Skip to content

Good afternoon

How companies describe cyber incidents in SEC filings

It’s been three months since the Securities and Exchange Commission’s cyber disclosure rules took effect and rather than creating a deluge of incident revelations, only a trickle has emerged.

A third of web attacks targeted APIs in 2023, threatening the expanding API economy

APIs were the target of 29% of web attacks in 2023, with cybercriminals exploiting the swiftly growing API economy for new avenues of attack, according to a report from Akamai.

Financial services sees sharp increase in DDoS attacks as geopolitical tensions rise

DDoS attacks against the financial services sector historically accounted for about 10-15% of all attacks, however that trend began to rise in 2021, the FS-ISAC and Akamai found.

An Overview of the NIST Cybersecurity Framework 2.0

The NIST Cybersecurity Framework (CSF) 2.0, an evolution of its predecessor, is a comprehensive guide designed to assist organizations across various sectors in managing and mitigating cybersecurity risks effectively.

Google’s Security Command Center Enterprise fills gaps across cloud security lifecycle

Google’s new Security Command Center Enterprise (SCC Enterprise) could streamline cloud risk management through AI automation, saving security teams time, experts say. Enhanced with Mandiant threat intelligence and generative AI, SCC Enterprise aims to offer comprehensive insights across the cloud security lifecycle.

CryptoChameleon: New Phishing Tactics Exhibited in FCC-Targeted Attack

Lookout recently discovered an advanced phishing kit exhibiting novel tactics to target cryptocurrency platforms as well as the Federal Communications Commission (FCC) via mobile devices.

BlackCat ransomware shuts down in exit scam, blames the "feds"

The BlackCat ransomware gang is pulling an exit scam, trying to shut down and run off with affiliates’ money by pretending the FBI seized their site and infrastructure.

LockBit Ransomware Gang Returns, Taunts FBI and Vows Data Leaks

Despite arrests, infrastructure seizure and international law enforcement efforts, LockBit ransomware has resurfaced, promising robust security and threatening aggressive cyber attacks on UK and USA government sectors.

NIST Cybersecurity Framework 2.0 Officially Released

NIST on Feb 26th announced the official release of version 2.0 of its Cybersecurity Framework (CSF), the first major update since its creation a decade ago.

New Google Chrome feature blocks attacks against home networks

Google is testing a new feature to prevent malicious public websites from pivoting through a user's browser to attack devices and services on internal, private networks. More simply, Google plans to prevent bad websites on the internet from attacking a visitor's devices (like printers or routers) in your home or on your computer.

'KeyTrap' DNS Bug Threatens Widespread Internet Outages

Although it's been sitting there since 2000, researchers were just recently able to suss out a fundamental design flaw in a Domain Name System (DNS) security extension, which under certain circumstances could be exploited to take down wide expanses of the Internet.

Apple Adds Post-Quantum Encryption to iMessage

Apple on Wednesday unveiled PQ3, a new post-quantum cryptographic protocol for iMessage that is designed to protect encrypted communications even against future quantum computing attacks.

QR Code 'Quishing' Attacks on Execs Surge, Evading Email Security

Email attacks relying on QR codes surged in the last quarter, with attackers specifically targeting corporate executives and managers, reinforcing recommendations that companies place additional digital protections around their business leadership.

Ransomware actors hit zero-day exploits hard in 2023

Ransomware operators were especially successful targeting critical zero-day vulnerabilities in widely used IT products.

Ethical Hackers Reported 835 Vulnerabilities, Earned $450K in 2023

A study by Surfshark, a VPN service provider, has revealed that ethical hackers, or white hat hackers, played a vital role in improving cybersecurity in 2023 by identifying 835 vulnerabilities across 105 websites.

Ransomware payments reached record $1.1 billion in 2023​

Ransomware payments in 2023 soared above $1.1 billion for the first time, shattering previous records and reversing the decline seen in 2022, marking the year as an exceptionally profitable period for ransomware gangs. The previous record-high figure was set in 2021, with ransomware payments amounting to $983 million, surpassing the preceding record of $905 million in 2020 by approximately 10%.

Global Coalition and Tech Giants Unite Against Commercial Spyware Abuse

A coalition of dozens of countries, including France, the U.K., and the U.S., along with tech companies such as Google, MDSec, Meta, and Microsoft, have signed a joint agreement to curb the abuse of commercial spyware to commit human rights abuses.

Online ransomware decryptor helps recover partially encrypted files

CyberArk has created an online version of 'White Phoenix,' an open-source ransomware decryptor targeting operations using intermittent encryption.

US data compromises surged to record high in 2023

Data compromises were more abundant and organizations were less forthright about the root cause of cyberattacks throughout 2023, according to the Identity Theft Resource Center’s annual data breach report. The number of data compromises reported in the U.S. last year jumped 78% to a record high of 3,205 incidents, the non-profit organization said Thursday. These compromises ultimately impacted more than 353 million victims, including individuals affected multiple times.