On December 26, 2023, the Office of Information and Regulatory Affairs (OIRA) released the 234-page Cybersecurity Maturity Model Certification (CMMC) proposed rule. This kicked off a 60-day public request for comments. The final rule is expected to be released in early March 2024, and some industry experts expect it to go into effect as late as Q1 of 2025.. This kicked off a 60-day public request for comments.

Spear phishing and voice phishing (vishing) are on the rise in the trucking industry, according to a new report from the National Motor Freight Traffic Association (NMFTA). “Spear phishing is still one of the most effective tools attackers have to breach networks,” the report says.

I’ll be honest – the last time someone asked me to assess my behavior was in therapy. Difficult? Yes. Who likes to audit themselves? But that process taught me something valuable: evaluating ourselves, even when uncomfortable, propels us forward. In my many conversations with security professionals, one common theme emerges. We need continuous progress forward as security organizations for the business.

The cyber security landscape presents new challenges and threats, with the projected number of global IoT-connected devices expected to exceed 75 billion by 2025. By the end of next year, cyber-attacks are expected to cost the global economy over $10.5 trillion, highlighting the urgent need for security operations advancements. This blog will explore 13 cybersecurity trends in the evolving cybersecurity landscape for the new year.

Cybersecurity's overarching purpose is to better protect an organization against cyber events. However, especially in the corporate setting, it's not enough for chief information security officers (CISOs) to say they've implemented a patch or a firewall and, therefore, their systems are "more" secure. Not only is the result’s description vague, but it also offers very little insight into its ROI. ‍

Researchers at Menlo Security observed a 198% increase in browser-based phishing attacks over the past six months. “Attackers have developed tools to craft high quality large scale attacks that target the browser,” the researchers write. “Cybercrime tools, such as phish kits (PhaaS) and ransomware-as-a-service kits (RaaS), have simplified the process of launching sophisticated attacks.

The Mirai Botnet, famous for massive DDoS attacks, used SYN flood techniques to hack 600,000 IoT devices. Targets like KrebsOnSecurity, Lonestar cell, and Dyn. The impact cascaded across key service providers that relied on Dyn’s services, affecting entities such as Sony Playstation servers, Amazon, GitHub, Netflix, PayPal, Reddit, and Twitter.