CyberSecurity

Home CyberSecurity

Strengthening the Human Firewall: Prioritising Mental Health in Cybersecurity Teams

0

There are few places more challenging than the frontlines of war.

Danger lurks at every corner while enemy fire is a persistent threat. It’s a hostile and stress-induced environment that demands unwavering focus, and where a single error can have disastrous consequences.

Fortunately, the frontlines of war are a place most people won’t encounter today.

But the environment isn’t too contrasting to working on the frontlines of cyber defence.

Cybersecurity professionals operate in one of the most high-pressure environments today.

Threats bombard organisations incessantly, security alerts pour in by the minute, while teams often contend with constrained resources and budgets. Despite this, they bear the immense responsibility of defending their organisations against increasingly sophisticated cyber threats.

Cybersecurity has evolved into one of the most mission-critical departments in business, acting as an organisation’s frontline defence in the increasingly hostile digital landscape.

Cyberattacks have evolved from mere technical nuisances, into threats that can threaten the solvency of an organisation, causing financial and reputational devastation. Security teams must remain constantly vigilant to ensure no attack escalates into a full-scale breach or ransomware incident.

This immense responsibility can weigh heavily on cybersecurity professionals. Many feel that the future and safety of the entire organisation, as well as its customers and stakeholders, rest solely on their shoulders.

Unsurprisingly, burnout in cybersecurity is a prevalent and growing concern.

Security teams frequently feel overwhelmed by the pressure, working long hours with limited resources, while defending against a relentless and ever-evolving threat landscape.

This level of stress is unsustainable and, if unaddressed, can lead to exhaustion, decreased performance and even serious mental health issues.

Recent data from SoSafe revealed that sixty-eight percent of security professionals in Europe are experiencing burnout, with 32% experiencing high burnout levels and 36% experiencing a moderate degree.

This data underscores the severity of burnout in cybersecurity and reinforces the need for organisations to strive to do more to better support their teams.

So, what can organisations do to strengthen their security teams, ensuring their mental health is prioritised and they themselves feel protected?

  • Encourage Open Communication: Establishing open channels for security teams to voice their concerns is essential. Employees should feel comfortable discussing feelings of stress or burnout with HR, management or colleagues. Additionally, other departments should be educated about the pressures security teams face to prevent unnecessary strain or unrealistic demands.
  • Regular Check-Ins from Leadership: Management and HR must regularly engage with cybersecurity professionals, not just to assess performance but to understand their personal well-being. These check-ins should be a structured, ongoing initiative, demonstrating a leadership commitment to mental health.
  • Identify and Address Workload Issues: If team members are feeling overwhelmed, it’s crucial to assess why. Are there bottlenecks that can be alleviated? Could additional resources be allocated? Would time off help? Understanding the root causes of stress can lead to actionable solutions.

In today’s increasingly pressured security landscape, organisations must take proactive steps to support their security teams. Failing to do so can not only jeopardise employee well-being but also expose the organisation to increased security risks.

Ignoring burnout and placing too much pressure on security teams, won’t help the organisation. Over stretched staff lead to reduced attention, increased errors, and, ultimately, compromised systems.

By supporting those on the frontlines of digital defence, we ensure stronger, more resilient organisations that are better equipped to face the evolving cyber threat landscape.

At this year’s DTX Manchester, I will be participating in a keynote panel session alongside the Office for Nuclear Regulation and Community Mental Health Services, where we will discuss how to strengthen the human firewall and prioritise mental health in cybersecurity teams.

 During the session we will discuss how managers and colleagues can identify signs of mental health struggles, provide advice on effective ways to approach, talk to, and support colleagues who may be masking or exhibiting concerning behaviour and  also discussing the strategies and resources available to foster resilience in high-pressure environments and support employee mental health.

Join me for the session, which will take place on Wednesday 2nd April from 12:10PM – 12:45PM.

By Jonathan Marnoch, Principle Cyber Architect, Jaguar Land Rover

The post Strengthening the Human Firewall: Prioritising Mental Health in Cybersecurity Teams appeared first on IT Security Guru.

