#SecurityTraining

Cybersecurity Is Serious — but It Doesn’t Have to Be Boring

by

October 4, 2024 at 09:31AM Humor is emerging as a powerful asset in cybersecurity, boosting engagement, retention, and fostering a resilient security culture. Examples include gamification and humor-based competitions, effectively increasing motivation and productivity. However, implementing humor carries risks and challenges, such as trivializing threats or lacking cultural sensitivity. Nevertheless, humor can combat security fatigue, … Read more

Gh0st RAT Trojan Targets Chinese Windows Users via Fake Chrome Site

by

July 29, 2024 at 02:18AM The Gh0st RAT is being delivered to Chinese-speaking Windows users by the Gh0stGambit evasive dropper through a drive-by download scheme. The infection originates from a fake website masquerading as Google’s Chrome browser. The malware is capable of various malicious activities, and the distribution via drive-by downloads highlights the need for … Read more

Google guru roasts useless phishing tests, calls for fire drill-style overhaul

by

May 23, 2024 at 03:08PM Google’s Matt Linton argues against federally mandated phishing tests, comparing them to early fire drills. He points out the increasing phishing attacks despite anti-phishing controls, arguing for a different approach. Current tests are criticized for lack of evidence in reducing successful phishing campaigns, eroding trust, and burdening incident responders. Linton … Read more

Spies Among Us: Insider Threats in Open Source Environments

by

May 7, 2024 at 10:51AM A critical vulnerability in XZ Utils raised comparisons to the SolarWinds hack and highlighted the power of the open source community in averting a disaster. However, it also raised questions about security and trust within the ecosystem. The incident suggests the need for stricter security measures and consideration of internal … Read more

SANS Institute Research Shows What Frameworks, Benchmarks, and Techniques Organizations Use on their Path to Security Maturity

by

December 19, 2023 at 07:26PM Expel released the report “Frameworks, Tools and Techniques: The Journey to Operational Security Effectiveness and Maturity” by the SANS Institute. The majority of respondents prefer the NIST CSF framework. Results also indicate a lag in training and cyber-readiness exercises. The report provides insights on SOC practices, metrics, and security program … Read more

6 Steps to Accelerate Cybersecurity Incident Response

by

November 23, 2023 at 05:54AM Modern security tools are improving in defending networks against cybercriminals, but incidents still occur. Effective incident response requires preparation, identification, containment, eradication, recovery, and lessons learned. Preparation involves training personnel, establishing roles and responsibilities, and devising a response strategy. Identification involves detecting incidents through internal or external means and collecting … Read more

The 7 Deadly Sins of Security Awareness Training

by

November 21, 2023 at 06:47PM Avoid these tactics when educating employees about risk. As an executive assistant, my role is to diligently and accurately generate clear takeaways from meeting notes. Based on the provided meeting notes, it is advised to avoid using these tactics when trying to educate employees about risk. It is recommended to … Read more