Is "RogerLovesTaco$24" a strong password? No! Everyone has a ton of passwords. They should be strong and unique for every site and service you use. Everyone knows this. Note: The information and recommendations in this post are supported in detail by the KnowBe4 ebook,

In an era when every aspect of our society depends on reliable critical infrastructure, the role of identity security in safeguarding these essential services has never been more pivotal. With sophisticated cyberthreats escalating, understanding the transformational potential of identity security is akin to orchestrating a symphony. Each section – strings, woodwinds, brass and percussion – must perfectly harmonize to produce a masterpiece.

The growth of Internet of Things (IoT) devices is reshaping our digital landscape. From smart thermostats to industrial sensors to IP cameras to smart toilets, these devices drive efficiency through innovation. But they aren’t secure by nature. A new UK law aims to make IoT products much more secure. On April 29, the UK’s Product Security and Telecommunications Infrastructure (PSTI) Act became official and is now enforcing compliance across IoT assets.

A ticket in cybersecurity is a set of credentials used to authenticate users. A silver ticket is a forged ticket an unauthorized user creates. With this forged silver ticket, threat actors can launch a cyber attack that involves exploiting the weaknesses of a Kerberos authentication system. In this system, a Ticket Granting Service (TGS) serves as the credential token, granting authorized users access to particular services.

CVE-2024-3094 is a critical backdoor vulnerability found in the XZ Utils open-source library. The vulnerability was caused by a malicious code injected into the library by one of the maintainers. The vulnerability allows remote attackers to execute any desired code on systems with exposed SSH packages.

Exposure management tooling can act as an excellent source of truth for cybersecurity leaders as they communicate risk up to the board level. The visibility and data streaming from exposure management solutions makes it easier for CISOs to track security performance over time, quantify improvements in security maturity levels, establish better financial quantification of cyber risk and ensure the organization's exposure levels match up with industry averages.

Time theft happens when employees dishonestly use their paid work hours for personal activities or tasks unrelated to work. Time fraud significantly impacts an organization’s productivity, business strategy, finances, and employee morale. To keep a high-performing work environment, companies must combat time theft.

EO 14028 is bringing a lot of new security documentation requirements with it. Here's how SCA can help with creating that documentation.

In an age where manufacturers have decided that just about every device needs to be “smart,” it’s becoming difficult to avoid the data collection and privacy invasion that are often baked into these devices. We have come to expect that smart phones and speakers with built-in digital assistants are always listening, and data collection practices between companies can vary significantly.

In this version of the Hacker’s Playbook Threat Coverage round-up, we are highlighting attack coverage for newly discovered or analyzed threats, including those based on original research conducted by SafeBreach Labs. SafeBreach customers can select and run these attacks and more from the SafeBreach Hacker’s Playbook™ to ensure coverage against these advanced threats.