risks

What to do if you receive a text with a two-factor authentication code from a service you’ve never registered for.

A look at the biggest ransomware attacks of 2023.

The KeyTrap DoS attack, which can disable DNS servers with a single malicious packet exploiting a vulnerability in DNSSEC.

Why cybercriminals want to attack PR and marketing staff and, crucially, how to protect your company from financial and reputational harm.

Time to update Fortra GoAnywhere MFT: an exploit has been developed for a critical vulnerability that allows attackers to bypass authentication and create admin accounts.

Ethical hackers told 37C3 how they found a few eye-openers while breaking DRM to fix trains.

Google OAuth allows to create phantom Google accounts — uncontrollable by corporate Google Workspace administrators.

Why criminals want to hack your website, how they might use it in new attacks, and how to stop them.

We explain what OSINT is, why it has to be front-of-mind at all times, and how to guard against hackers using it.

How social engineering helped hack the CIA chief, hijack Elon Musk and Joe Biden’s Twitter accounts, and steal half-a-billion dollars.

What security aspects should be top-of-mind when implementing important changes in corporate IT infrastructure?

Low-code apps lower IT costs, but boost information security risks. How to mitigate them?

Social engineering in the spotlight: from classic tricks to new trends.

A few tips on how to establish cybersecurity communications with employees.

Сloud technologies differ in terms of both costs and risks. What cloud type should you choose, and how should you begin your migration?

The pros and cons of different approaches to deploying and maintaining information security systems.

Open-source applications require proper implementation and maintenance; otherwise a company could face many threats. We highlight the key risks.

DIY security trainings for your colleagues that are both fun (for you) and educational (for them).

It’s common practice in many companies to keep work and personal information separate. But browser synchronization often remains unnoticed — and attackers are already exploiting it.

Business is actively moving over to open-source solutions. How can the transition be made successfully, and what are the risks to consider?

Information security measures are far more effective when supported by top management. How to get this support?