I have been in the cybersecurity industry for over 35 years and I am the author of 14 books and over 1,400 articles on cybersecurity. I regularly speak with thousands of cybersecurity practitioners each year. Nearly every day, I see (good) cybersecurity advice, but some of it is just a bit shy of what is needed…such as “Use MFA!”. That is good advice, but is not specific enough. It does not give enough detail. There is a slight adjustment needed to get the most benefit.

Social media has become an indispensable tool for communication, outreach, and engagement. From world leaders to high-profile individuals, these platforms offer an unparalleled opportunity to connect with the masses. However, as recent incidents have shown, the very same platforms can also be a double-edged sword, exposing vulnerabilities and putting sensitive information at risk.

A new campaign of StrelaStealer attacks identified by security analysts at Unit42 has been spotted targeting E.U. and U.S. organizations. This somewhat new infostealer has evolved to be even better at evading detection in a new string of campaigns aimed at stealing email credentials from well-known email clients.

The Australian Government has leveraged insight from cybersecurity experts to create a new six-part plan to combat cybersecurity over the coming decade. The cybercrime economy is booming and growing every year. What’s needed is a bold vision to not just respond to the current state of threats, but to jump years ahead of it. And that’s what we find in the Australian Government’s 2023-2030 Australian Cybe rsecurity Strategy.

A new string of multi-factor authentication (MFA) attacks targeting the reset of Apple IDs seem to be popping up in a likely attempt to steal the victim’s digital identity and more. A recent post on Twitter/X from entrepreneur Parth Patel outlines his experience when his phone became inundated with requests to reset his Apple ID password – to the tune of over 100.

New data shows that the attacks IT feels most inadequate to stop are the ones they’re experiencing the most. According to Keeper Security’s latest report, The Future of Defense: IT Leaders Brace for Unprecedented Cyber Threats, the most serious emerging types of technologies being used in modern cyber attacks lead with AI-powered attacks and deepfake technology. By itself, this information wouldn’t be that damning.

New TTP attack data covering 2023 sheds much needed light on the threat actor and user actions that are putting organizations at the most risk. In cybersecurity vendor ReliaQuest’s Annual Cyber-Threat Report: 2024, there is a ton of great detail mapped to the MITRE ATT&CK Framework outlining which threat actions are used and how organizations are most effectively fighting back and stopping attacks.

A trojanized version of the McAfee Security app is installing the Android banking Trojan “Vultur,” according to researchers at Fox-IT. The attackers are spreading links to the malicious app via text messages and phone calls. “In order to deceive unsuspecting individuals into installing malware, the threat actors employ a hybrid attack using two SMS messages and a phone call,” the researchers write.

A journalist in Pennsylvania was targeted by phishing attacks that involved thread hijacking, according to Brian Krebs at KrebsOnSecurity. The journalist for LancasterOnline, Brett Sholtis, had written a story last year about a wealthy businessman named Adam Kidan who pleaded guilty to fraud in 2005. Several months after the story was published, Sholtis received two emails from Kidan’s email account.

The UK government's third phase of research shows how well UK organizations have been improving their cybersecurity efforts but indicates that the risk from certain attacks have only been reduced marginally. As part of the UK government’s National Cyber Strategy, their Cybersecurity Longitudinal Survey has been run three times to show how well UK businesses and charities are working to improve their state of cybersecurity.