KnowBe4 research reveals a confidence gap in cybersecurity, putting organisations at risk

0

KnowBe4, cybersecurity platform that comprehensively addresses human risk management, has released new research indicating that while 86% of employees believe they can confidently identify phishing emails, nearly half have fallen for scams. The study, which surveyed professionals across the UK, USA, Germany, France, Netherlands, and South Africa, reveals a growing gap between confidence and competence in identifying cyber threats.

Notably, South Africa leads with both the highest confidence levels and the highest scam victimization rate, suggesting that misplaced confidence can create a false sense of security, leaving employees more susceptible to advanced cyber threats. Beyond training, the report highlights the importance of fostering a transparent security culture. While 56% of employees feel “very comfortable” reporting security concerns, 1 in 10 still hesitate due to fear or uncertainty.

Key findings from the survey included:

●      86% of employees believe they can confidently identify phishing emails.

●      24% have fallen for phishing attacks.

●      12% have been tricked by deepfake scams.

●      68% of South African employees reported falling for scams—the highest victimisation rate.

“Overconfidence fosters a dangerous blind spot—employees assume they are scam-savvy when, in reality, cybercriminals can exploit more than 30 susceptibility factors, including psychological and cognitive biases, situational awareness gaps, behavioural tendencies, and even demographic traits,” said Anna Collard, SVP content strategy and evangelist, KnowBe4. “With phishing, AI-driven social engineering, and deepfake scams evolving rapidly, organisations must counteract misplaced confidence with hands-on, scenario-based training. True cyber resilience comes not from assumed knowledge but from continuous education, real-world testing, and an adaptive security mindset.”

The survey findings emphasize the critical need for personalised, relevant, and adaptive training that caters to employees’ individual needs while considering regional influences and evolving cyber tactics. Organisations that prioritise this approach will not only reduce risk but also cultivate a genuine security-first culture. In the battle against digital deception, the most dangerous mistake employees can make is assuming they are immune.

The survey findings, “Security Approaches Around the Globe: The Confidence Gap,” is available for download here.

The post KnowBe4 research reveals a confidence gap in cybersecurity, putting organisations at risk appeared first on IT Security Guru.

MIWIC25 – Eva Benn, Chief of Staff, Strategy – Microsoft Red Team

0

Organised by Eskenzi PR in media partnership with the IT Security Guru, the Most Inspiring Women in Cyber Awards aim to shed light on the remarkable women in our industry. The following is a feature on one of 2024’s Top 20 women selected by an esteemed panel of judges. Presented in a Q&A format, the nominee’s answers are written in their own words.

In 2025, the awards were sponsored by BT, KnowBe4, Mimecast, Varonis, Bridewell, Certes, Pentest Tools and AI Dionic. Community partners included WiCyS UK & Ireland Affiliate, Women in Tech and Cybersecurity Hub (WiTCH), CyBlack and Inclusive InCyber (LT Harper). 

What does your job role entail?

As Chief of Staff for Microsoft Red Team, I drive the strategy behind how we innovate and evolve red teaming—transforming it from purely technical operations into a strategic security pillar that directly shapes Microsoft’s overall security direction. My role is to define what modern red teaming looks like—not just for Microsoft, but for the industry—as this space rapidly evolves.
Microsoft is pioneering and reimagining how red teams operate in this new era, ensuring that every finding leads to measurable, lasting fixes. With the rise of AI and the Security Graph, we are shifting from product-based technical assessments to precision-driven security, uncovering micro-level vulnerabilities that could have massive impact. I also lead the vision for extending red teaming beyond human limitations, not only within Microsoft but across our customer ecosystem, helping to shape the future of collective defense. This includes driving strategies to accelerate remediation and push toward a self-healing security model—where threats are dynamically identified, understood, and resolved at scale.

How did you get into the cybersecurity industry?

