May 28, 2024 at 11:02AM Generative AI presents new risks, prompting the SEC to introduce cybersecurity rules for publicly traded companies. Clorox incurred $49M in costs due to a cyberattack, with ongoing financial impacts. Prudential Financial voluntarily disclosed a breach, and UnitedHealth faced a massive attack that could cost up to $1.6B. Lessons emphasize visibility, … Read more
May 7, 2024 at 04:54PM The Known Exploited Vulnerabilities (KEV) list, introduced by the Cybersecurity and Infrastructure Security Agency in 2021, aims to accelerate remediation times for high-risk threats. Congressman Jim Langevin’s legislation created the list to prioritize vulnerabilities for remediation. Data shows an increase in remediation timelines, but ransomware vulnerabilities receive the highest priority. … Read more
February 15, 2024 at 09:13AM Threat actors are conducting an innovative “smishing” campaign using AWS SNS and a custom script to impersonate the US Postal Service. This abuse of cloud-based messaging platforms reflects a growing trend. The SNS Sender attack lures users with fake USPS notifications to steal personally identifiable information and payment-card details. Businesses … Read more