Are you sure you want to leave? You’re just one step away from your free network consultation (valued at $495).
Blog
UK: NCSC Publishes Practical Security Guidance for SMBs
Smaller organizations are increasingly reliant on cloud and online services, making them vulnerable to cyber threats. The guide provides practical advice on choosing the right service, securing user accounts, and recovering from a cyberattack.
Atomic Stealer Gets an Upgrade – Targeting Mac Users with Encrypted Payload
Cybersecurity researchers have identified an updated version of a macOS information stealer called Atomic (or AMOS), indicating that the threat actors behind the malware are actively enhancing its capabilities. "It looks like Atomic Stealer was updated around mid to...
There is a Ransomware Armageddon Coming for Us All
Generative AI will enable anyone to launch sophisticated phishing attacks that only Next-generation MFA devices can stop The least surprising headline from 2023 is that ransomware again set new records for a number of incidents and the damage inflicted. We saw new...
Black Basta-Affiliate Spreads Pikabot
Threat group Water Curupira, known for its Cobalt Strike backdoors, recently transitioned to using Pikabot malware in phishing campaigns. Pikabot witnessed a surge in activity in Q4 2023, potentially serving as a replacement for Qakbot after its takedown. Users must...
Thousands of WordPress Sites with Popup Builder Plugin Compromised by Balada Injector
A stored XSS flaw in the Popup Builder WordPress plugin has been exploited by the Balada Injector campaign. The campaign injects malicious code into websites using older versions of the plugin, with over 6,200 sites currently affected.
Top LLM Vulnerabilities and How to Mitigate the Associated Risk
Enterprises must implement robust security measures throughout the AI application development lifecycle to mitigate vulnerabilities such as prompt and data leakage, including sandboxing, whitelisting, and careful vetting of plug-ins.
Beware of Phishing Scams Disguised as Annual HR Tasks
Threat actors are increasingly using annual responsibilities like open enrollment, 401k updates, and salary adjustments as lures to steal employee credentials through phishing emails.
Cisco Says Critical Unity Connection Bug Lets Attackers Get Root
The vulnerability, found in the software's web-based management interface, allows attackers to execute commands on the underlying operating system by uploading arbitrary files.
Mandiant’s X Account Was Hacked Using Brute-Force Attack
The compromise of Mandiant's X (formerly Twitter) account last week was likely the result of a "brute-force password attack," attributing the hack to a drainer-as-a-service (DaaS) group. "Normally, [two-factor authentication] would have mitigated this, but due to some...
Chinese Hackers Exploit Zero-Day Flaws in Ivanti Connect Secure and Policy Secure
A pair of zero-day flaws identified in Ivanti Connect Secure (ICS) and Policy Secure have been chained by suspected China-linked nation-state actors to breach less than 10 customers. Cybersecurity firm Volexity, which identified the activity on the network of one of...
FREE GUIDE
The Ultimate Guide To IT Support Services And Fees
What You Should Expect To Pay For IT Support For Your Small Business (And How To Get Exactly What You Need Without Unnecessary Extras, Hidden Fees And Excessive Contracts)