I never set out to work in cybersecurity—I stumbled into it by accident. But looking back, I realize I’d been preparing for it all along. After leaving my small town in Bulgaria with just $50 and a dream for something bigger, I spent years relentlessly building my tech skills, working nights in restaurants and weekends for free on small tech projects just to prove myself. I was exhausted, broke, and doubted myself constantly. There were so many moments I almost gave up. But I didn’t.
And then, one day, cybersecurity found me. An unexpected opportunity appeared, and even though I felt unqualified and terrified, I took the leap. That leap changed everything.
Cybersecurity became the perfect place for my grit and curiosity to collide—a field where I could protect people, solve complex problems, and make a real impact. Today, I lead strategy for the Microsoft Red Team, helping shape the future of red teaming not just for Microsoft, but for the entire industry.
If my story proves anything, it’s this: you don’t have to see the whole path. You just have to keep going. Keep building. Keep believing. Because sometimes the thing you never planned for becomes the thing you were born to do.

What is one of the biggest challenges you have faced as a woman in the tech/cyber industry and how did you overcome it?

One of the biggest challenges I faced as a woman in cybersecurity was overcoming deep imposter syndrome—believing I didn’t belong in the room. Coming from a small town in Bulgaria with no role models in tech, I carried years of conditioning that told me success in this field wasn’t meant for people like me. Early in my career, I often felt like I had to blend in—dressing, speaking, and acting like the men around me just to be taken seriously.
What helped me overcome it was realizing that my unique story, my perspective, and my authenticity are exactly what make me strong. I found inspiration through the few women ahead of me who owned their space unapologetically, and they helped me see what was possible. Now, I make it my mission to be that example for others—showing women that we don’t have to change who we are to succeed in cybersecurity. We belong here exactly as we are.

What are you doing to support other women, and/or to increase diversity, in the tech/cyber industry?

I’m deeply committed to helping women and underrepresented groups break into cybersecurity and thrive. Over the years, I have served—and continue to serve—on various leadership boards and advisory groups to help shape the future of the industry and drive meaningful community impact. This includes organizations like OWASP Seattle, the EC-Council Certified Ethical Hacker (CEH) Advisory Board, Women in Cybersecurity (WiCyS), and ISACA Puget Sound.
As Co-Founder of Women in Tech Global and a leader in Microsoft Women in Security, I’ve helped build global communities that give women access to career opportunities, speaking platforms, and technical growth.
I also actively mentor young women, guiding them through career transitions, helping them overcome self-doubt, and supporting them as they step into leadership roles they may not have thought possible.
Beyond mentorship, I’m passionate about modernizing cybersecurity education. Through projects like The Hacking Games, I’m helping inspire the next generation of diverse talent by reimagining how we teach ethical hacking to Gen Z.
For me, this work is personal. I know how hard it is to build a path where none exists. That’s why I’m committed to being the example I wish I’d had—and ensuring no woman feels like she has to do it alone.

Who has inspired you in your life/career? 

I’ve been most inspired by the women who dared to take up space in rooms where they were never expected to belong—and did it unapologetically. Seeing strong women lead in cybersecurity with both confidence and authenticity showed me that we don’t have to trade our uniqueness to succeed in this industry. Their example helped me realize that my story, my background, and even my struggles are my power.
But beyond individual people, I’m inspired by the millions of women who haven’t yet been told they belong here. I think of the little girls staring out of windows in small towns, just like I once did, wondering if there’s more to life than what’s been handed to them. They inspire me to keep going, keep building, and keep showing up—because if I can be proof for even one of them that a different future is possible, then every challenge I’ve faced was worth it.
We need more examples to emulate—more women leading, succeeding, and owning their space—so others can see themselves in us. That’s why what we’re doing here is so important. Visibility creates possibility. And together, we’re redefining what’s possible for the next generation.

The post MIWIC25 – Eva Benn, Chief of Staff, Strategy – Microsoft Red Team appeared first on IT Security Guru.

