February 12, 2024 at 04:56PM Telecom companies are now required to report data breaches affecting customers’ personally identifiable information within 30 days under the FCC’s updated rule. This follows years of proposals and aims to expand breach notification requirements and hold providers accountable. The stricter rules have been prompted by major breaches at major U.S. … Read more
February 9, 2024 at 11:58AM Finance worker in Hong Kong was scammed out of $25 million by deepfake video conference impersonating company’s CFO. Trend Micro previously warned about this type of fraud. Increasing accessibility to deepfake technology and AI-powered fraud is heightening the risk. Organizations need to strengthen processes, collaborations, and defense technology to defend … Read more
February 7, 2024 at 10:08AM The Super Bowl event attracts threat actors seeking payment card data, user credentials, and ransom opportunities. Cyber adversaries include cybercriminals, hacktivists, deliberate disruptors, and nation-state actors. Businesses must also consider internal threats posed by employees, temporary staff, and vendors. Adversaries engage in diverse tactics including social engineering, disinformation, and data … Read more
February 1, 2024 at 01:04PM Healthcare companies face both immense opportunity and unprecedented risk in the digital era. While digitalization has improved healthcare delivery, escalating cyberattacks have exposed vulnerabilities. Cyber breaches compromise patient trust, incur financial losses, and pose risks to individual medical information. Offering identity monitoring services is insufficient, necessitating a proactive approach to … Read more
January 19, 2024 at 06:09AM Ransomware-as-a-service is poised to drive an increase in attacks in Nigeria, impacting both public and private sectors. A Cyber Security Experts of Nigeria (CSEAN) report highlights the impact of ransomware groups and variants in 2023, urging proactive measures such as prompt patching and stronger monitoring practices to mitigate the anticipated … Read more
January 17, 2024 at 12:52PM TAG.Global now mandates all employees to take a cybersecurity fluency assessment to enhance awareness and responsibility for information security. The test, covering various security subjects, aims to build a strong cybersecurity culture. Tawfiq Talhouni plans to extend the program outside the company, contributing to cybersecurity awareness in the Middle East. … Read more
December 21, 2023 at 03:30PM Microsoft warns of APT33 Iranian cyber-espionage group using FalseFont backdoor malware to target over 100,000 defense companies globally. Known as Peach Sandstorm, the group has been active since 2013, targeting industries across the US, Saudi Arabia, and South Korea. Network defenders are advised to reset credentials and use multi-factor authentication … Read more
December 18, 2023 at 03:20PM Attackers have developed a novel method called “SMTP smuggling” to exploit vulnerabilities in email servers, allowing them to send spoofed emails from legitimate domains and bypass email security checks. This technique affects servers from Microsoft, GMX, and Cisco, potentially putting organizations at risk for targeted phishing attacks. Microsoft and GMX … Read more
December 14, 2023 at 11:25AM Ledger warns users not to use web3 dApps after a supply chain attack compromised their “Ledger dApp Connect Kit” library, causing a JavaScript wallet drainer to steal $600,000 in crypto and NFTs. The company removed the malicious version, uploaded a clean version, and advised users to clear sign transactions and … Read more
December 14, 2023 at 10:15AM Schools are increasingly targeted by cybercriminals, leading to grave consequences for students and the education sector. The reasons behind this vulnerability include aging IT infrastructure, inadequate cybersecurity expertise, and the increased use of technology by students without proper cybersecurity education. Urgent solutions include improving teacher salaries, reforming credit monitoring, and … Read more