Illustration by Derrick Deepak Roy Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. This week, we explore phishing attacks and how they’ve evolved in recent times. Way back in the 1990s, or so the story goes, users unwilling to pay for access to the internet would hunt for others’ login credentials to keep browsing for free.

Since the beginning of 2022, the unfolding geopolitical conflict between Russia and Ukraine has resulted in the discovery of new malware families and related cyberattacks. In January 2022, a new malware named WhisperGate was found corrupting disks and wiping files in Ukrainian organizations. In February 2022, another destructive malware was found in hundreds of computers in Ukraine, named HermeticWiper, along with IsaacWiper and HermeticWizard.

When a company implements multifactor authentication, the organization is usually confident that it’s using the best system possible. However, not all MFA is built the same and there are times when the MFA solution being implemented is not delivering the protection required.

A month ago I tweeted about my annoyance with SSO or Single Sign On. While single is in the name, I’m required to “single sign on” multiple times a day. I’m not the only one; the tweet went viral with over 25k likes and 2 Million impressions. The tongue-in-check tweet created a lot of fun responses and more rage against SSO user experience than I expected. SSO was meant to solve password fatigue but we got something worse.

A six-figure surprise is awesome when it’s a lottery win. It’s not so awesome when it’s the “Amount Due” appearing in your monthly cloud bill. But enterprises receive these “surprises” all the time, and what can sting even more is trying to explain this preventable expense to management. Inefficient (not optimized) traffic routing to and from your various cloud instances and other services can hurt your business in other ways too.

63%. That's the number of SOC analysts who say they are likely to switch jobs in the next year, according to our Voice of the SOC Analyst report. Considering that SOC teams are understaffed and that the cybersecurity industry as a whole is facing severe staffing shortages, team leaders need to ensure that they're doing everything they can to retain their talent. However, SOC leaders may not know exactly what approach to take.

Contract with a third-party for managed SIEM services is increasingly affordable and requested by all-size organizations. Without any doubt, the advantages associated with this service allow monitoring, analyzing, and responding to cyber security threats more cost-effectively. However, what is a managed SIEM precisely? Is the price the only feature to take into account? What is the difference between a managed SIEM Provider (MSP) and a Managed Security Service Provider (MSSP)?

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. It has been a while since a really bad widespread issue with Linux hit, but here we are…