Organizations have started to recognize the importance of tying executive pay to cybersecurity metrics. This practice is gaining traction among the largest U.S. companies, with nine Fortune 100 companies incorporating cyber goals into the calculation of short-term bonuses for top executives.
The Interisle Consulting Group has published a paper looking at the phishing landscape in 2023, KrebsOnSecurity reports. Notably, Interisle found that the.us top-level domain is being widely abused in phishing attacks. “.US is the ccTLD of the United States and had a very large number of its domains used for phishing -- almost 30,000 domains, more than 20,000 of which were registered maliciously by phishers,” Interisle said.
New data suggests that the gangs and toolkits behind current ransomware attacks are materially improving their abilities, resulting in a speeding up of attacks before defenses kick in. It’s the last thing we want to hear; the threat actors are winning. But, according to Sophos’ 2023 Active Adversary Report for Tech Leaders report – at least when looking at threat actor dwell time – it seems to be the case.
Identity and authentication management provider Okta has warned of social engineering attacks that are targeting IT workers in an attempt to gain administrative privileges within organizations’ networks.
I frequently write about authentication, including PKI, multi-factor authentication (MFA), password managers, FIDO, Open Authentication, and biometrics. I have written dozens of articles on LinkedIn and have presented during many KnowBe4 webinars about different authentication subjects. I have been professionally writing about authentication since at least November 2004, when I wrote my first ebook for Windows & IT Pro magazine on password attacks and security.
The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that scammers are exploiting the recent hurricanes that have hit the US. Criminals frequently impersonate charities and related organizations following natural disasters.
Customization, Your Way: With Content Manager you can customize your training content preferences effortlessly. Adjust passing scores, infuse branded themes, allow test-outs, and say goodbye to content skipping. And here's the kicker – it's available across all subscription levels.
As Phishing as a Service (PhaaS) kits continue to evolve, news like recent attacks using the Greatness toolkit demonstrate how easy it is for novice attackers to access accounts despite multi-factor authentication (MFA) being enabled. We’ve seen plenty of adversary-in-the-middle (AiTM) attacks over the years, where the threat actor inserts themselves (in one form or another) into an existing communication, impersonating one of the parties in the communication.
British Intelligence has come up with a potentially very effective means to disrupt ransomware attacks, but there seems to still be a few kinks in the system. The phone rings at your U.K. office and it’s the U.K. government’s National Cyber Security Centre (NCSC) letting you know they’ve detected a potential cyberattack.
New data shows a massive uptick in attacks across all industries, but a particularly worrisome growth in interest in targeting the public sector – and the indicators of who’s responsible may surprise you.
