%term

Ransomware Response Plan: What Steps Schools and Libraries Should Take After an Attack

May 14, 2025 By Sarah Manley In LevelBlue

In Part 1 of this blog series The Ransomware Threat: Preparing Schools and Libraries for Ransomware Attacks, we discussed creating a pre-incident plan that includes a backup process, asset management, identity and access management, risk-based vulnerability management, and security awareness training to minimize the risk of ransomware attacks.

Read Post

LevelBlue

Read more about Ransomware Response Plan: What Steps Schools and Libraries Should Take After an Attack

The Forgotten Threat: How Supply Chain Attacks Are Targeting Small Businesses

May 14, 2025 By Isla Sibanda In Tripwire

When people hear "supply chain attack," their minds often go to headline-grabbing breaches. But while analysts, CISOs, and journalists dissect those incidents, a more tactical and persistent wave of attacks has been unfolding in parallel; one that's laser-focused on small businesses as the point of entry. This isn't collateral damage. It's by design.

Read Post

Tripwire

Read more about The Forgotten Threat: How Supply Chain Attacks Are Targeting Small Businesses

One Click Is All It Takes: The Danger of CSRF Attacks

May 13, 2025 By SafeAeon Inc. In SafeAeon

CSRF attack or Cross-site request forgery is a very dangerous and stealthy web security vulnerability that exploits trust from a user's browser for a web application. A successful CSRF attack deceives an authenticated user into performing some operations without his consent-like account modification or payment or financial transaction against his will. Most alarming in such cases is that CSRF attacks usually remain unknown for end-users that make defending against them difficult.

Read Post

SafeAeon

Read more about One Click Is All It Takes: The Danger of CSRF Attacks

Actions to Take Following the M&S Cyber Attack

May 13, 2025 By The Cyber Helpline In The Cyber Helpline

In light of the recent disclosure by Marks & Spencer (M&S) regarding a cyber attack that resulted in the theft of customer data, we strongly recommend that if you are affected you take immediate and proactive steps to protect your digital identity and reduce the risk of further compromise.

Read Post

The Cyber Helpline

Read more about Actions to Take Following the M&S Cyber Attack

How to Protect Your Business from Scattered Spider's Latest Attack Methods

May 13, 2025 By KnowBe4 Team In KnowBe4

Mandiant warns that the Scattered Spider cybercriminal group is using “brazen” social engineering attacks to target large enterprise organizations in a wide range of sectors. Specifically, the group targets “organizations with large help desk and outsourced IT functions which are susceptible to their social engineering tactics.” The threat actors impersonate employees and attempt to trick IT workers into granting them access. The group also poses as IT workers to target employees.

Read Post

KnowBe4

Read more about How to Protect Your Business from Scattered Spider's Latest Attack Methods

Risks of Using Public Wi-Fi for Crypto Transactions

May 13, 2025 By SecuritySenses In SecuritySenses

As cryptocurrency adoption continues to rise, the ease of managing assets through mobile wallets and trading platforms has brought a new layer of convenience. However, this accessibility can also lead to overlooked security risks, especially when users rely on public Wi-Fi networks for transactions. Airports, coffee shops, hotels, and public transportation hubs may offer free internet access, but these networks present significant vulnerabilities that can expose sensitive information.

Read Post

SecuritySenses

Read more about Risks of Using Public Wi-Fi for Crypto Transactions

A Subtle Form of Siege: DDoS Smokescreens as a Cover for Quiet Data Breaches

May 12, 2025 By Guest Authors In Tripwire

DDoS attacks have long been dismissed as blunt instruments, favored by script kiddies and hacktivists for their ability to overwhelm and disrupt. But in today's fragmented, hybrid-cloud environments, they've evolved into something far more cunning: a smokescreen. What looks like digital vandalism may actually be a coordinated diversion, engineered to distract defenders from deeper breaches in progress.

Read Post

Tripwire

Read more about A Subtle Form of Siege: DDoS Smokescreens as a Cover for Quiet Data Breaches

358% surge in DDoS attacks in 2025

May 10, 2025 By Cloudflare In Cloudflare

We break down Cloudflare’s Q1 2025 DDoS Threat Report, showing a 358% year-over-year increase in DDoS attacks. Omer Yoachimik, Senior Product Manager for DDoS at Cloudflare, unpacks it all in the full video.

View Video

Cloudflare

Read more about 358% surge in DDoS attacks in 2025

You Are Still Vulnerable to Password Attacks When Using Passkeys

May 9, 2025 By Roger Grimes In KnowBe4

Just because you’re using a passkey doesn’t mean your password is gone. Microsoft is going passwordless in a new big push. As part of that new initiative, they are strongly pushing FIDO passkeys. I am a big fan of FIDO passkeys and FIDO in general. FIDO authentication offerings, including passkeys, are phishing-resistant, which makes them a HUGE improvement over passwords and most other multi-factor authentication products.

Read Post

KnowBe4

Read more about You Are Still Vulnerable to Password Attacks When Using Passkeys

Decoding Fidelis Deception Technology to Outsmart Attackers with Fidelis Elevate

May 9, 2025 By Fidelis Security In Fidelis Security

In today’s digital battlefield, attackers aren’t just breaking in—they’re sneaking past defenses, staying hidden, and making off with sensitive data long before anyone notices. While organizations invest in firewalls, antivirus tools, and endpoint protection, attackers are becoming smarter, faster, and harder to detect. We need detection that’s not only quick but also intelligent and proactive.

Read Post