Topic: multi-factor authentication
-
Cybersecurity Controls: How They Impact Incident Outcomes
Incident response planning, including tabletop exercises and red-team tests, significantly improves readiness and drives broader security investments. Endpoint detection and response (EDR) tools, especially when fully deployed and used in blocking mode, strongly correlate with reduced breach like...
Read More » -
Coro 3.6: Simplify Operations for Resource-Strapped SMBs
Coro has launched Coro 3.6, an AI-driven security platform designed to help small and medium-sized businesses strengthen cybersecurity without needing extensive IT resources. The platform integrates all security functions into a unified system, automatically analyzing and correlating threats to r...
Read More » -
Cisco ASA Devices Face Surge in Network Scans
A significant surge in network scanning activity targeting Cisco ASA devices has been detected, with spikes in late August involving up to 25,000 unique IP addresses, suggesting potential vulnerability exploitation. The scanning was largely driven by a Brazilian botnet and focused heavily on the ...
Read More » -
Akira Ransomware Actively Exploits Critical SonicWall VPN Flaw
The Akira ransomware group is exploiting CVE-2024-40766, a known vulnerability in SonicWall VPN appliances, to breach unpatched corporate networks. Despite a patch being available since August 2024, incomplete updates and unchanged default credentials allow attackers to bypass security measures l...
Read More » -
Remote Access Abuse: The #1 Sign of a Ransomware Attack
Abuse of remote access software and services is the most common warning sign of an impending ransomware attack, as cybercriminals exploit tools like RDP, AnyDesk, and PowerShell to gain domain administrator privileges. Key defenses include configuring security tools to allow only trusted applicat...
Read More » -
Russia Deploys New Malware to Hack Email for Espionage
Russian intelligence has developed "Authentic Antics," a stealthy malware targeting Microsoft cloud accounts by mimicking Outlook activity to harvest credentials without traditional detection methods. The malware secretly forwards emails from compromised accounts to attackers while leaving no tra...
Read More » -
FireCloud Total Access: Hybrid SASE That Scales for All Businesses
FireCloud Total Access unifies four security protections into a single cloud-managed platform, offering enterprise-level Zero Trust security accessible to managed service providers and smaller IT teams through WatchGuard Cloud. It replaces traditional VPNs with identity-based access controls, pro...
Read More » -
Two-Thirds of Firms Hit by Deepfake Attacks
A majority of organizations (62%) experienced a deepfake attack in the past year, often using social engineering to impersonate leaders or manipulate automated verification systems. The threat is growing as deepfake technology becomes more accessible, with the combination of deepfakes and social ...
Read More » -
Why I'm Finally Ditching Passwords for Passkeys
Passkeys are often implemented alongside passwords rather than replacing them, creating a hybrid and sometimes confusing login process that varies by website. Despite inconsistencies in adoption, passkeys provide strong phishing protection because scammers cannot replicate their authentication, s...
Read More » -
Cybercriminals Target Onboarding: Protect New Hires Now
New employees are a major cybersecurity risk due to unfamiliarity with protocols, making them vulnerable to phishing attacks during onboarding. Cybercriminals use AI-driven phishing campaigns and fake internal requests to exploit new hires, often leading to high-profile breaches. Companies should...
Read More » -
2025's Top Cyber Threats: Ransomware, Outages & AI Attacks
The 2025 digital threat landscape is dominated by sophisticated ransomware, third-party vendor disruptions, and AI-driven social engineering campaigns. AI is amplifying social engineering attacks, making them more convincing and accounting for over half of cyber claims and losses in early 2025. R...
Read More » -
Hacker Stole Cisco Customer Data in Voice Phishing Scam
Hackers used a voice phishing (vishing) attack to compromise Cisco's customer data by manipulating an employee into granting unauthorized access to a third-party cloud CRM system. The breach exposed sensitive user information, including names, addresses, email addresses, and account metadata, tho...
Read More » -
Workday Hit by Data Breach Following Salesforce Attack
Workday experienced a security breach via a third-party CRM platform, exposing business contact information but not customer data, due to a social engineering attack impersonating internal personnel. The breach, detected on August 6, involved Salesforce and mirrored tactics used by cybercriminal ...
Read More » -
UK Immigration Sponsors Warned of Home Office Phishing Scam
UK businesses sponsoring foreign workers are targeted by phishing scams impersonating Home Office emails, aiming to steal login credentials from the Sponsorship Management System (SMS). The scam involves convincing fake emails with urgent warnings, tricking victims into entering credentials on fr...
Read More » -
Ahold Delhaize Data Breach Exposes 2.2 Million Customers
Ahold Delhaize suffered a major data breach affecting 2.2 million individuals, exposing sensitive employee records like names, government IDs, and bank details, but customer data remained untouched. The breach, 40 times larger than typical ransomware attacks on retailers, highlights a trend of cy...
Read More »