The SecurityScorecard Threat Research, Intelligence, Knowledge, and Engagement (STRIKE) Team has conducted further research into the indicators of compromise (IoCs) that SysAid shared when disclosing a new vulnerability in its on-premise software last month.

Cyberterrorism exists, but it is a concept that is difficult to pigeonhole. The story is similar to “physical terrorism,” where there are always shades of gray to consider – Was something an act of terrorism, or was it just an act of gratuitous malevolence? Many acts of terrorism are definable, and the same applies to cyberterrorism. However, the blurring of the lines is even more apparent with cyberterrorism.

User credentials are the information required to authenticate a user's identity and grant them access to a system or application. Typically, this includes a username or email address and a password. While a username can be stored as plaintext in a database, sensitive information like email addresses or passwords should not. If a malicious actor gains access to your database where you store this information, you don't want to hand over this information to them easily.

New data shows how the overwhelming majority of phishing attacks on financial institutions dwarf every other industry sector by as much as a factor of 30-to-1. It’s no secret that banks and other types of financial institutions hold all the money, so it should be no surprise that's where cybercriminals focused their malicious activities last year, according to Group IB’s Digital Risk Trends 2023 report.

It is easy to assume that security tools are effectively configured right out of the box, so to speak. This scenario is all too common and can lead to severe consequences, such as data breaches if an organization implements software solutions with improper security configurations.

You might recall hearing that we officially launched our Global Partner Program. It was important for us to ensure that our CleanINTERNET® solution was available immediately in the UK, and thanks to our latest partnership with Tiger this is now possible. Our innovative technology is currently deployed by over 100 customers in the U.S.

Researchers at McAfee warn that attackers are increasingly utilizing PDF attachments in email phishing campaigns. “Over the last four months, McAfee Labs has observed a rising trend in the utilization of PDF documents for conducting a succession of phishing campaigns,” the researchers write. “These PDFs were delivered as email attachments. Attackers favor using PDFs for phishing due to the file format’s widespread trustworthiness.".

It’s the small vines, not the large branches, that trip us up in the forest. Apparently, it’s no different in Healthcare. In November, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Mitigation Guide aimed at the Healthcare and Public Health (HPH) sector.

Keeper Security has released the third part of its series on Privileged Access Management (PAM) research, the Keeper Security Insight Report: Cloud-Based Privileged Access Management, to determine what IT leaders are seeking in a PAM solution and the benefits of moving away from traditional, on-premises platforms.

In the rapidly evolving digital landscape, the importance of a well-constructed cybersecurity plan cannot be overstated. However, the effectiveness of any cybersecurity strategy significantly depends on how well it integrates threat intelligence. Threat intelligence involves understanding, analyzing, and using knowledge about existing and potential cyber threats to make informed security decisions.