Why Cryptojacking Attacks Continue to Rise

Why Cryptojacking Attacks Continue to Rise

Cyber-attacks for profit are likely to stick around as long as the cybersphere exists, but the threatscape is always shifting and evolving. Phishing attacks, which have dominated the headlines for the past couple of years, are now sharing ink with cryptojacking, an attack method that is likely to continue to increase in popularity among hackers. According to a recent report by Adguard, more than 33,000 websites are currently running a cryptojack script, and the estimated monthly visits to these infected websites is more than 1 billion.

Read More

Blockchain Technology: Can It Rise to the Cybersecurity Challenge?

Blockchain Technology: Can It Rise to the Cybersecurity Challenge?

Old-school cybersecurity approaches are having a hard time keeping up with the complexity and reach of the vast networks of interconnected machines that make up our reality. As the line blurs between the physical and digital worlds, companies large and small are struggling to keep data secure and private. But all hope is not lost. Security professionals are looking to blockchain technology as a way to meet cybersecurity challenges.

Read More

How Artificial Intelligence (AI) is Helping Cyber-criminals

How Artificial Intelligence (AI) is Helping Cyber-criminals

Artificial intelligence (AI) is already changing the digital world, with Internet of Things (IoT) and operational technology (OT) devices flooding homes, workplaces, and nearly every aspect of daily life. Along with many benefits, including greatly improved cybersecurity [link to the previous post about AI as a security tool], AI has a dark side. Cybercriminals are employing AI tactics and automation, machine learning, and agile software development to more quickly and effectively discover and exploit security vulnerabilities.

Read More

Why Most Companies Don’t Have Control Over Password Security

Why Most Companies Don’t Have Control Over Password Security

Many people have developed a psychological picture of what a cyber-attack consists of. There’s a tendency to assume a complex, thrilling attack is executed by highly-technical individuals who have penetrated a network to access ironclad sensitive data. The reality, however, is much different.

Read More

The Newest Type of Phishing Attack: Cloud-Based Documents

The Newest Type of Phishing Attack: Cloud-Based Documents

Phishing has become a well-known term, even showing up in prime-time commercials and rolling off the tongue of tech-savvy, scam-weary seniors. Despite the widespread awareness of phone, email, and even in-person phishing scams, new and creative attacks remain the bane of security staff. The latest phishing threat gaining traction? Cloud-based documents.

Read More

IoT, Medical Devices, and Cybersecurity Concerns

IoT, Medical Devices, and Cybersecurity Concerns

Not so long ago, medical devices required only physical security considerations—only those who had access to the device could access the device’s data. However, through the Internet of Things (IoT), medical devices’ connectivity to the cloud has put them in the cross-hairs of cyber attackers.

Read More

A Look Inside the Cybercrime-as-a-Service Industry

A Look Inside the Cybercrime-as-a-Service Industry

There’s a skills-gap and specialist shortage in the cybercrime industry. You read that correctly. Cybercriminals are looking for new recruits to fill positions in the rapidly growing cybercrime as a service (CaaS) industry. Although it sounds like something out of a low-budget science fiction flick, CaaS is very real and thriving.

Read More

Selling a Social Engineering Attack

Selling a Social Engineering Attack

Social engineering techniques are not only becoming more common but also more sophisticated. Attackers seem to be taking notes from Marketing 101, ensuring that their lures strike a chord with their victims with emails that include customized messages with very official looking logos and layouts, fraudulent phone calls that cite actual employee names and titles, and even well-rehearsed seemingly innocuous facility access attempts.

Read More

SSL Configuration Best Practices Part 2: Server Certificates

SSL Configuration Best Practices Part 2: Server Certificates

Secure Sockets Layer (SSL) configuration is a critical component of defending publicly accessible web applications against man-in-the-middle and other attacks. This second of a three-part series on SSL configuration best practices explores SSL server certificate best practices.

Read More