Our tests show that, even when an MFA policy is in place, 20% of applicable accounts have no MFA enrolment. Why? We'll get to that. This article is designed to help MSPs deliver MFA by helping them understand the choices, pointing out the pitfalls in the mechanisms and rollout.

Analysis of a new phishing attack highlight just how easy it can be to spot these kinds of attacks if recipients were properly educated. Action Fraud, the U.K.’s national fraud & cyber reporting center, recently warned U.K. residents of a scam impersonating Starbucks.

Resilience strategies are failing. Despite their known importance, why is it so difficult to implement them effectively? Resilience is not a new concept, but it is one we talk about individually and through the lens of business that is often difficult to demonstrate. In today’s digital world, resilience strategies are being challenged more frequently, include more scope, and are being defeated by intentional and unintentional actions—users, third-party partners, and criminals.

In the software development industry, proactively securing the software development life cycle (SDLC) from cyber threats must always be a top priority. Taking a shift left approach addresses security early on so your development teams can spend more time innovating and less on dealing with vulnerabilities. But that’s just the beginning.

In recent years, organizations have learned how crucial penetration testing is for enhancing cyber resilience. However, traditional penetration testing is insufficient in today’s dynamic threat landscape. Recent trends highlight the need for a more continuous and proactive approach to security testing, and continuous penetration testing is set to record huge growth over the next few years, both among large enterprises as well as SMEs.

Trustwave SpiderLabs has been actively monitoring the rise of Phishing-as-a-Service (PaaS) platforms, which are increasingly popular among threat actors. In our previous blog, we explored the appeal of these platforms and discussed various major phishing kits today. In this two-part blog, we'll focus on a phishing kit named ‘Rockstar 2FA’ that is linked to widespread adversary-in-the-middle (AiTM) phishing attacks.

In today’s fast-paced cybersecurity environment, the ability to quickly and effectively manage threat intelligence and incident response is critical. The solution? A seamless integration of human expertise with cutting-edge automation. Standardizing how intelligence and incidents are handled by merging human processes with automated workflows is necessary.

As Software Bill of Materials (SBOMs), become increasingly necessary and in some cases, required by private companies and governments globally, they are meant to provide transparency and help organizations understand what is in their software. But if SBOMs are so helpful, how come nobody knows what to do with them?

Kernel Direct Memory Access (DMA) Protection is a security feature in Windows designed to prevent unauthorized access to memory by external peripherals. Kernel DMA Protection requires UEFI firmware support, and Virtualization-based Security (VBS) isn’t required. Kernel DMA Protection offers enhanced security measures for the system compared to the countermeasures against BitLocker DMA attacks, all while preserving the usability of external peripherals.

We are excited to announce our new integration with Google Cloud’s Confidential Space, which dramatically enhances the security of customer digital assets. This integration solves a critical challenge in cryptocurrency security: private key management. By leveraging Confidential Space, Fireblocks customers can ensure that no single party has full access to private keys, significantly reducing the risk of theft or misuse.