Attackers are exploiting Reflected Cross-Site Scripting (XSS) flaws to bypass security filters, according to a new report from Vipre. This technique allows attackers to send benign links in phishing emails that will redirect users to malicious sites. Vipre also found that attackers are increasingly using links instead of malicious attachments in their phishing emails. “Three years ago, it was a 50/50 split between phishing emails utilizing links versus attachments,” the researchers write.

Your business is in a race against modern adversaries — and legacy approaches to security simply do not work in blocking their evolving attacks. Fragmented point products are too slow and complex to deliver the threat detection and prevention capabilities required to stop today’s adversaries — whose breakout time is now measured in minutes — with precision and speed. As technologies change, threat actors are constantly refining their techniques to exploit them.

Trend analysis of ransomware attacks in the first quarter of this year reveals a continual increase in the number of "unknown" initial attack vectors, and I think I might understand why. There are two reports that you should be keeping an eye on—the updated Verizon Data Breach Report and ransomware response vendor Coveware’s Quarterly Ransomware Reports. In their latest report covering Q1 of this year, we see a continuing upward trend in “unknown” as the top initial attack vector.

To use threat intelligence and data more productively, many organizations are investing in a threat intelligence platform (TIP). Selecting a TIP is important as it will serve as the foundation for your entire security operations program, allowing you to understand and act upon the highest priority threats you face, while enabling you to get more from your existing resources — technology and people. However, amidst a plethora of options, selecting the right TIP can be daunting.

SecurityScorecard recently hosted a webinar with our Co-founder and CEO, Dr. Aleksandr Yampolskiy, and Sue Gordon, the former Deputy Director of National Intelligence and SecurityScorecard board member. Gordon drew on her experience as a key advisor to the President and National Security Council to discuss the shared responsibility between public and private organizations in combating cyber threats, the concentration of cyber risk, and the value of easy-to-understand cybersecurity metrics.

New analysis of Q1’s ransomware attacks uncovers a single group responsible for the majority and discusses what makes them so successful. This sort of analysis helps to establish threat landscape trends and keeps our collective focus on the places where cyber attacks are working.

KYC is a set of regulations that financial institutions and other businesses must follow to verify the identity of their customers. It’s about understanding who you’re doing business with and assessing any potential risks. KYC compliance helps to.

Trustwave SpiderLabs’ latest report, the 2024 Public Sector Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies details the security issues facing public sector security teams as they try to strike a balance between supplying needed services and deploying the cybersecurity necessary to protect data placed in their charge. The need for the highest level of security has never been greater.