CyberSecurity

Home CyberSecurity

Strengthening the Human Firewall: Prioritising Mental Health in Cybersecurity Teams

0

There are few places more challenging than the frontlines of war.

Danger lurks at every corner while enemy fire is a persistent threat. It’s a hostile and stress-induced environment that demands unwavering focus, and where a single error can have disastrous consequences.

Fortunately, the frontlines of war are a place most people won’t encounter today.

But the environment isn’t too contrasting to working on the frontlines of cyber defence.

Cybersecurity professionals operate in one of the most high-pressure environments today.

Threats bombard organisations incessantly, security alerts pour in by the minute, while teams often contend with constrained resources and budgets. Despite this, they bear the immense responsibility of defending their organisations against increasingly sophisticated cyber threats.

Cybersecurity has evolved into one of the most mission-critical departments in business, acting as an organisation’s frontline defence in the increasingly hostile digital landscape.

Cyberattacks have evolved from mere technical nuisances, into threats that can threaten the solvency of an organisation, causing financial and reputational devastation. Security teams must remain constantly vigilant to ensure no attack escalates into a full-scale breach or ransomware incident.

This immense responsibility can weigh heavily on cybersecurity professionals. Many feel that the future and safety of the entire organisation, as well as its customers and stakeholders, rest solely on their shoulders.

Unsurprisingly, burnout in cybersecurity is a prevalent and growing concern.

Security teams frequently feel overwhelmed by the pressure, working long hours with limited resources, while defending against a relentless and ever-evolving threat landscape.

This level of stress is unsustainable and, if unaddressed, can lead to exhaustion, decreased performance and even serious mental health issues.

Recent data from SoSafe revealed that sixty-eight percent of security professionals in Europe are experiencing burnout, with 32% experiencing high burnout levels and 36% experiencing a moderate degree.

This data underscores the severity of burnout in cybersecurity and reinforces the need for organisations to strive to do more to better support their teams.

So, what can organisations do to strengthen their security teams, ensuring their mental health is prioritised and they themselves feel protected?

  • Encourage Open Communication: Establishing open channels for security teams to voice their concerns is essential. Employees should feel comfortable discussing feelings of stress or burnout with HR, management or colleagues. Additionally, other departments should be educated about the pressures security teams face to prevent unnecessary strain or unrealistic demands.
  • Regular Check-Ins from Leadership: Management and HR must regularly engage with cybersecurity professionals, not just to assess performance but to understand their personal well-being. These check-ins should be a structured, ongoing initiative, demonstrating a leadership commitment to mental health.
  • Identify and Address Workload Issues: If team members are feeling overwhelmed, it’s crucial to assess why. Are there bottlenecks that can be alleviated? Could additional resources be allocated? Would time off help? Understanding the root causes of stress can lead to actionable solutions.

In today’s increasingly pressured security landscape, organisations must take proactive steps to support their security teams. Failing to do so can not only jeopardise employee well-being but also expose the organisation to increased security risks.

Ignoring burnout and placing too much pressure on security teams, won’t help the organisation. Over stretched staff lead to reduced attention, increased errors, and, ultimately, compromised systems.

By supporting those on the frontlines of digital defence, we ensure stronger, more resilient organisations that are better equipped to face the evolving cyber threat landscape.

At this year’s DTX Manchester, I will be participating in a keynote panel session alongside the Office for Nuclear Regulation and Community Mental Health Services, where we will discuss how to strengthen the human firewall and prioritise mental health in cybersecurity teams.

 During the session we will discuss how managers and colleagues can identify signs of mental health struggles, provide advice on effective ways to approach, talk to, and support colleagues who may be masking or exhibiting concerning behaviour and  also discussing the strategies and resources available to foster resilience in high-pressure environments and support employee mental health.

Join me for the session, which will take place on Wednesday 2nd April from 12:10PM – 12:45PM.

By Jonathan Marnoch, Principle Cyber Architect, Jaguar Land Rover

The post Strengthening the Human Firewall: Prioritising Mental Health in Cybersecurity Teams appeared first on IT Security Guru.

New Microsoft 365 Phishing Scam Tricks Users Into Calling Fake Support

0

Cybersecurity company Guardz is warning Microsoft 365 users about a new phishing scam backed by social engineering tactics making the rounds. This isn’t an average scam as attackers trick people into calling fake support numbers using Microsoft 365 infrastructure, putting their login details and accounts at risk.

