Hitting three hospitals within a Germany-based hospital network, the extent of the damage in this confirmed ransomware attack remains undetermined but has stopped parts of operations. It appears that affiliates of ransomware gangs have forgotten the golden rule – you don’t hit hospitals. It’s one thing to disrupt operations at a regular brick and mortar business. But hitting a business where someone’s life could be literally placed in jeopardy because a system is unavailable?

Every person and organization is different and requires slightly different methods and ways of learning. But every person and organization can benefit by more frequent security awareness training (SAT). Most organizations do not do enough. Training and testing once a year certainly is not that helpful. How often should you do SAT to get the biggest decrease in cybersecurity risk? At least once a month, if not more. But a sophisticated SAT program includes a combination of methods and tools.

Fascinating article at TechXplore, December 28, 2023.

The year 2024 is shaping up to be a pivotal moment in the evolution of artificial intelligence (AI), particularly in the realm of social engineering. As AI capabilities grow exponentially, so too do the opportunities for bad actors to harness these advancements for more sophisticated and potentially damaging social engineering attacks. Let's explore the top 10 expected AI developments of 2024 and their implications for cybersecurity.

A new report from the U.K. government’s Joint Committee on the National Security Strategy (JCNSS) outlines both just how likely an attack on critical national infrastructure is and where they are vulnerable. The impact of a coordinated cyberattack on the U.K.’s national infrastructure could impact millions of citizens within its country, according to the JCNSS’s report A hostage to fortune: ransomware and UK national security.

With so much of an attack riding on a cybercriminals ability to gain access to systems, applications and data, experts predict the trend of rising impersonation is only going to get worse.

A newly-discovered technique misusing SMTP commands allows cybercriminals to pass SPF, DKIM and DMARC checks, empowering impersonated emails to reach their intended victim. Earlier this month, Timo Longin, security researcher with cybersecurity consulting firm SEC Consult published details on what is now referred to as SMTP Smuggling.

Cybersecurity researchers at Group-IB have identified a single scam campaign leveraging over 1500 websites impersonating postal carriers and shippers leading up to Christmas this year. Scammers are always taking advantage of those current trends that involve the potential for heightened emotions. During tax season it’s tax returns. During the NBA’s Final Four, it’s about sports betting or tickets to the game.

With November demonstrating multiple increases when compared to various previous time periods, new data signals that we may be in for a bumpy ride in 2024. It’s nice when we get to see reports that are published relatively quickly to let us get a sense of where cyberattacks are today versus, say, a quarter or two ago (or even last year!). The NCCGroup’s Cyber Threat Intelligence Report was just published and covers ransomware attacks through November of this year.

In response to what Google calls “over trust” in the web address lock icon to indicate that a site is authentic and its’ communications are secure, they’ve swapped the lock out in an attempt to engage Chrome users in thinking about their own secure browsing. You may have not noticed it if you’ve updated to Google Chrome version 120, but the long-familiar lock icon is no longer.