Researchers at Menlo Security observed a 198% increase in browser-based phishing attacks over the past six months. “Attackers have developed tools to craft high quality large scale attacks that target the browser,” the researchers write. “Cybercrime tools, such as phish kits (PhaaS) and ransomware-as-a-service kits (RaaS), have simplified the process of launching sophisticated attacks.

The Mirai Botnet, famous for massive DDoS attacks, used SYN flood techniques to hack 600,000 IoT devices. Targets like KrebsOnSecurity, Lonestar cell, and Dyn. The impact cascaded across key service providers that relied on Dyn’s services, affecting entities such as Sony Playstation servers, Amazon, GitHub, Netflix, PayPal, Reddit, and Twitter.

Natural language prompts put the power of NQE into the hands of every networking engineer As featured in Network World, Forward Networks has raised the bar for network digital twin technology with AI Assist. This groundbreaking addition empowers NetOps, SecOps, and CloudOps professionals to harness the comprehensive insights of NQE through natural language prompts to quickly resolve complex network issues. See the feature in action.

Last week, SecurityScorecard was invited back to participate in the World Economic Forum’s Annual Meeting in Davos, Switzerland. It was a tremendous honor and, once again, we were the only security ratings company present (and one of the few cybersecurity companies). Our team spent the week with a dynamic mix of tech innovators, thought leaders, and heads of state, discussing some of the world’s most pressing political, societal, and economic challenges.

Public cloud infrastructure is, by now, the default approach to both spinning up a new venture from scratch and rapidly scaling your business. From a security perspective, this is a brand new (well, by now more than a decade old) attack surface. “Attack surface” is a commonly used term that denotes the aggregate of your exploitable IT estate, or all of the different pathways a hacker might be able to use to gain access to your systems, steal your data, or otherwise harm your business.

In a new SEC disclosure, Hewlett Packard Enterprise (HPE) announced on Wednesday that it fell prey to the same Russian intelligence group, known as Midnight Blizzard or Cozy Bear, that recently breached Microsoft's email system. This disclosure comes just a week after Microsoft reported a similar intrusion, putting the spotlight back on this notorious hacking group.

What keeps CISOs up at night? The extended, often unsecured, ever-changing attack surface of critical supply chain vendors providing an unmonitored pathway into their enterprise. Emerging zero-day vulnerabilities, like MOVEit and SolarWinds, are time-sensitive issues that require immediate attention by security teams that are often over-burdened with securing the local enterprise.

Generative AI and large language models (LLMs) are revolutionizing natural language processing (NLP), offering enhanced conversational AI experiences for customer service and boosting productivity. To meet enterprise needs, it’s important to ensure the responses that are generated are accurate as well as respect the permissions model associated with the underlying content.

The surge in Ransomware-as-a-Service affiliates is likely the reason behind the dramatic increase in the number of victimized organizations, with all indicators suggesting that this trend will persist into 2024. I love it when vendors put out a yearly summary, and do it in the first month of the next year! The data is relevant and helps paint a picture of what the industry should expect in the near future. In Cyberint’s 2023 Ransomware Recap report, we find that ransomware had quite the year.