In today's complicated digital world, cyber threats are always coming at companies. Organizations need to do regular penetration testing to find security holes and evaluate their security stance in order to protect their valuable assets and keep their operations running smoothly. Having a named penetration test point of contact (PTPOC) is a key part of any penetration test that goes well.

Passwords are bad, and our whole industry is trying to move away from these simple strings granting access to our systems. But change is slow, and adopting newer standards is difficult, even if passwords are deeply problematic. Now, the National Institute of Standards and Technology (NIST) is updating the core standard for authentication – and it adopts the “new school” of password policies.

The Trinity ransomware gang is launching double-extortion attacks against organizations in the healthcare sector, according to an advisory from the US Department of Health and Human Services (HHS). The ransomware gains initial access via phishing emails or software vulnerabilities. “Trinity ransomware was first seen around May 2024,” the advisory says.

As mobile technology becomes integral to day-to-day life, fraudsters are refining phishing techniques to exploit vulnerabilities in mobile browsing. According to Zimperium’s 2024 zLabs Global Mobile Threat report, 82% of phishing sites specifically targeted mobile devices in 2023. To protect customer data, enterprises need to counter-adapt.

While no-one can predict if and when a cyber attack will take place, a red team exercise is as close as an organization can get to understanding its full level of preparedness. Red team exercises conducted by certified ethical hackers are key to uncovering hidden vulnerabilities and addressing them before they impact a company’s cyber resilience.

At CornCon 2024, experts debunk myths, explore SaaS vulnerabilities, and highlight how human connections shape the future of cybersecurity innovation.

Cybercriminals have found a new way of leveraging legitimate web services for malicious purposes, this time with the benefit of added automation of campaign actions. Security researchers at CheckPoint have discovered a new phishing campaign that uses Google App Scripts – a scripting platform developed by Google that lets you integrate with and automate tasks across Google products – as the destination in malicious links.

Virtualization offers several advantages for backup and recovery operations, which are the backbone of data protection, operational continuity, and availability. Most importantly, virtualization makes agentless and image-based, host-level backups possible. These types of backups can capture the full VM, including VM configuration as well as VM data. However, it’s important to protect hosts too, as healthy ESXi hosts are important for VMs to run properly.

Think of a port as a virtual gateway that a specific service, process, or application on your computer uses for network communication. Each port is assigned a unique number, allowing different types of traffic to be directed to the appropriate software. For example, your email might use one port, while your web browsing uses another. When combined with an IP address, a port number creates a complete socket address, enabling precise routing of data to and from your computer across the network.

Microsoft is currently investigating a significant issue affecting its Outlook desktop app, with users experiencing a range of problems, including crashes, high memory consumption, and login failures. Initially believed to impact only European users, the issue has now been reported by users globally, signaling a more widespread problem. In addition to the desktop app, some users have experienced similar issues while using Outlook on the web (OWA), making this a pressing matter for Microsoft to address.