Phishing is an email-borne malicious technique aimed at learning the sensitive credentials of users or spreading malware. This practice has been on the list of the top cyber threats to individuals and businesses for years. According to the latest Phishing Activity Trends Report by APWG, the total number of phishing attacks identified in Q1 2024 exceeded 963,000.

Although there is no way to stop receiving all spam calls, there are steps you can take to reduce the number of spam calls you receive. According to Truecaller’s 2024 report, Americans collectively receive an average of 2.5 billion spam and unwanted calls every month. While spam calls do not always have malicious intent, like hacking your phone or stealing your money, they can grow annoying since they are unwanted and persistent.

Read our key takeaways from Drupal GovCon 2024, where Drupal experts explored secure open-source solutions for U.S. government websites and collaborative tools.

When it comes to hiding dirty money, it’s not just cryptocurrency we have to worry about, according to author, speaker, and investigative journalist Geoff White.

Thirty-four percent of state and local government entities were hit by ransomware in 2024, a new report from Sophos has found. While this is a decrease compared to the attack rate in 2023, the mean cost of recovery for these entities has more than doubled to $2.83 million. Seventy-two percent of ransom demands made to state and local government organizations in 2024 were for $1 million or more, with 37% of demands for $5 million or more.

In an economy where securing data can mean the difference between success and failure, implementing proven data exfiltration prevention strategies is more critical than ever. According to a study conducted by IBM, a data breach can cost global organizations an average of nearly $5 million per incident. In addition to the financial ramifications, data theft can lead to lower customer trust, a loss of future revenue, and even potential lawsuits.

In this version of the Hacker’s Playbook Threat Coverage round-up, we are highlighting attack coverage for several new threats, including those discovered via original research by the SafeBreach Labs team. SafeBreach customers can select and run these attacks and more from the SafeBreach Hacker’s Playbook to ensure coverage against these advanced threats. Additional details about the threats and our coverage can be seen below.

In part one of our series on PCI DSS 4.0, we covered the updates in the latest version 4.0.1 and how to operationalize those changes. In this blog we are going to dig deeper into Requirement 11.6, how to interpret the nuance and automate the current guidance. Guidance that will become a mandate in March, 2025. Let’s start with what Requirement 11.6 is and why it’s so important.

You can tell if you have spyware on your device by looking for signs such as your device’s battery draining quickly, overheating, increased pop-ups or data usage and unfamiliar apps. Spyware is a kind of malware that, once unknowingly installed on your device, allows cybercriminals to spy on you and steal your private information. This information could be used by cybercriminals or sold on the dark web to commit fraud or identity theft.

As I sit in the 2024 Seattle Convene conference this week and listen to speaker after speaker talk about their successful security awareness training programs, one thing is perfectly clear. They all prefer carrots and fewer sticks. A question human risk managers frequently ask me is what role negative consequences should play in a successful security awareness training program?