Ransomware Attacks Speed up 44% Leaving Less Time for Detection and Response

New data suggests that the gangs and toolkits behind current ransomware attacks are materially improving their abilities, resulting in a speeding up of attacks before defenses kick in. It’s the last thing we want to hear; the threat actors are winning. But, according to Sophos’ 2023 Active Adversary Report for Tech Leaders report – at least when looking at threat actor dwell time – it seems to be the case.

Evaluating & Managing Service Provider Security Risks (in 2023)

If you’re considering partnering with a service provider, it’s essential also to consider the security risks they could introduce to your organization. In this post, we outline the primary cybersecurity risks associated with service providers and provide tips for managing them to help you safely benefit from this strategy for reducing operational costs. Take a tour of UpGuard’s Vendor Risk Management solution >

Brand Impersonation Hits a New High with as Many as 73 Lookalike Domains Per Brand

The use of lookalike domains has reached critical mass with not just one counterfeit website, but many. The second act of a phishing attack intent on tricking the victim into providing valuable information is the website they are taken to. It has to look and feel like the real thing. But it also needs to have a domain that doesn’t raise suspicion. Thus, the advent of lookalike domains.

Choosing a HIPAA Compliance Product in 2023

All covered entities must comply with HIPAA or face fines of up to $50,000 for every violation. However, with such high cybersecurity standards and insufficient implementation guidance, it's not surprising that HIPAA violations are common occurrences. To overcome the challenges of adhering to HIPAA’s stringent safeguards, covered entities are turning to HIPAA compliance software for support.

New Telekopye Phishing Toolkit Uses Telegram-Based Bots To Turn Novice Scammers into Experts

The Telekopye toolkit allows scammers to create phishing websites, send fraudulent SMS messages and emails, and target popular Russian and non-Russian online marketplaces. While toolkits are nothing new, the frequency, speed of time-to-market, and the functionality available to the “every-scammer” is becoming truly frightening.

Securing Endpoints By Applying 'Passive Income' Concepts

Investing in cybersecurity is a lot like working hard to save for retirement. Your budget’s already tight, but you must secure the future. You’re faced with endless headlines and market updates that make you nervous about making the wrong choices – or not making moves quickly enough amid fast-changing conditions.

Organizations Tie Executive Pay to Cybersecurity Performance Hoping To Enhance Protection Against Hackers

Organizations have started to recognize the importance of tying executive pay to cybersecurity metrics. This practice is gaining traction among the largest U.S. companies, with nine Fortune 100 companies incorporating cyber goals into the calculation of short-term bonuses for top executives.

Weekly Cybersecurity Recap September 8

Each week, new data breaches plague the public. This week, significant healthcare and retail breaches led to substantial data losses for customers and patients throughout the United States. With companies like Forever 21, Callaway, and United Healthcare involved, there were serious data losses. Cognizant and Indiana Medicaid were also breached this week. Learn all the details below.

[dot]US Domain Exploited for Phishing

The Interisle Consulting Group has published a paper looking at the phishing landscape in 2023, KrebsOnSecurity reports. Notably, Interisle found that the.us top-level domain is being widely abused in phishing attacks. “.US is the ccTLD of the United States and had a very large number of its domains used for phishing -- almost 30,000 domains, more than 20,000 of which were registered maliciously by phishers,” Interisle said.