January 17, 2024 at 12:52PM TAG.Global now mandates all employees to take a cybersecurity fluency assessment to enhance awareness and responsibility for information security. The test, covering various security subjects, aims to build a strong cybersecurity culture. Tawfiq Talhouni plans to extend the program outside the company, contributing to cybersecurity awareness in the Middle East. … Read more
December 21, 2023 at 03:30PM Microsoft warns of APT33 Iranian cyber-espionage group using FalseFont backdoor malware to target over 100,000 defense companies globally. Known as Peach Sandstorm, the group has been active since 2013, targeting industries across the US, Saudi Arabia, and South Korea. Network defenders are advised to reset credentials and use multi-factor authentication … Read more
December 18, 2023 at 03:20PM Attackers have developed a novel method called “SMTP smuggling” to exploit vulnerabilities in email servers, allowing them to send spoofed emails from legitimate domains and bypass email security checks. This technique affects servers from Microsoft, GMX, and Cisco, potentially putting organizations at risk for targeted phishing attacks. Microsoft and GMX … Read more
December 14, 2023 at 11:25AM Ledger warns users not to use web3 dApps after a supply chain attack compromised their “Ledger dApp Connect Kit” library, causing a JavaScript wallet drainer to steal $600,000 in crypto and NFTs. The company removed the malicious version, uploaded a clean version, and advised users to clear sign transactions and … Read more
December 14, 2023 at 10:15AM Schools are increasingly targeted by cybercriminals, leading to grave consequences for students and the education sector. The reasons behind this vulnerability include aging IT infrastructure, inadequate cybersecurity expertise, and the increased use of technology by students without proper cybersecurity education. Urgent solutions include improving teacher salaries, reforming credit monitoring, and … Read more
December 7, 2023 at 09:07PM According to Gartner, 93% of employees may violate security policies to avoid inconvenience. Companies are adopting human-centric security, focusing on reducing friction and tailoring policies and training to users’ needs. Enhanced security tools and positive reinforcement are employed to encourage secure behavior without impeding workflows. **Meeting Takeaways:** – **Employees Bypass … Read more
December 7, 2023 at 07:00AM Cybersecurity attackers exploit human qualities like trust and emotions through social engineering to compromise personal and organizational security. Recognizing these vulnerabilities enables better defense strategies. These concepts stem from Ulrich Swart’s article in the Security Navigator, which also explores hacktivism and cyber extortion research. **Meeting Takeaways:** 1. **Human Complexities in … Read more
December 4, 2023 at 11:04AM Submit a cybersecurity caption for a contest by Dec. 27, 2023, via email or social media. Winner gets a $25 Amazon card. Last month’s winner was Paul Mauriks. **Takeaways from Meeting Notes:** – There is an ongoing contest for creating a cybersecurity-related caption, related to an unspecified scene. – The … Read more
November 21, 2023 at 06:47PM Avoid these tactics when educating employees about risk. As an executive assistant, my role is to diligently and accurately generate clear takeaways from meeting notes. Based on the provided meeting notes, it is advised to avoid using these tactics when trying to educate employees about risk. It is recommended to … Read more
November 20, 2023 at 10:04AM The relationship between chief information security officers (CISOs) and vendors is crucial for the cybersecurity ecosystem. As the role of the CISO evolves due to market changes, COVID-19, and increased cybersecurity awareness, it is important to understand how these changes impact the relationship with vendors. Communication, adaptability, collaboration, and cost-effectiveness … Read more