Security | Threat Detection | Cyberattacks | DevSecOps | Compliance


8 out of 10 Organizations Experience a Cyber Attack and Attribute Users as the Problem

Regardless of whether your environment is on-premises, in the cloud or hybrid, new data makes it clear that users are the top cybersecurity concern, and we cover what you can do about it. According to Netwrix’s 2024 Hybrid Security Trends Report, 79% of organizations experience one or more security incidents in the last 12 months. This is a 16% increase from the previous year, demonstrating that attacks are not subsiding one bit and that they are increasingly successful.

How to Protect Your Cloud Assets from Being Cryptojacked

Cryptojacking attacks have become the most prevalent type of attack on cloud native infrastructures. For example, in 2022, there were 139M cryptojacking attacks, but the following year there were over 1 billion! That translates to nearly 3M cryptojacking attacks every day, on average in 2023.

Analyzing Utilities Sector Cybersecurity Performance

With economic sanctions being levied by the US against Iran and a trade war heating up with China, some security experts are cautioning that attacks targeting US critical infrastructure may be inevitable. Are electric utilities prepared to defend themselves and their facilities against these attacks?

The Growing Threat of Identity-Related Cyberattacks: Insights Into the Threat Landscape

The last 12 months have witnessed a rapid-fire round of innovation and adoption of new technologies. Powerful new identities, environments and attack methods are shaping the quickly changing cybersecurity threat landscape, rendering it more complex and causing the diffusion of risk reduction focus. New CyberArk research indicates that the rise of machine identities and the increasing reliance on third- and fourth-party providers are deepening the existing threats and creating novel vulnerabilities.

User Training vs. Security Controls: Who's to Blame for Phishing Attacks?

In this thought-provoking clip, the hosts debate whether security awareness training is enough to prevent users from falling for phishing scams or if stronger controls are necessary. Drawing on insights from a recent NCSC blog, they explore the ethical dilemma of assigning blame when users, despite training, click on malicious email attachments. Should the onus be on the end user, or is it a failure of security controls? Tune in to understand the complexities of balancing trust and control in cybersecurity.

How Cybersecurity Financial Quantification Helps CISOs Make Their Case to the Board

More enterprise business leaders are beginning to understand that cybersecurity risk equates to business risk—and getting a clearer sense of the impact that cyber exposures can have on the bottom line. Consider the MGM Resorts and Clorox Company cybersecurity incidents that occurred last year. Both suffered considerable attacks, reportedly led by the Scattered Spider cybercriminal group, causing widespread business disruption and substantial financial losses.

Attackers Leveraging XSS To Make Phishing Emails Increasingly Evasive

Attackers are exploiting Reflected Cross-Site Scripting (XSS) flaws to bypass security filters, according to a new report from Vipre. This technique allows attackers to send benign links in phishing emails that will redirect users to malicious sites. Vipre also found that attackers are increasingly using links instead of malicious attachments in their phishing emails. “Three years ago, it was a 50/50 split between phishing emails utilizing links versus attachments,” the researchers write.

"Unknown" Initial Attack Vectors Continue to Grow and Plague Ransomware Attacks

Trend analysis of ransomware attacks in the first quarter of this year reveals a continual increase in the number of "unknown" initial attack vectors, and I think I might understand why. There are two reports that you should be keeping an eye on—the updated Verizon Data Breach Report and ransomware response vendor Coveware’s Quarterly Ransomware Reports. In their latest report covering Q1 of this year, we see a continuing upward trend in “unknown” as the top initial attack vector.

Trustwave SpiderLabs Unveils the 2024 Public Sector Threat Landscape Report

Trustwave SpiderLabs’ latest report, the 2024 Public Sector Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies details the security issues facing public sector security teams as they try to strike a balance between supplying needed services and deploying the cybersecurity necessary to protect data placed in their charge. The need for the highest level of security has never been greater.

11 Best Practices for Preventing Credential Stuffing Attacks

Data breaches and their immediate impact on the organization are widely publicized. But what happens after the breach, especially with the breached credentials such as usernames and passwords? The breached credentials are often sold in the black market or leveraged by the attacker to attack the same or other organizations. This leads to credential stuffing attacks, where the stolen credentials are reused on different websites.