New OBSCURE#BAT Malware Targets Users with Fake Captchas

0

OBSCURE#BAT malware campaign exploits social engineering & fake software downloads to evade detection, steal data and persist on systems. Learn how to stay safe.

Cybersecurity researchers at Securonix Threat Labs have spotted a new malware campaign called OBSCURE#BAT. This campaign uses social engineering tactics and fake software downloads to trick users into executing malicious code, enabling attackers to infect systems and avoid detection.

The attack begins with a user executing a malicious batch file, which is often disguised as legitimate security features or malicious software downloads. Once executed, the malware establishes itself by creating scheduled tasks and modifying the Windows Registry to operate even after the system reboots.

The malware then uses a user-mode rootkit to hide its presence on the system, making it difficult for users and security tools to detect. The rootkit can hide files, registry entries, and running processes, allowing the malware to embed further into legitimate system processes and services.

Fake Captchas and Malicious Software Downloads

As seen in recent similar campaigns, hackers have been leveraging typosquatting and social engineering tactics to present fake products as legitimate within their supply chains. This includes:

Masquerading Software: Attackers also disguise their malicious files as trustworthy applications, such as Tor Browser, SIP (VoIP) software or Adobe products, increasing the chances that users will execute them.

Fake Captchas: Users may encounter a fake captcha, especially the Cloudflare captcha feature, that tricks them into executing malicious code. These captchas often originate from typosquatted domains, resembling legitimate sites. When users attempt to pass the captcha, they are prompted to execute code that has been copied to their clipboard.

Fake captcha used in the attack (Screenshot Securonix)

Evasion Techniques

The OBSCURE#BAT malware campaign is a major cybersecurity threat to both individuals and organizations, primarily due to its ability to compromise sensitive data through advanced evasion techniques. These include:

API Hooking: By using user-mode API hooking, the malware can hide files, registry entries, and running processes. This means that common tools like Windows Task Manager and command-line commands cannot see certain files or processes, particularly those that fit a specific naming scheme (e.g., those starting with “$nya-“).

Registry Manipulation: It registers a fake driver (ACPIx86.sys) in the registry to ensure further persistence. This driver is linked to a Windows service, allowing it to execute malicious code without raising suspicion.

Stealthy Logging: The malware monitors user interactions, such as clipboard activity, and regularly writes this data to encrypted files, further complicating detection and analysis.

Countries Targeted in the OBSCURE#BAT Attack

According to Securonix’s detailed technical report, shared with Hackread.com before its official release on Thursday, the malware appears to be financially motivated or aimed at espionage, targeting users primarily in the following countries:

  • Canada
  • Germany
  • United States
  • United Kingdom

How to Protect Yourself from the OBSCURE#BAT Attack

While common sense is a must when downloading software or clicking on unknown links, users and organizations should also follow these key security measures to protect their systems from OBSCURE#BAT and similar threats:

  • Clean downloads: Only download software from legitimate websites, and be wary of fake captchas and other social engineering tactics.
  • Use endpoint logging: For organizations, deploy endpoint logging tools, such as Sysmon and PowerShell logging, to enhance detection and response capabilities.
  • Monitor for suspicious activity: Regularly monitor systems for suspicious activity, such as unusual network connections or process behaviour.
  • Use threat detection tools: Consider using threat detection tools, such as behavioural analysis and machine learning-based systems, to detect and respond to threats like OBSCURE#BAT.


KnowBe4 Wins Cybersecurity Company of the Year at the 2025 teissAwards

0

KnowBe4, the world-renowned cybersecurity platform that comprehensively addresses human risk management, today announced that it has been awarded first place in this year’s teissAwards Cybersecurity Company of the Year category for enterprise organisations.

The teissAwards celebrate excellence in cyber and information security, recognising the outstanding contributions of vendors and technologies over the past year.

Winning first place in the Cybersecurity Company of the Year category underscores KnowBe4’s commitment to innovation, product development, and addressing the human element in cybersecurity. It also reflects the organisation’s dedication to improving cyber resilience by placing the customer at the heart of its operations.

