By John E. Dunn Phishing attacks depend on creating huge numbers of lookalike ‘confusable’ domains. A new report has highlighted the most prevalent examples and suggested a way to detect phishing domains before they are used in anger. Ever since phishing attacks gathered steam two decades ago, the ability of criminals to create ‘confusable’ or typosquatting domains that look plausibly similar to real ones has been a thorn in everyone’s side. Companies have their brands hijacked, users are tricked into clicking on phishing emails that look genuine, and registrars are roundly criticized for allowing all of this to happen. Large…

An FBI cyber incident, GoDaddy’s third breach in three years and an NHS data leak highlight a week of major cybersecurity events. Here are the latest threats and advisories for the week of February 24, 2023. Threat Advisories and Alerts NCSC Provides Recommendations on Supply Chain Security As the recent ransomware attack on ION Trading revealed, supply chain attacks can be devastating to a business and have knock-on effects for suppliers and customers alike. The U.K. National Cyber Security Centre recently published guidance on the topic to help companies address supply chain cyberthreats. The article provides detailed security recommendations, including…

By Vivek Soni, CCSP Key Risk Indicators (KRIs) are critical predictors/indicators of undesirable events that can adversely impact the organisation. These are the kind of metrics which are forward looking and contribute to the early warning sign that facilitates enterprise to report risks, prevent calamity and remediate them promptly. Risks to an organisation may vary based on their business environment and the respective business unit. For example, an IT service management team might worry about changes going into production without approvals, an Information Security Team might focus on preventing data compromise, a bank might be concerned with fraudulent bank accounts…