Malware leverages Windows search functionality in HTML, Remcos RAT spreads via UUE files, and Black Basta exploits a Windows privilege escalation vulnerability.

Chances are, every single person who reads this article has experienced a type of data breach at least once: a phishing email that looked like a late bill fee that led to identity theft, an accidental email sent including proprietary company or customer data, a parent calling to ask if they should send money to a prince abroad (after the fact), or an open backpack that leads to the physical theft of a mobile device.

The rising use of virtual environments (VEs) has transformed the ways we work, offering increased flexibility and accessibility. However, this shift also introduces new security challenges. Traditional security measures may not work as effectively in VEs, which creates an opportunity for insider threat actors to exploit vulnerabilities to steal sensitive data, disrupt critical systems, or commit fraud. This article reveals the importance of monitoring user activity in virtual environments.

In a time where digital transactions and online markets predominate, purchase scams have increased frequently as scammers develop ever-more sophisticated strategies to prey on consumers. This guide sheds light on the intricacies of purchase scams, focusing on common types, providing comprehensive strategies to safeguard against them, and offering real-world examples for a better understanding, particularly on popular platforms like Facebook Marketplace and fake online shopping websites.

Every company has a digital presence nowadays. While this brings numerous benefits for businesses, it also poses a number of risks. Cybercriminals are finding more and more ways to circumvent security measures and access data. If protection is not strong enough, the data of organizations, their customers, and partners could be compromised, with dire consequences for companies.

Today, we work in the cloud, connect through countless devices, and rely on ever-evolving software. While offering immense opportunities, this interconnected technology landscape exposes us to a relentless barrage of cyber threats. Malicious actors constantly seek new ways to breach our defences, exploiting vulnerabilities in systems we often take for granted.

The NIS2 Directive is the EU-wide legislation on cybersecurity that came into force in 2023, following rules introduced in 2016 (NIS). NIS2 expanded the scope of sectors and entities who need to (legally) comply with the framework. The increased scope aimed to cover the “most” critical sectors, which are vital for the economy and society, though are heavily reliant on IT.

System hardening involves identifying and addressing security vulnerabilities across hardware, firmware, software, applications, passwords, and processes. Compatibility allows most applications to work smoothly, but securing a system requires additional steps known as system hardening best practices, which are crucial for protection against advanced threats. Microsoft emphasizes server security and provides comprehensive hardening techniques and best practices tailored to various platforms.

Sensitive customer information leaked, operations disrupted, and reputation tarnished – this is not the headline you want splashed across the internet. There’s a 76% spike in data theft victims and a 75% increase in cloud intrusions. Vulnerabilities are lurking within every organization’s digital infrastructure – but how do you stay ahead of security threats? The answer is simple – proactive security testing.

On June 17, 2024, the Los Angeles County Department of Public Health (DPH) disclosed a data breach impacting more than 200,000 clients, employees, and other individuals. The stolen data includes personal, medical and financial information. The DPH said the incident took place between February 19-20, 2024, was caused by a gang of cyber criminals who gained access to the log-in credentials of email accounts of 53 employees through a phishing email.