SMBs face surge in “malware free” attacks 28/11/2023 at 12:51 By Helga Labus “Malware free” attacks, attackers’ increased reliance on legitimate tools and scripting frameworks, and BEC scams were the most prominent threats small and medium businesses (SMBs) faced in Q3 2023, says the inaugural SMB Threat Report by Huntress, a company that provides a […]
React to this headline:
SMBs face surge in “malware free” attacks Read More »
SMBs at risk as AI misconceptions lead to overconfidence 27/10/2023 at 07:03 By Help Net Security Despite advancements in IT security measures, SMBs remain firmly in the crosshairs of cybercriminals, according to Devolutions. Ransomware payments and IoT malware incidents soar Spikes in incidents such as ransomware payments and IoT malware attacks indicate that this year
React to this headline:
SMBs at risk as AI misconceptions lead to overconfidence Read More »
Google ads for KeePass, Notepad++ lead to malware 19/10/2023 at 12:16 By Zeljka Zorz Users using Google to search for and download the KeePass password manager and the Notepad++ text editor may have inadvertently gotten saddled with malware, says Jérôme Segura, Director of Threat Intelligence at Malwarebytes. Malvertising via search engine ads is a constant,
React to this headline:
Google ads for KeePass, Notepad++ lead to malware Read More »
SMBs seek help as cyber threats reach an all-time high 18/10/2023 at 06:32 By Help Net Security Understanding the evolving threat landscape is the biggest cybersecurity challenge facing SMBs, including non-for-profit organizations – and more than half are calling for help to manage the risks, according to Sage. Globally, 48% of SMBs have experienced a
React to this headline:
SMBs seek help as cyber threats reach an all-time high Read More »
The pitfalls of neglecting security ownership at the design stage 27/09/2023 at 07:01 By Mirko Zorz For companies to avoid bleeding millions through cyber threats, they must build adaptability into their security strategy from the start while considering a range of inputs that go beyond the IT and network access aspects. In this Help Net
React to this headline:
The pitfalls of neglecting security ownership at the design stage Read More »
How should SMBs navigate the phishing minefield? 13/09/2023 at 07:47 By Zeljka Zorz In this Help Net Security interview, Pete Hoff, CISO at Wursta, offers advice to SMB security leaders and professionals on how to minimize the threat phishing presents to their organization’s operations and long-term success. What makes phishing attacks particularly challenging for small
React to this headline:
How should SMBs navigate the phishing minefield? Read More »
Cisco VPNs with no MFA enabled hit by ransomware groups 31/08/2023 at 14:46 By Zeljka Zorz Since March 2023 (and possibly even earlier), affiliates of the Akira and LockBit ransomware operators have been breaching organizations via Cisco ASA SSL VPN appliances. “In some cases, adversaries have conducted credential stuffing attacks that leveraged weak or default
React to this headline:
Cisco VPNs with no MFA enabled hit by ransomware groups Read More »
Google Workspace: New account security, DLP capabilities announced 25/08/2023 at 07:47 By Zeljka Zorz New capabilities in Google Workspace will help enterprises improve account and data security, by making unauthorized takeover of admin and user accounts and exfiltration of sensitive data more difficult. Some of these options are already available in preview and others will
React to this headline:
Google Workspace: New account security, DLP capabilities announced Read More »
Zimbra users in Europe, Latin America face phishing threat 18/08/2023 at 11:04 By Help Net Security ESET researchers have uncovered a mass-spreading phishing campaign aimed at collecting Zimbra account users’ credentials. Zimbra Collaboration is an open-core collaborative software platform, a popular alternative to enterprise email solutions. About the Zimbra phishing campaign The campaign has been
React to this headline:
Zimbra users in Europe, Latin America face phishing threat Read More »
Cryptojacking soars as cyberattacks increase, diversify 27/07/2023 at 05:03 By Help Net Security Digital threat actors are adopting evolving tactical behaviors, opting for different types of malicious attacks compared to previous years, according to SonicWall. Overall intrusion attempts were up, led by the highest year on record for global cryptojacking volume recorded by SonicWall, as
React to this headline:
