AllAugustJulyJuneMay
Image
Name
Designation
Short Description
Social Links
GitHub to Developers: Turn on 2FA, or Lose Access

All active GitHub users who contribute code will be required to enable at least one form of two-factor authentication by the end of 2023.

Microsoft Elevation-of-Privilege Vulnerabilities Spiked Again in 2021

But there was a substantial drop in the overall number of critical vulnerabilities that the company disclosed last year, new analysis shows.

FBI: Business Email Compromise Attacks Led to More Than $43 billion in Losses Since 2016

More than $43 billion has been lost through Business Email Compromise and Email Account Compromise scams since 2016, according to data.

CISA Adds Dozens of Vulnerabilities to Catalog of Exploited Bugs

CISA added 41 vulnerabilities to its catalog of known exploited bugs this week.

GitHub to Enforce Two-Factor Authentication

Github said that all users who upload code to the site will need to enable one or more forms of 2FA by the end of 2023.

FBI: Over $43B in BEC Losses Reported in Five Years

The FBI has disclosed that more than $43 billion has been lost from BEC attacks between June 2016 and December 2021.

Cisco Makes Public Its Cloud Controls Framework for Security Requirements

Cisco released its Cloud Controls Framework (CCF).

Alexa Ranking Service Shutdown To Impact Cybersecurity

Alexa Ranking Service Shutdown To Impact Cybersecurity.

CREST Partners with Immersive Labs to Offer Course Focused on Incident Response

CREST Partners with Immersive Labs to Offer Course Focused on Incident Response.

IBM Focuses on Shortage of AI Talent in IT and Security

IBM has been warning about the cybersecurity skills gap for several years now and has recently released a report on the lack of AI skills.

FBI: Losses From BEC Scams Surpass $43 Billion

The Federal Bureau of Investigation says BEC and email account compromise (EAC) losses have surpassed $43 billion.

Amazon’s Shuttering of Alexa Ranking Service Hits Cybersecurity Industry

The decision to kill off the popular web traffic analysis and website ranking service does have some impact on the cybersecurity industry.

Business Email Compromise Costs $43 Billion

The FBI said that the amount of money lost to business email compromise (BEC) scams continue to grow each year.

COBALT MIRAGE Conducts Ransomware Operations in US

COBALT MIRAGE Conducts Ransomware Operations in US.

FBI Says Business Email Compromise Attacks Have Cost Over $43 Billion Since 2016

FBI Says Business Email Compromise Attacks Have Cost Over $43 Billion Since 2016.

Losses from BEC Scams Mounting

The amount of money lost to business email compromise scams continues to grow each year, with a 65% increase.

GitHub 2FA Push is Positive, But There’s More to Be Done

All developers contributing code on GitHub will be required to enable at least one form of two-factor authentication by the end of the year.

Bug Bounty Hunters: From Side Hustle to Tech Career

The number of bug bounty programs offered by enterprises and government agencies continues to expand.

Iran-Linked Cobalt Mirage Extracts Money, Info from US Orgs – Report

The Iran-linked Cobalt Mirage crew is running attacks against America for both financial gain and for cyber-espionage purposes.

FBI: Business Email Compromise Resulted in Losses of $43 Billion Since 2016; BEC Attacks Increased by 65% Between 2019 and 2021

The Federal Bureau of Investigation (FBI) reported losses from business email compromise (BEC) attacks increased by 65%.

Hackers Could Track Your iPhone Even When It’s Off

Even shutting down your iPhone might not keep it safe from hackers, but experts say most people don’t have much to worry about.

Emotet Proved Too Effective for Threat Actors to Abandon

Since Emotet is spread primarily through malicious email files or links, companies should reinforce security best practices.

NIST Sets SSE Framework in Final SP 800-160 Guidance

The final public draft puts a renewed focus on the design principles and concepts for engineering trustworthy secure systems.

Can Cybersecurity Job Prospects Survive an Economic Downturn?

For years, cybersecurity appeared largely immune from the ups and downs of the tech job market.

A.I. Adoption Opens More Doors to Cybersecurity Jobs

Artificial intelligence (A.I.) isn’t quite ready to take over the world, but it’s moving a step closer.

Microsoft Suggests Work-Around For ‘Serious’ Follina Zero-Day

Microsoft products provide “an attractive attack surface, as employees are constantly working with various documents.

Zero-Day Remote Code Execution Vulnerability Found in Microsoft Office; No Patch Yet, But Possible Fix Available

Microsoft Office products present threat actors with an attractive attack surface as employees are constantly working with various documents

Microsoft Office 365 Functionality Lets Ransomware Encrypt Files on SharePoint, OneDrive

Overall, cloud infrastructures are more resilient to ransomware attacks.

Microsoft Patches ‘Follina’ Zero-Day Flaw in Monthly Security Update

Microsoft’s new patch for Follina prevents code injection. However, the exploit code will still launch msdt.exe.

Push Fatigue: We’re tired too

Push Fatigue is when a user is consistently spammed with push notifications from an MFA service.

Ransomware Greatest Risk to Supply Chain in Minds of IT Pros

The way we try to certify supply chain partners today just doesn’t work.

Ransomware Greatest Risk to Supply Chain in Minds of IT Pros

The recent zero-day demonstrates the large attack surface in Office and the need to harden properly.

DragonForce Malaysia Releases LPE Exploit, Threatens Ransomware
Article

The hacktivist group is ramping up its activities and ready to assault governments and businesses with escalating capabilities.

North Korean State Actors Deploy Surgical Ransomware in Ongoing Cyberattacks on US Healthcare Orgs
Article

US government warns healthcare and public-health organizations to expect continued attacks involving the manually operated “Maui” ransomware

Stealthy Cyber-Campaign Ditches Cobalt Strike for Rival ‘Brute Ratel’ Pen Test Tool
Article

The latest criminal use of a legitimate red-teaming tool helps attackers stay under the radar and better access living-off-the-land binaries

Snowballing Ransomware Variants Highlight Growing Threat to VMware ESXi Environments
Article

Luna, Black Basta add to rapidly growing list of malware tools targeted at virtual machines deployed on VMware’s bare-metal hypervisor tech.

Sliver Emerges as Cobalt Strike Alternative for Malicious C2
Article

Microsoft and others say they have observed nation-state actors, ransomware purveyors, and assorted cybercriminals pivoting.

Red Team vs. Blue Team: How They Impact Your Cybersecurity Career

A report from consulting firm Accenture finds survey respondents reported an average of 270 separate attacks on their infrastructure in 2021

Why North Korea’s Cyber Threats Matter to Technologists

Organizations need to assume a breach has already happened.

U.S. Doubles Reward for Information on North Korea Cyberattackers

The United States has doubled the available reward for useful information on North Korea state-sponsored attacks on U.S. organizations

Sephora Fined for Violating CCPA — What it Means for Data Protection

CCPA imposed its first fine and charged Sephora $1.2m for failing to inform customers.

Upskilling IT Security Talent a Smart Bet

Organizations should look to upskilling young cybersecurity workers as an employee retention strategy

No Results Found

Where There is Unity, There is Victory

[Ubi concordia, ibi victoria]

– Publius Syrus

Contact Lares Consulting logo (image)

Continuous defensive improvement through adversarial simulation and collaboration.

Call Us

(720) 600-0329

Email Us

sales@lares.com

©2025 Lares, a Damovo Company | All rights reserved.
Enter your
text here