Businesses have gone mobile-first, and with good reason—people are spending more time and more money on their phones than ever before. For instance, in 2023, an estimated 66% or 2/3rds of all online orders were made from mobile devices. And in 2024, businesses are expected to spend $402 billion on mobile advertising. Mobile apps have become the first choice for users for their online activities in banking, e-commerce, media streaming, social media, etc.

The decision on whether to implement the Microsoft Security offerings available with the Microsoft 365 E5 license certainly involves deep security discussions, but it's also a business decision. In that respect, this process allows security leaders to engage with their CFO and other business leaders to elevate conversations.

Securing a network against cyber threats requires a thorough understanding of its vulnerabilities. A vulnerability assessment is a detailed process aimed at identifying, evaluating, and ranking potential weaknesses within a network setup. From examining configurations to assessing access controls, this assessment dives deep into every aspect of the network to uncover areas of vulnerability.

Security is a top priority of every company. It’s not surprising… Source code, the most critical asset of any organization, should be under reliable protection… especially in view of constantly arising threats. Ransomware, infrastructure outages, vulnerabilities, and other threats can strike your GitHub repository at any time.

Financial service organizations face a growing challenge. Their customers expect 24×7 access and self-service convenience, meaning these organizations must move to the cloud and embrace new technologies. However, those moves also expand their attack surface, increase cyber risk, and make achieving and maintaining compliance more challenging.

Most homeowners know that a lock is a good idea as a basic defense against invaders, and leaving the front door unlocked is simply unwise. Unfortunately, when it comes to creating a strong cyber defense it’s not that simple. Attackers have been evolving their intrusion techniques over decades, focused on one goal, relentlessly probing for weaknesses to enter your domain.

Organizations need to be aware of the threat posed by QR code phishing (quishing), according to researchers at Trend Micro. “Phishing emails continue to be the number one attack vector for organizations,” the researchers write. “A QR code phishing, or quishing attack, is a modern social engineering cyber attack technique manipulating users into giving away personal and financial information or downloading malware.

The Internet of Things (IoT) has slowly but surely weaved its way into our homes and places of work. From smart homes to industrial control systems, IoT has brought convenience and efficiency to our lives. However, with this increased connectivity we have increased our risk. The IoT Attack Surface IoT devices are often designed with functionality in mind, rather than security. This means that many devices have weak or default passwords, unpatched vulnerabilities, and insecure communication protocols.

Organizations are falling victim to ransomware attacks where data is stolen, but the victim isn’t being told about it. I have a theory as to why this is happening. Many assume data is being exfiltrated as part of a ransomware attack and it’s going to be used as part of the extortion component of the attack. But according to Arctic Wolf’s The State of Cybersecurity: 2024 Trends Report, that doesn’t seem to be the case.

In a significant development in cybersecurity, the threat actor known as Stargazer Goblin has established a complex network of fake GitHub accounts to facilitate a Distribution-as-a-Service (DaaS) operation. This network, comprising over 3,000 inauthentic accounts, has been actively spreading various information-stealing malware and generating $100,000 in illicit profits over the past year.