Cryptojacking soars as cyberattacks increase, diversify Read More »
Cybersecurity measures SMBs should implement 19/07/2023 at 13:33 By Helga Labus Small and medium-sized businesses (SMBs) are targeted by cyberattackers as much as large companies, the 2023 Verizon Data Breach Investigations Report (DBIR) has revealed; here are some cybersecurity controls they should prioritize. Company size does not matter to cyber attackers SMBs often underestimate their
React to this headline:
Cybersecurity measures SMBs should implement Read More »
Malware delivery to Microsoft Teams users made easy 10/07/2023 at 14:33 By Zeljka Zorz A tool that automates the delivery of malware from external attackers to target employees’ Microsoft Teams inbox has been released. TeamsPhisher (Source: Alex Reid) About the exploited vulnerability As noted by Jumpsec researchers Max Corbridge and Tom Ellson, Microsoft Teams’ default
React to this headline:
Malware delivery to Microsoft Teams users made easy Read More »
8Base ransomware group leaks data of 67 victim organizations 28/06/2023 at 16:47 By Helga Labus Lockbit 3.0 is currently the most active ransomware group, NCC Group says in its most recent Threat Pulse report, but new ransomware groups like 8Base and Akira are rising in prominence. Collectively, the various ransomware groups revealed 436 victim organizations
React to this headline:
8Base ransomware group leaks data of 67 victim organizations Read More »
Microsoft Teams vulnerability allows attackers to deliver malware to employees 23/06/2023 at 15:24 By Zeljka Zorz Security researchers have uncovered a bug that could allow attackers to deliver malware directly into employees’ Microsoft Teams inbox. “Organisations that use Microsoft Teams inherit Microsoft’s default configuration which allows users from outside of their organisation to reach out
React to this headline:
Microsoft Teams vulnerability allows attackers to deliver malware to employees Read More »
IT providers become go-to for cybersecurity advice 14/06/2023 at 06:31 By Help Net Security 61% of SMBs have been hit by a successful cyberattack in the last year, according to BlackFog. The research study, which examined the business impact of cybersecurity for organizations in the US and UK, also revealed the growing importance of engaging
React to this headline:
IT providers become go-to for cybersecurity advice Read More »
The multiplying impact of BEC attacks 12/06/2023 at 16:22 By Helga Labus The 2023 Verizon Data Breach Investigations Report (DBIR) has confirmed what FBI’s Internet Crime Complaint Center has pointed out earlier this year: BEC scammers are ramping up their social engineering efforts to great success. BEC attackers targeting the real estate sector The FBI
React to this headline:
The multiplying impact of BEC attacks Read More »
MOVEit Transfer hack fallout: BBC, Aer Lingus, Boots among the victims 06/06/2023 at 13:50 By Zeljka Zorz The fallout of the MOVEit Transfer hack via CVE-2023-34362 by the Cl0p gang is expanding, as several UK-based companies have now confirmed that some of their data has been stolen. Victimized organizations The confirmed victims so far are
React to this headline:
MOVEit Transfer hack fallout: BBC, Aer Lingus, Boots among the victims Read More »
Threat actors can exfiltrate data from Google Drive without leaving a trace 01/06/2023 at 15:43 By Zeljka Zorz Google Workspace (formerly G Suite) has a weak spot that can prevent the discovery of data exfiltration from Google Drive by a malicious outsider or insider, Mitiga researchers say. A problem for digital forensic analysts and incident
React to this headline:
Threat actors can exfiltrate data from Google Drive without leaving a trace Read More »
How APTs target SMBs 31/05/2023 at 13:47 By Helga Labus Small and medium businesses (SMBs) are not exempt from being targeted by advanced persistent threat (APT) actors, according to Proofpoint researchers. By analyzing a year’s worth of APT campaign data they collected from the 200,000+ SMBs that have their security solution deployed, they pinpointed three
React to this headline:
How APTs target SMBs Read More »
Company size doesn’t matter when it comes to cyberattacks 29/05/2023 at 06:34 By Help Net Security 65% of organizations in the enterprise sector suffered a cyberattack within the last 12 months, which is similar to the results among companies of all sizes (68%), according to Netwrix. Larger organizations are a more frequent target for cyberattacks
React to this headline:
Company size doesn’t matter when it comes to cyberattacks Read More »