New insight into ransomware attacks show that cyber attacks are a top concern for organizations – with many not aware they were a victim until after the attack. According to Arctic Wolf’s The State of Cybersecurity: 2024 Trends Report, 91% of reported ransomware attacks included a data exfiltration effort. This is far more than the sub-80% numbers we’ve seen from the Coveware quarterly reports we cover.

Security awareness training (SAT) and simulated phishing works to significantly reduce cybersecurity risk. We have the data, customer testimonials and government recommendations to prove it. Social engineering, especially as enabled by email, text messages, the web and phone calls, is involved in the vast majority of cybersecurity attacks. No other root initial access hacking method comes close.

The China-aligned threat actor “Sharp Dragon” is launching spear phishing attacks against government entities in African and Caribbean countries, according to researchers at Check Point. “In recent months, we have observed a significant shift in Sharp Dragon’s activities and lures, now targeting governmental organizations in Africa and the Caribbean,” the researchers write.

We are big fans of the U.S. Cybersecurity Infrastructure Security Agency (CISA), whose informal slogan of “An organization so committed to security that it’s in our name twice” is a source of pride. CISA is a non-regulatory government agency dedicated to protecting U.S. and global infrastructure and organizations against malicious hackers and their malware (and other types of threats).

Fluctuations in consecutive quarterly reports demonstrates that organizations should be worried that their cyber defenses may not be strong enough to stop phishing attacks. I wrote an article back in April of last year about how 1 in 8 emails make it to a user’s Inbox. That number has remained relatively consistent — so much that even the Threat Insights Report for Q1 2024 from HP Wolf Security shows that stat is still accurate. But then there’s the Threat Insights Report for Q4 2023.

Working to ensure all communities within the United States are educated and prepared, the Cybersecurity and Infrastructure Security Agency (CISA) has released a set of tools, services and assistance to level the playing field. It’s no secret that any part of society that is less prepared for a cyber attack has less of a chance to defend itself — which potentially puts all of us at risk. So, CISA began placing some of their focus on high-risk communities within the United States.

Several phishing campaigns are targeting users of the Foxit PDF Reader, according to researchers at Check Point. Foxit is a popular alternative to Adobe Acrobat Reader for viewing PDF files. “Check Point Research has identified an unusual pattern of behavior involving PDF exploitation, mainly targeting users of Foxit Reader,” the researchers write. “This exploit triggers security warnings that could deceive unsuspecting users into executing harmful commands.

Companies have needed a website for the last 25 years at least. But where do you host your site? The techies at HostingAdvice decided to create an extremely thorough real-world review site to share their expertise. And clearly, your organization's website is an attack vector and so cybersecurity has become critical.

Analysis of malicious large language model (LLM) offerings on the dark web uncovers wide variation in service quality, methodology and value – with some being downright scams. We’ve seen the use of this technology grow to the point where an expansion of the cybercrime economy occurred to include GenAI-based services like FraudGPT and PoisonGPT, with many others joining their ranks.