Many employees are celebrating the recent shift to remote and hybrid work. However, some security specialists and compliance experts are not as thrilled. Digitalization, cloud computing, and Software as a Service (SaaS) bring new freedom and flexibility to organizations and workers. At the same time, they send data out into the wild beyond traditional security perimeters. There is a lot of...

While there’s no denying that AI has its advantages, it also comes with its fair share of drawbacks. One of which is its role in making social engineering easier to pull off. Cyber criminals are beginning to utilize AI software to generate the voice of chief executive officers and fool employees into revealing sensitive information or initiating monetary transfers. An astounding 82% of cyber...

New regulations are already keeping IT professionals on their toes in 2023. One monumental change for California residents and businesses is the California Privacy Rights Act (CPRA). The legislation came into force on January 1, 2023. Legislators drafted the new rules to empower consumers and close gaps in the California Consumer Privacy Act (CCPA). The CPRA gives customers more control over...

In the age of robots and artificial intelligence comes another player in the AI market: ChatGPT (Generative Pre-trained Transformer). Since its release, cyber security professionals have unlocked various opportunities with its features. Namely, it can answer prompts, write codes on demand, detect phishing emails, and crack passwords. In a nutshell, ChatGPT can be an invaluable tool for security...

KrebsOnSecurity blog recently reported on a popular, low-cost Common Access Card (CAC) reader available on Amazon that came with drivers infected by malware. A compromised smart ID card reader can bring severe consequences to both government and private organizations. It gives hackers an easy backdoor means of infiltrating networks and systems, which can leave sensitive information vulnerable...

Not only are they burning through cash as they pivot toward the metaverse, but their struggles with data privacy are an ongoing issue. In many ways, Facebook/Meta’s data privacy troubles began in 2018, with revelations that a data-marketing firm had illegally collected the personal details of more than 80 million Facebook users. However, despite promises of improvements and changes in corporate...

If you’re a company that uses email scanning technology as the first line of cyber defense, you should know about a recent slate of malicious Word document-based attacks. These attacks are designed to deliver malware and ransomware to targeted systems. Security researchers at Cisco Talos recently identified an attack where Word document files attached to emails were used to deliver Cobalt Strike...

On November 1st, 2022, Dropbox became the victim of a cyber attack where source code repositories, as well as names and emails of their employees, were unauthorizedly accessed. It is not yet clear how the unauthorized access took place, but Dropbox has said that they are investigating the matter. The company is urging all users to change their passwords as a precautionary measure. This breach...

On September 15, the Hive ransomware group claimed to have launched an attack against Bell Technology Solutions on August 20, 2022. The compromised information contained approximately 1.9 million active email addresses, 1,700 names, and active phone numbers. Bell Technology Solutions is a subsidiary of Bell Canada, a leading communications company and communications provider for over 140 years....

Malware is perhaps the most widely known out of all IT security threats. Since 1986, malware has become a significant concern for enterprise users, with recent examples including the Colonial Pipeline attack, Kaseya ransomware attack, and the SolarWinds Dark Halo breach. However, these attacks are just the tip of the iceberg, with many businesses falling victim to malware and ransomware attacks...

At the start of April, hackers leaked the data of 533 million Facebook users from 106 countries in an online hacking forum. The leaked data included the private information of Facebook users like full names, phone numbers, email addresses, locations, Facebook IDs, and biographical data. While hackers obtained the information in 2019, there are serious concerns over how cyber criminals could use...

In mid-August, cybercriminals targeted the Canada Revenue Agency with two credential stuffing attacks, obtaining the usernames and passwords of 9,041 GCKey accounts, and 5,500 CRA accounts. The fraudsters then used the stolen login credentials to apply for the Canadian Emergency Response Benefit (CERB). In response to the attack, a statement released by the Office of the Chief Information Officer...