Over the past 12 months, KnowBe4 has consistently integrated advanced AI-driven capabilities into its platform, providing organisations with an innovative approach to managing human risk in real-time. This enhancement highlights KnowBe4’s ongoing commitment to adapting its offerings to meet the evolving demands of the security landscape, particularly in addressing vulnerabilities stemming from human error.

“This recognition is a testament to our team’s hard work and dedication to empowering organisations to manage human risk effectively,” said Stu Sjouwerman, CEO of KnowBe4. “Our platform’s success comes from combining innovative technology with effective human risk management, helping organisations build a strong security culture from the ground up. We remain committed to continuous innovation and providing our customers with the tools and knowledge they need to stay ahead of evolving cyber threats.”

For more information on the teissAwards, please visit here. For more information on KnowBe4, please visit here.

The post KnowBe4 Wins Cybersecurity Company of the Year at the 2025 teissAwards appeared first on IT Security Guru.

AI Chatbot DeepSeek R1 Can Be Manipulated to Create Malware

0

Tenable Research reveals that AI chatbot DeepSeek R1 can be manipulated to generate keyloggers and ransomware code. While not fully autonomous, it provides a playground for cybercriminals to refine and exploit its capabilities for malicious purposes.

A new analysis from cybersecurity firm Tenable Research reveals that the open-source AI chatbot DeepSeek R1 can be manipulated to generate malicious software, including keyloggers and ransomware.

Tenable’s research team set out to assess DeepSeek’s ability to create harmful code. They focused on two common types of malware: keyloggers, which secretly record keystrokes, and ransomware, which encrypts files and demands payment for their release.

While the AI chatbot isn’t producing fully functional malware “out of the box,” and requires proper guidance and manual code corrections to produce a fully working keylogger; the research suggests that it could lower the barrier to entry for cybercriminals.

Initially, like other large language models (LLMs), DeepSeek stood up to its built-in ethical guidelines and refused direct requests to write malware. However, the Tenable researchers employed a “jailbreak” technique tricking the AI by framing the request for “educational purposes” to bypass these restrictions.

The researchers leveraged a key part of DeepSeek’s functionality: its “chain-of-thought” (CoT) capability. This feature allows the AI to explain its reasoning process step-by-step, much like someone thinking aloud while solving a problem. By observing DeepSeek’s CoT, researchers gained insights into how the AI approached malware development and even recognised the need for stealth techniques to avoid detection.

DeepSeek Building Keylogger

When tasked with building a keylogger, DeepSeek first outlined a plan and then generated C++ code. This initial code was flawed and contained several errors that the AI itself could not fix. However, with a few manual code adjustments by the researchers, the keylogger became functional, successfully logging keystrokes to a file.

Taking it a step further, the researchers prompted DeepSeek to help enhance the malware by hiding the log file and encrypting its contents, which it managed to provide code for, again requiring minor human correction.

This screenshot displays the keylogger created by DeepSeek running in the Task Manager, alongside the log file it generated. (Credit: Tenable Research)

DeepSeek Building Ransomware

The experiment with ransomware followed a similar pattern. DeepSeek laid out its strategy for creating file-encrypting malware. It produced several code samples designed to perform this function, but none of these initial versions would compile without manual editing.

Nevertheless, after some tweaking by the Tenable team, some of the ransomware samples were made operational. These functional samples included features for finding and encrypting files, a method to ensure the malware runs automatically when the system starts, and even a pop-up message informing the victim about the encryption.

DeepSeek Struggled with Complex Malicious Tasks

While DeepSeek demonstrated an ability to generate the basic building blocks of malware, Tenable’s findings highlight that it’s far from a push-button solution for cybercriminals. Creating effective malware still requires technical knowledge to guide the AI and debug the resulting code. For instance, DeepSeek struggled with more complex tasks like making the malware process invisible to the system’s task manager.

