December 12, 2024 at 02:20PM Phishing is a leading cyber threat that often initiates data breaches, as seen in the 2021 Colonial Pipeline attack. This social engineering tactic manipulates victims into revealing sensitive information through various methods, including email and SMS. Mitigating risks requires user education, technical controls, and robust incident response strategies. ### Meeting … Read more
December 10, 2024 at 10:11AM The article by Varonis Security Specialist Tom Barnea discusses the evolution of sophisticated phishing attacks that exploit AI and legitimate platforms. A specific case involving a U.K. insurance company illustrates how attackers used a trusted sender’s email and created deceptive links. Recommendations emphasize user awareness and technical measures for prevention. … Read more
November 4, 2024 at 10:56AM Weak and reused passwords pose a significant risk to online security, with 88% of services relying on them. To enhance security, organizations should adopt robust password policies, utilize tools like password auditors and managers, implement multi-factor authentication, and prioritize user education and awareness to build a stronger defense against cyber … Read more
October 31, 2024 at 10:21AM The “see one, teach one, do one” model in cybersecurity emphasizes training high-risk users through observation, education, and practical application. By focusing on this group, organizations can mitigate significant vulnerabilities, enhance tool efficiency, and foster a culture of shared cybersecurity responsibility, ultimately improving overall defense strategies against threats. ### Meeting … Read more
April 11, 2024 at 04:41PM Red team exercises play a vital role in enhancing organizational security through simulated cyberattacks, including tactics like phishing and lateral movement within networks. Regular testing and improvement are needed to counter evolving threats effectively. Different types of exercises such as external red teaming, assumed breach, and purple teaming have distinct … Read more
January 4, 2024 at 01:06PM Mimecast has acquired Elevate Security, a startup specializing in user-education technology. The acquisition aims to enhance Mimecast’s Awareness Training product line with Elevate Security’s risk scoring algorithm and incident triage technology. Financial details were not disclosed. Mimecast plans to support Elevate Security’s existing customer base. Elevate Security, founded six years … Read more