Attackers are exploiting Reflected Cross-Site Scripting (XSS) flaws to bypass security filters, according to a new report from Vipre. This technique allows attackers to send benign links in phishing emails that will redirect users to malicious sites. Vipre also found that attackers are increasingly using links instead of malicious attachments in their phishing emails. “Three years ago, it was a 50/50 split between phishing emails utilizing links versus attachments,” the researchers write.

Trend analysis of ransomware attacks in the first quarter of this year reveals a continual increase in the number of "unknown" initial attack vectors, and I think I might understand why. There are two reports that you should be keeping an eye on—the updated Verizon Data Breach Report and ransomware response vendor Coveware’s Quarterly Ransomware Reports. In their latest report covering Q1 of this year, we see a continuing upward trend in “unknown” as the top initial attack vector.

Trustwave SpiderLabs’ latest report, the 2024 Public Sector Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies details the security issues facing public sector security teams as they try to strike a balance between supplying needed services and deploying the cybersecurity necessary to protect data placed in their charge. The need for the highest level of security has never been greater.

Enterprise attack surface expansion has become a focal point for IT security teams. The relentless pursuit of securing every endpoint and countering new threats with the latest technology is not just costly; it's also unsustainable. Despite these efforts, breaches continue to occur, often through new or unorthodox attack vectors that bypass traditional perimeter defenses.

Introduction AsyncRAT, also known as "Asynchronous Remote Access Trojan," represents a secretive form of malware meticulously crafted to infiltrate computer systems and exfiltrate critical data. Recently, McAfee Labs unveiled a novel avenue through which this insidious threat proliferates, elucidating its inherent peril and adeptness at circumventing security measures.

As the full scope of the Change Healthcare cyber attack and ransomware story unfolds, a new leading gang has emerged known as ‘RansomHub’. This ‘new’ group has been claiming more victims since the massive February ransomware and data breach attack. On April 8, Forescout Research – Vedere Labs obtained samples used by RansomHub affiliates in a separate incident.

What do you get when you bring soaring numbers of connected devices online around the world—more than 29 billion by 2027? For consumers and businesses, the Internet of Things (IoT) promises a life of ever-increasing convenience, efficiency, and insight. Unfortunately, cybercriminals have just as much to celebrate.

K-12 schools, colleges, and universities store massive amounts of personal information for students, parents, and employees. This means that, while they may not make the news as much as other breaches, schools, colleges, and universities are under constant attack by modern threat actors.

As with every year, the Verizon DBIR is released, with data involving more than 10,000 breaches that have been dissected and used to create the report’s baseline. Cyberint’s Research team inspected the document to understand where the cyber security realm is heading, the important trends in data breaches and incidents, and what we need to look for moving forward in 2024.