However, despite these limitations, Tenable researchers believe that access to tools like DeepSeek could accelerate malware development activities. The AI can provide a significant head start, offering code snippets and outlining necessary steps, which could be particularly helpful for individuals with limited coding experience looking to engage in cybercrime.

“DeepSeek can create the basic structure for malware,” explains Tenable’s technical report shared with Hackread.com ahead of its publishing on Thursday. “However, it is not capable of doing so without additional prompt engineering as well as manual code editing for more advanced features.” The AI struggled with more complex tasks like completely hiding the malware’s presence from system monitoring tools.

Trey Ford, Chief Information Security Officer at Bugcrowd, a San Francisco, Calif.-based leader in crowdsourced cybersecurity commented on the latest development emphasising that AI can aid both good and bad actors, but security efforts should focus on making cyberattacks more costly by hardening endpoints rather than expecting EDR solutions to prevent all threats.

Criminals are going to be criminals – and they’re going to use every tool and technique available to them. GenAI-assisted development is going to enable a new generation of developers – for altruistic and malicious efforts alike, said Trey,

As a reminder, the EDR market is explicitly endpoint DETECTION and RESPONSE – they’re not intended to disrupt all attacks. Ultimately, we need to do what we can to drive up the cost of these campaigns by making endpoints harder to exploit – pointedly they need to be hardened to CIS 1 or 2 benchmarks, he explained.


LockBit Developer Rostislav Panev Extradited from Israel to the US

0

The US extradites LockBit ransomware developer, Rostislav Panev, from Israel. Learn how his arrest impacts the fight against cybercrime and understand LockBit’s devastating impact.

The United States has achieved a significant victory in its ongoing battle against cybercrime with the extradition of Rostislav Panev, a 51-year-old dual Russian and Israeli national, who is accused of being a key developer of the notorious LockBit ransomware. 

Panev is alleged to have been deeply involved in the development and maintenance of the LockBit ransomware from its inception around 2019 until at least February 2024. During this period, he and his co-conspirators are believed to have transformed LockBit into what the Department of Justice (DoJ) describes as “the most active and destructive ransomware group in the world.”

The group, operating as a ransomware-as-a-service (RaaS) model, is believed to have targeted over 2,500 victims across at least 120 countries, including approximately 1,800 victims within the United States. These victims spanned across critical sectors, encompassing hospitals, schools, and government agencies, causing widespread disruption and financial losses.

The financial impact of LockBit’s activities is staggering. According to the DoJ, the group successfully extracted at least $500 million in ransom payments, while causing billions of dollars in additional losses through lost revenue and recovery costs. Evidence uncovered by law enforcement indicates Panev’s direct involvement in the development of tools that facilitated these attacks.

“The LockBit group attacked more than 2,500 victims in at least 120 countries around the world, including 1,800 in the United States. Their victims ranged from individuals and small businesses to multinational corporations, including hospitals, schools, nonprofit organizations, critical infrastructure, and government and law-enforcement agencies,” the DoJ’s press release revealed.

Authorities discovered administrator credentials on his computer, granting access to a dark web repository containing the source code for multiple versions of the LockBit builder, which enabled affiliates to generate custom malware.

They also found source code for the StealBit tool, used to exfiltrate stolen data, and evidence of direct communications between Panev and Dmitry Yuryevich Khoroshev, the alleged primary administrator of LockBit. They were charged by the DoJ, discussing development work on the LockBit builder and control panel.

Furthermore, financial records revealed cryptocurrency transfers exceeding $230,000 from Khoroshev to Panev between June 2022 and February 2024, providing concrete evidence of their financial relationship. In interviews with Israeli authorities, Panev reportedly admitted to performing coding, development, and consulting work for LockBit, confirming the regular cryptocurrency payments he received.

Panev’s extradition from Israel, where he was apprehended in August 2024 following a US provisional arrest request, marks a crucial step in holding individuals accountable for their roles in the devastating ransomware attacks that have plagued organizations worldwide. He has since appeared before a US magistrate and will remain detained pending his trial.

