Researchers at cybersecurity firm Perception Point have identified a new type of two-step phishing attack that exploits Microsoft Visio files (.vsdx) and Microsoft SharePoint. This strategy uses the .vsdx format to embed malicious URLs, effectively bypassing conventional security measures and…
Category: EN
The PANCCD™ Model: Strengthening Cyber Resiliency and Compliance
by Gary S. Miliefsky, CISSP, fmDHS I came up with this model to simplify cybersecurity, resiliency and regulatory compliance for executives who are not cybersecurity experts. The PANCCD™ model (People,… The post The PANCCD™ Model: Strengthening Cyber Resiliency and Compliance…
Fraudsters Abuse DocuSign API for Legit-Looking Invoices
I didn’t see much visibility on this DocuSign hack. This is a situation where the product features were not vetted to understand if they could be misused by malicious fraudsters. There is not a technical vulnerability, it comes down…
DoD Zero Trust Strategy proves security benchmark years ahead of schedule with Microsoft collaboration
The Navy implementation scored a 100 percent success rate, meeting DoD requirements on all 91 Target-Level activities tested. The post DoD Zero Trust Strategy proves security benchmark years ahead of schedule with Microsoft collaboration appeared first on Microsoft Security Blog.…
New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks
Cybersecurity researchers have flagged a new ransomware family called Ymir that was deployed in an attack two days after systems were compromised by a stealer malware called RustyStealer. “Ymir ransomware introduces a unique combination of technical features and tactics that…
Apple iPhone inactivity reboot data security feature and Amazon data breach 2024
Apple Introduces ‘Inactivity Reboot’ Security Feature to Protect iPhones from Theft and Data Breach Apple iPhones running iOS 18.1 are now equipped with an enhanced security feature designed to safeguard personal data in case of device theft. Dubbed the “Inactivity…
The Growing Threat of Ransomware in 2024: What You Need to Know
Ransomware attacks have become a regular fixture in the headlines, wreaking havoc across industries, leaving organizations racing to restore operations, and customers worrying about the safety of their data. The fallout from a ransomware incident reaches well beyond operational disruptions—reputational…
Best Practices in Penetration Testing: Ensuring Robust Security
Penetration testing (or “ethical hacking”) is an essential practice for identifying and addressing security vulnerabilities in systems, networks, and applications. By simulating real-world cyberattacks, organizations can proactively assess their defenses and strengthen their cybersecurity posture. However, penetration testing requires skill,…
5 Identity Theft Challenges Every Business Needs to Tackle
As more businesses move online, establishing an e-commerce channel is essential to meet buyer expectations for speed and convenience. But as more activity is conducted online, businesses face a rising threat that can’t be overlooked: business identity theft. This especially…
Amazon Confirms Employee Data Breach Via Third-party Vendor
Amazon has confirmed that sensitive employee data was exposed due to a breach at a third-party vendor. The breach arose from exploiting a critical vulnerability in MOVEit, a widely used file transfer software. The vulnerability, first reported in mid-2023 under…
The PANCCD™ Model: Strengthening Cyber Resiliency and Compliance
by Gary S. Miliefsky, CISSP, fmDHS I came up with this model to simplify cybersecurity, resiliency and regulatory compliance for executives who are not cybersecurity experts. The PANCCD™ model (People,… The post The PANCCD™ Model: Strengthening Cyber Resiliency and Compliance…
2025 Global State of API Security Report – New Data Shows API Breaches Continue to Rise Due to Fraud, Bot Attacks, and GenAI Risks
The landscape of API security is evolving rapidly, driven by increasing complexities in IT environments, the proliferation of third-party APIs, and the rise of generative AI applications. These factors are expanding the attack surface and introducing new vulnerabilities that traditional security…
The PANCCD™ Model: Strengthening Cyber Resiliency and Compliance
by Gary S. Miliefsky, CISSP, fmDHS I came up with this model to simplify cybersecurity, resiliency and regulatory compliance for executives who are not cybersecurity experts. The PANCCD™ model (People,… The post The PANCCD™ Model: Strengthening Cyber Resiliency and Compliance…
Veeam RCE Bug Now a Target for Frag Ransomware Operators
Recently, a critical VBR (Veeam Backup & Replication) security flaw was exploited by cyber thieves to distribute Frag ransomware along with the Akira and Fog ransomware attacks. Florian Hauser, a security researcher with Code White, has discovered that the…
Powerpipe: Open-source dashboards for DevOps
Powerpipe is an open-source solution designed to streamline DevOps management with powerful visualization and compliance tools, making it simple to track, assess, and act on key data for smarter decision-making and continuous compliance monitoring. Dynamic dashboards and reports Powerpipe’s high-level…
Evaluating your organization’s application risk management journey
In this Help Net Security interview, Chris Wysopal, Chief Security Evangelist at Veracode, discusses strategies for CISOs to quantify application risk in financial terms. Wysopal outlines the need for continuous risk management practices and robust strategies to manage third-party software…
The changing face of identity security
It’s easy to see why identity security is often synonymous with user security. Social engineering tactics are the mainstay of the threat actor’s arsenal, and it’s rare to find an attack that doesn’t feature them to some degree. Getting hold…
New Phishing Campaign Delivers Advanced Remcos RAT Variant
Fortinet’s FortiGuard Labs has uncovered a sophisticated phishing campaign distributing a new variant of the Remcos Remote Access Trojan (RAT). The campaign begins with a phishing email containing a malicious Excel document designed to exploit vulnerabilities and deliver the Remcos…
Six Questions to Ask Your Would-Be SIEM Provider
Gathering and deciphering data insights for usable solutions forms the foundation of a strong cybersecurity strategy. However, organizations are swimming in data, making this task complex. Traditional Security Information and Event Management (SIEM) tools are one method that organizations have…
The PANCCD™ Model: Strengthening Cyber Resiliency and Compliance
by Gary S. Miliefsky, CISSP, fmDHS I came up with this model to simplify cybersecurity, resiliency and regulatory compliance for executives who are not cybersecurity experts. The PANCCD™ model (People,… The post The PANCCD™ Model: Strengthening Cyber Resiliency and Compliance…