Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Researchers at Volexity warn that the suspected Iranian threat actor CharmingCypress (also known as “Charming Kitten” or “APT42”) has been launching spear phishing attacks against Middle Eastern policy experts. “Throughout 2023, Volexity observed a wide range of spear-phishing activity conducted by CharmingCypress,” the researchers write.

The UK's National Cyber Security Centre (NCSC), recently shared its findings on how AI might reshape the cyber landscape. In two separate posts, the NCSC is warning that the global ransomware threat is expected to rise with AI. It appears that while AI beckons with one hand, it wields a knife in the other. On one side, we have AI's potential to supercharge economic growth, scientific breakthroughs, and societal benefits. On the flip side lurks the specter of security risks posed by AI's misuse.

Analysis of this newly-spotted service makes it clear that the newest entrant into the Ransomware-as-a-Service (RaaS) space has taken note of where predecessors are lacking and launched a better product. Given the financial and operational disruption ransomware has caused since last year, any headline about a new RaaS will surely lead to anxiety and grimace for IT and security professionals.

Valentine's Day. A time where love is in the air, florists work overtime, and restaurant tables are as scarce as a truthful politician. But as we're busy swiping right in hopes of finding that special someone, cybercriminals are swiping left...on your security. Heartbreak hits differently when it's your bank account that's been ghosted.

The US Federal Trade Commission (FTC) has disclosed that people in the United States lost a record $10 billion to fraud in 2023, a 14% increase from 2022. Nearly half of the losses were due to investment scams. “Consumers reported losing more money to investment scams—more than $4.6 billion—than any other category in 2023. That amount represents a 21% increase over 2022,” the FTC says.

New data sheds light on what kinds of cyber attacks are targeting your cybersecurity team, what it’s costing them, why it’s taking so much time to fix, and where you should focus resources. Barracuda’s Cybernomics 101 report provides a lot of insight into the current economics of cyber attacks. According to the report: The average largest ransom any organization paid is $1.38 million, with an average cost of $5.34 million to respond to compromises!

A new report shows massive increases in browser attacks in the second half of 2023, with over 31,000 threats specifically designed to bypass security solution detection. I spend a lot of time on this blog talking about phishing, social engineering, smishing, deepfakes and more – all topics centered around attack techniques designed to interact and fool a user.

Organizations are finally dialing in on where they need to focus their cybersecurity strategies, starting with phishing. But the top four cited security risks all have one element in common. Organizations today realize that maintaining operational resilience is a matter of measuring and addressing risk. According to the 2024 Fortra State of Cybersecurity Survey Results Guide there is a distinct cybersecurity risk that stands out among its peers.

Cybercriminals increasingly used malvertising to gain initial access to victims’ networks in 2023, according to Malwarebytes’s latest State of Malware report. The researchers note that the Royal ransomware group has been using phony ads for TeamViewer to deliver malware as a precursor to its ransomware attacks.

Growing cybersecurity threats, especially ransomware attacks, and the Securities and Exchange Commission’s (SEC) recent rules have made having a cybersecurity-aware Board of Directors (BOD) a critical business requirement.