In a network assessment, one of the first tasks is to narrow down a large set of IP addresses to a list of active or interesting hosts. It's like trying to find specific houses in a big neighbourhood without knocking on every door. Scanning every possible connection of every single IP address can be slow and often unnecessary. What makes a host interesting depends on what you're looking for.

CRN has once again named WatchGuard to its prestigious annual Security 100 list as one of the 20 Coolest Network Security Companies Of 2024. The Security 100r ecognizes leading IT security vendors who are committed to working hand in hand with channel partners to protect businesses from cyber threats.

In today’s rapidly evolving digital landscape, organizations confront a formidable array of cyber threats, with attacks and data breaches becoming increasingly prevalent. As businesses embrace transformative technologies such as AI, automation, cloud-native architectures, microservices and containerization, the proliferation of machine identities has surged, often surpassing human identities.

In a bold move aimed at raising awareness and protest against the pro-Ukrainian stance of the Polish authorities, the notorious NoName hacking group launched a series of cyber attacks targeting critical infrastructure in Poland. The group's motive was clear - to disrupt transportation services and infrastructure to show solidarity with Polish farmers' plight. Who is NoName hacking group and what is their motive?

In today's digital age, the threat of data breaches and online scams looms large. Restorecord.com, a prominent bot service known for its data management solutions, has recently been at the center of a significant security breach, impacting approximately 2,871 users. This alarming incident has exposed sensitive data, including Next.js and PHP source codes, emails, usernames, browser data, and IPs, leaving users vulnerable to exploitation by malicious actors.

Brand impersonation attacks are a type of phishing attack where a scammer pretends to be a trusted company or brand. The goal is to trick victims into believing they're interacting with the company so they'll be more willing to share their personal information. Brand impersonation attacks can target both individuals and large groups of people. Scammers may use phony websites, mobile apps, or social media pages, as well as bogus emails, voicemails, or text messages.

When a large data company decided to migrate their systems fully to the cloud, their cybersecurity team knew it would be a challenge. The company’s senior security architect put it succinctly: “Our CTO said, we’re going completely to cloud. Everyone buckle up.” Though the organization had assets in the cloud for many years, the team wasn’t sure they were ready to be 100% in the cloud from a security standpoint.

Researchers at Lookout have discovered a sophisticated phishing kit that’s targeting employees at the US Federal Communications Commission (FCC), as well as employees of cryptocurrency exchanges Binance and Coinbase. The kit also targets users of cryptocurrency platforms, including Binance, Coinbase, Gemini, Kraken, ShakePay, Caleb & Brown and Trezor.

A recent great article by BleepingComputer about domain hijacking and DMARC abuse reminded me that many companies and people do not understand DMARC well enough to understand what it does and how it helps to prevent phishing. And look-alike and neglected domains challenge its protective value to unknowledgeable email recipients. This article is about how to understand and proactively use DMARC. DMARC.