In January 2023, PrivateLoader, a malware loader from a pay-per-install malware distribution service called “ruzki”, started to distribute Tofsee (a.k.a. Gheg), a modular spambot. Spambots are typically utilized by cybercriminals to spread malware and phishing emails, and this particular one has been in operation since at least 2008.

As technology becomes more prevalent in our lives, the risk of cybersecurity incidents is also increasing. Cybersecurity incidents can cause significant damage to organizations, including financial loss, reputational damage, and theft of sensitive data. Therefore, it is essential to have a robust cybersecurity system in place to protect against cyber-attacks. Artificial intelligence (AI) is one technology that can be used to predict cybersecurity incidents and mitigate their associated risks.

Recently, we discussed the most effective cybersecurity frameworks to reduce the risk of cyber threats. One of the most important systems is the Federal Information Security Management Act (FISMA). This act applies to certain organizations, and is imperative to help protect them against data breaches. Let’s take a look at four things to know about FISMA, from what it is to how to monitor FISMA compliance.

With tax day in the U.S. fast approaching, most people are opting to e-file their returns. But while online tax filing and payment have become more popular, so have tax scams targeting unsuspecting taxpayers. Here are some common online tax scams to avoid.

The other week, BitSight published research identifying thousands of organizations using internet-facing and exposed webcams with many video and audio feeds susceptible to spying. The potential consequences are serious – an attacker could potentially view private activities and eavesdrop on sensitive conversations, presenting a variety of privacy and security concerns. Below are some of the screenshots BitSight captured from exposed devices (blurred for privacy).

In this age of technology, software companies are quickly shifting towards a strict compliance posture. You may ask yourself, why is that and what has changed over the last several years? This can be due to multiple factors but can mainly be boiled down into four categories.

Ransomware as a Service (RaaS) has been a growing trend in recent years, enabling anyone with an internet connection to become a hacker. In the past, launching a ransomware attack required a high level of technical expertise, but RaaS has lowered the barrier to entry, making it easier for anyone to launch a ransomware attack. So, how does RaaS work, and what are the implications for businesses and individuals?

Chief information security officers (CISOs) have both internal- and external-facing roles. Externally, they must constantly scan the horizon for potential threats. Internally, they must implement, communicate, and champion best practices for security at their enterprises. In a time of sprawling global supply chains and growing automation, the role of the CISO is more complex than ever. To carry out this role effectively, CISOs must learn the importance of trust management.

The more technology your organization adopts, the more exposed it becomes to third-party risks. Consider these statistics: Organizations have responded to these risks by implementing robust third-party risk assessment procedures. However, a common mistake is to view vendor risk management as a one-time activity, typically conducted prior to onboarding a new vendor. Since third-party risks are constantly evolving, it's crucial to evaluate vendor security at every phase of the vendor lifecycle.

As more and more businesses and individuals rely on technology and the Internet, cyber threats such as data breaches, malware attacks, and cyber extortion are becoming increasingly common. Overall, cyber insurance can help mitigate the financial, legal, and reputational risks associated with cyber incidents.