Top/Featured Image: Pixabay/Maxleron


Keeper Security Gives Its Partner Programme an update

0

Keeper Security has announced the launch of the updated Keeper Partner Programme. The updated programme is designed to help organisations of all sizes expand their cybersecurity offerings and unlock new revenue opportunities. 

As businesses increasingly adopt PAM solutions to protect privileged credentials, secrets and remote access, Keeper’s programme provides comprehensive partner tiers, extensive training and a lucrative incentive structure to help partners accelerate growth. With distribution partners around the globe, Keeper is committed to empowering its partners with the tools they need to thrive in today’s cybersecurity landscape.

Scott Unger, Director of Global Channel Account Management at Keeper Security, said: “Keeper’s Partner Programme was built to ensure our partners have the competitive advantage they need in a rapidly evolving cybersecurity market. With brand new KeeperPAM sales, demo and implementation training through Keeper University, tiered pricing and strong financial incentives – including world-class channel marketing and proposal-based MDF programmes – partners can rapidly grow their business while delivering best-in-class privileged access management.” 

Key Benefits of the 2025 Keeper Partner Programme

With cyber threats escalating, organisations are prioritising privileged access security as a core defence strategy. The Keeper Partner Programme is designed to meet this demand while helping partners maximise revenue potential.

  • Expanded Revenue Streams: As businesses shift towards modern, zero-trust PAM solutions, Keeper provides partners – especially enterprise-focused resellers – with a high-growth, high-margin security offering.
  • Comprehensive Training & Certifications: Free access to Keeper Sales Professional (KSP), Keeper Demo Expert (KDE) and KeeperPAM Implementation (KPI) certifications to enhance both sales and technical expertise.
  • Flexible Partner Tiers: Four levels – Authorised, Silver, Gold and Platinum – offer progressively greater benefits, including tiered discounts and revenue-sharing opportunities.
  • Marketing and Growth Support: Silver-level and higher partners gain access to Market Development Funds (MDF) to fuel demand generation and drive customer acquisition. 
  • Global SPIFF Program: A structured incentive program rewarding partners for closed/won deals, with four tiers of compensation to maximise earnings.

Helping Partners Win in Cybersecurity

With best-in-class customer retention, Keeper is the trusted cybersecurity partner for organisations worldwide. Its unified PAM platform – spanning enterprise password management, secrets management, connection management, zero-trust network access and remote browser isolation – helps businesses of all sizes protect their most sensitive information and resources.

The Keeper Partner Program is now open for enrolment. Partners ready to accelerate their business and capitalise on the increasing demand for PAM solutions can apply through the Keeper Partner Portal

The post Keeper Security Gives Its Partner Programme an update appeared first on IT Security Guru.

Best WordPress Plugins for Cybersecurity 2025

0

WordPress is a great platform for building websites, but it is also a common target for hackers. Keeping your website safe is important to protect your data, visitors, and business. Cybercrime is a growing problem, with 39% of UK businesses experiencing cyber attacks in 2023.

Using security plugins can help reduce risks and keep your site safe from threats and are essential for any wordpress site, and even more so if your site has personal customer data on it. We speak with Sierra Six, a leading SEO agency in Essex to get their recommendations on the best plugins for security and to reduce cyber attacks.

Wordfence Security

Wordfence Security is one of the most popular cybersecurity plugins for WordPress. It provides a firewall that blocks malicious traffic before it reaches your website. It also has a malware scanner that checks your site for viruses and suspicious code. If anything harmful is found, Wordfence will alert you so you can take action. Another useful feature is its login protection, which helps stop hackers from guessing passwords.

Sucuri Security

Sucuri Security is another excellent plugin that protects your site from hackers. It offers a website firewall, which blocks attacks before they can do any harm. The plugin also scans your website for malware and removes it if necessary. If your site ever gets hacked, Sucuri provides help to clean it up. This is useful because recovering from a hack can be difficult without expert support.

iThemes Security

iThemes Security is designed to strengthen your WordPress site against attacks. It protects against brute force attacks, where hackers try thousands of password combinations to break into your site. The plugin also scans for vulnerabilities and fixes weak points in your website’s security. Another feature is two-factor authentication, which adds an extra layer of protection when logging in.

