Most cybersecurity professionals will often try to cybersplain the importance of protection to their friends. In most social circles, many of the businesses that people work in are small businesses. Perhaps you are the owner of a small delicatessen, a dry cleaner, or you run a yoga studio, or some similar individually owned operation.

Doxxing, also spelled doxing, is when a threat actor publishes Personally Identifiable Information (PII) about their target online. This can include publishing the target’s place of employment, home address, credit or debit card numbers and any other sensitive information. The purpose of the threat actor publishing another person’s PII varies, but most commonly has to do with harassment.

Since 2013, World Password Day has been celebrated on the first Thursday of May and aims to foster better password habits. This event reminds us that passwords are the main guardians of our digital identities and that we must implement complex passwords such as passphrases capable of protecting us. In 2022 alone, 721.5 million exposed credentials were leaked online. As a result of these leaks, account takeover attacks (ATOs) are on the rise.

Information disclosed in the leaked NTC Vulkan papers allows us to investigate the high probability of cooperation between the Russian private software development company and the Russian Ministry of Defense, namely, the GRU (Sandworm), and possibly others.

On May 24th, the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Canadian Centre for Cyber Security (CCCS), the New Zealand National Cyber Security Centre (NCSC-NZ), United Kingdom National Cyber Security Centre (NCSC-UK) and the Australian Cyber Security Centre (ACSC) along with their private sector partners recently discovered a cluster of activity of interest associated with a People’s Republic of China

Following a breach by the Lapsus$ cyber gang, Jason Haddix, then CISO of UbiSoft called over 40 other CISOs to discuss strategies on how to be more resilient to attacks. Those conversations led him to create a 4 step guide to building a comprehensive secrets management program.

Over the past two months, the Cyberint research team has witnessed an extensive campaign in which threat actors are actively exploiting the recently discovered vulnerability in the PaperCut print management platform. The Cyberint research team has identified a significant trend in relation to these recent attacks and associated incidents linked to this vulnerability.

Generative AI models have a long history in artificial intelligence (AI). It all started back in the 1950s with Hidden Markov Models and Gaussian Mixture Models, and it really evolved with the advent of Deep Learning. In the past five years alone, we have gone from models with several millions of parameters to the latest being GPT-4, estimated to have over 100 trillion parameters.

As you all know, KnowBe4 frequently promotes security awareness training and we also mention that unpatched software is a distant number two issue after social engineering. We generally say that unpatched software is involved in 20%-40% of successful exploits. It's been hard though to get good figures on that for years and even CISA has not published hard numbers, even though they appear to focus on it.

A large attack surface poses significant security risks for organizations. It provides hackers with numerous opportunities to access your sensitive data. The process of attack surface reduction involves reducing all possible entry points to your sensitive resources. This is a fundamental cybersecurity practice that's critical for data breach mitigation.