A phishing campaign is exploiting a large number of.top domains, according to researchers from WhoisXML API. In an article for CircleID, the researchers analyzed a phishing operation first uncovered by security researcher Dancho Danchev. “Our DNS deep dive into the phishing campaign led to the discovery of 5,245 unreported potentially connected threat artifacts, a majority of which were.top domains,” the researchers write.

Operating system (OS) hardening, a facet of system hardening, involves the implementation of security measures of operating systems like Windows, Linux, or macOS (aka OS X) to bolster their defenses against cyberattacks. The primary aim is to fortify sensitive computing systems, thereby reducing their vulnerability to various security threats, including data breaches, unauthorized access, system intrusions, and malware in accordance with best security practices.

Following the release of the Phishing Threat Trends Report, we recently hosted the Human Risk Summit, a coming together of some of the biggest names in the industry to discuss the human element and the role it plays in cybersecurity. In this post, we’ll recap some of the themes, statistics, and insights from two of our speakers – Chris Novak of Verizon and Perry Carpenter from KnowBe4.

Since Hamas’s attack on Israel last month, SecurityScorecard’s SecurityScorecard Threat Research, Intelligence, Knowledge, and Engagement (STRIKE) Team has paid close attention to hacktivist activity provoked by the conflict, with particular focus on the international scope.

A recent wave of advanced persistent threat (APT) attacks is spreading throughout the Asia-Pacific (APAC) region, and these have been attributed to a newly identified group known as Dark Pink (also referred to as the Saaiwc Group). While evidence suggests that Dark Pink commenced its operations as early as mid-2021, the group’s activities escalated notably in the latter part of 2022.

In Singapore, there is a massive luxury resort named the Marina Bay Sands (MBS); its owner is state-side, known as the Las Vegas Sands (LVS). LVS hosts 11 properties in Asia and the US—MBS hosts more than 2,500 rooms. MBS is a vast resort with more than a million feet of entertainment options and 50+ on-campus restaurants. Sand’s knows a lot about their clients, and following a recent data breach, so do hackers.

The ever-changing universe of LEGO dominates the toy industry; LEGO is one of the most recognizable toy brands in the world, a perk of which is die-hard fans. LEGO fanatics flock to BrickLink, a privately owned website where individuals can design, sell, and buy block sets. LEGO also features some designs following community voting. An estimated 1.4 million people have registered accounts with the platform, including sellers and consumers.

Think cybersecurity training is just a snore fest of jargon and compliance checkboxes? Think again. Welcome to the new era of Cybersecurity training, where ‘boring’ is a forbidden word and engagement is the name of the game. This guide is all about flipping the script—from just ticking off ‘compliance’ boxes to actually being ‘competent,’ and we’re doing it with training techniques that are as engaging as they are effective.

Data privacy has never been more critical for business success as it is today, and organizations worldwide are grappling with the stringent requirements of the General Data Protection Regulation (GDPR). One crucial aspect of GDPR compliance is maintaining a Record of Processing Activities (RoPA), which serves as a testament to an organization’s commitment to data protection. But what exactly is a RoPA, and how can organizations create and manage one effectively?

We’re proud to announce that Aikido Security recently attained ISO 27001:2022 certification. This is a big milestone for us and demonstrates our commitment to information security.