All In One WP Security & Firewall

This plugin is great for beginners who want an easy way to secure their website. It comes with a firewall to block suspicious traffic and a login lockdown feature to stop repeated failed login attempts. The plugin also scans for weak passwords and forces users to create stronger ones. Since weak passwords are responsible for 81% of hacking-related breaches, this is an important feature.

Conclusion

Cyber threats are increasing, and UK businesses must take website security seriously. Using security plugins like Wordfence, Sucuri, iThemes Security, and All In One WP Security can help protect your WordPress site from hackers and malware. Regular updates and strong passwords also play a key role in keeping your site safe. By taking these steps, you can reduce the risk of cyber attacks and keep your website secure.

The post Best WordPress Plugins for Cybersecurity 2025 appeared first on IT Security Guru.

FBI and CISA Urge Enabling 2FA to Counter Medusa Ransomware

0

FBI and CISA warn of Medusa ransomware attacks impacting critical infrastructure. Learn about Medusa’s tactics, prevention tips, and why paying ransoms is discouraged. 

A joint advisory by the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) has revealed a particularly aggressive digital threat- a criminal operation, known as the Medusa ransomware gang.

According to the advisory (#StopRansomware: Medusa Ransomware), Medusa, a ransomware-as-a-service (RaaS) group first identified in June 2021, has become a serious threat to critical infrastructure sectors in the United States.

Authorities have identified a pattern of attacks affecting organizations across diverse sectors, including healthcare, education, law firms, insurance providers, technology companies, and manufacturers. Their victims include Bell Ambulance in Wisconsin, CPI Books, Customer Management Systems, and Heartland Health Center. The sheer number of victims, surpassing 300 as of December 2024, highlights the scope of this threat. 

The actors utilize different methods to infiltrate systems, including deceptive communications (phishing) and exploiting unpatched software vulnerabilities (e.g. ScreenConnect authentication bypass CVE-2024-1709). Once inside a network, they use legitimate system administration tools to move undetected. 

They employ a unique approach to extortion, which involves encrypting victims’ data and rendering it inaccessible, along with threatening to expose sensitive information if their demands are not met. This tactic creates immense pressure on targeted organizations, forcing them to consider paying the ransom to prevent public disclosure of their data.  

“Medusa developers typically recruit initial access brokers (IABs) in cybercriminal forums and marketplaces to obtain initial access to potential victims. Potential payments between $100 USD and $1 million USD are offered to these affiliates with the opportunity to work exclusively for Medusa,” the advisory (PDF) warns.

Medusa uses advanced techniques to conceal its activities, such as remote access software to control compromised systems and using encrypted scripts and tools to create hidden connections to its command servers, thereby evading security software detection. 

A particularly concerning aspect of this operation is the aggressive nature of their extortion tactics. Victims are given a very short window of time to pay the ransom, often just two days. They are pressured through direct communication, and if they fail to comply, their stolen data is made available on darknet websites. There are even reports that paying the initial ransom might not guarantee the end of the ordeal, as further demands may follow.

In response to this growing threat, federal agencies have emphasized the need for ensuring regular software updates, implementing reliable access controls, and using multi-factor authentication. They also advise monitoring network activity for suspicious behaviour, limiting the use of remote desktop protocols, and segmenting networks to contain any potential breaches. 

Moreover, users are urged to enable two-factor authentication (2FA) for webmail and VPNs as social engineering is a significant factor in these attacks. All organizations affected by the Medusa ransomware are requested to report the incidents to law enforcement and to avoid paying any ransom demands.


Popular Posts

My Favorites

Relaxation Is A Must For Me

0
Remember, a Jedi can feel the Force flowing through him. I can't get involved! I've got work to do! It's not that I like...