybersecurity threats. With the Fourth of July nearly upon us, let’s examine why this happens and how you can protect yourself and your business.

A newly discovered spyware tool named MerkSpy is targeting users in Canada, India, Poland, and the U.S., exploiting a patched security flaw in Microsoft MSHTML. This campaign, identified by Foresiet researchers, highlights the critical need for vigilant cybersecurity practices, including stolen credentials detection, darknet monitoring services, and digital footprint analysis. Attack Overview The attack begins with a Microsoft Word document disguised as a job description for a software engineer.

In Part 1, the existing global regulations around IoT were introduced. In this part, the challenge of complying with these rules is examined.

As businesses continue to expand their reliance on cloud security and privileged access management, the imperative to implement least privilege access in a manner both effective and efficient cannot be overstated. Yet, with the increasing complexity of information systems and the proliferation of privileged accounts, manually administering and enforcing the least privilege principle poses substantial challenges.

‍After unearthing evidence as early as May 2024, cloud computing–company Snowflake released an official statement on June 2, reporting that they were investigating a series of targeted cyber events. A week later, Google's Mandiant, who, alongside Crowdstrike, is aiding Snowflake in this investigation, concluded that clients had been attacked after malicious actors had gotten access to compromised credentials.