How the Attack Works

Unlike typical phishing attempts using typosquatted domains, fake or misspelled email addresses, this campaign operates from within Microsoft’s cloud services. This makes the phishing attempts look convincing, easily bypassing email authentication checks like SPF, DKIM, and DMARC.

The attack also utilizes legitimate Microsoft domains (onmicrosoft.com)and manipulates tenant settings. The scammers also set up multiple Microsoft 365 organization tenants, either by creating new ones or compromising existing accounts. Each tenant has a specific role within the attack framework, allowing the threat actors to operate with anonymity.

One of these fake organizations is used to trigger actions that look like normal business activity, such as starting a subscription. Another fake organization is given a name that includes a fake warning message and a phone number. For example, the organization’s name might appear as something like, “(Microsoft Corporation) Your subscription has been successfully purchased… If you did not authorize this transaction, please call .”

The Microsoft 365 phishing email used in the scam (Screenshot credit: Guardz)

When the attackers trigger an action, like a subscription change, Microsoft 365 automatically sends out legitimate emails about it. Because of how the attackers set up their fake organizations, these official Microsoft emails can end up including the fake warning message and phone number in the sender’s information or organization details.

So, you might receive an email that looks like it’s really from Microsoft, confirming a purchase you didn’t make. The email itself is real in the sense that it came through Microsoft’s systems.

But the alarming message asking you to call a number to dispute the charge? That’s the scam. If someone calls the number, they’re connected with the attackers, who then try to steal sensitive information like passwords or trick them into installing malicious software.

Why This Scam Is Effective

This approach is effective for several reasons. Since the emails come from Microsoft’s legitimate systems, they often pass standard security checks that look for fake domains or suspicious links. The emails look official, complete with Microsoft branding. And the urgent message about an unauthorized charge can cause people to act quickly without thinking.

According to Guardz’s report shared with Hackread.com ahead of its publishing on Thursday, this attack is tricky to spot because it uses legitimate services for malicious purposes. Traditional email security measures that check sender reputations or look for fake links might miss this.

The Possible Impact

The implications of this phishing campaign could be significant. Businesses and individuals who fall victim can suffer from credential theft, financial loss, account takeovers or installing malware on their systems. The attack’s dependence on voice channels also makes it more challenging to detect and prevent, as fewer security controls exist in direct phone communications.

Protecting Yourself and Your Business

A few key steps can help prevent these scams. Be wary of unexpected emails about purchases or subscriptions, even if they appear to come from Microsoft. Never call phone numbers listed in emails if something feels off, always verify contact details on Microsoft’s official website.

Pay close attention to sender details; while an email might look legitimate, unusual organization names or urgent wording can be red flags. Also, be cautious of messages from unfamiliar “.onmicrosoft.com” domains. Most importantly, train yourself and your employees to recognize phishing tactics, especially those designed to create a sense of urgency around financial threats.

  1. Fake Facebook Copyright Notices to Hijacking Accounts
  2. Hackers Using Fake YouTube Links to Steal Login Credentials
  3. PayPal Phishing Exploits MS365 Tools, Genuine-Looking Emails
  4. Phishing Attacks Can Bypass Microsoft 365 Email Safety Warnings
  5. Astaroth Phishing Kit Bypasses 2FA, Hijacks Gmail, Microsoft Emails


New OBSCURE#BAT Malware Targets Users with Fake Captchas

0

OBSCURE#BAT malware campaign exploits social engineering & fake software downloads to evade detection, steal data and persist on systems. Learn how to stay safe.

Cybersecurity researchers at Securonix Threat Labs have spotted a new malware campaign called OBSCURE#BAT. This campaign uses social engineering tactics and fake software downloads to trick users into executing malicious code, enabling attackers to infect systems and avoid detection.

The attack begins with a user executing a malicious batch file, which is often disguised as legitimate security features or malicious software downloads. Once executed, the malware establishes itself by creating scheduled tasks and modifying the Windows Registry to operate even after the system reboots.

The malware then uses a user-mode rootkit to hide its presence on the system, making it difficult for users and security tools to detect. The rootkit can hide files, registry entries, and running processes, allowing the malware to embed further into legitimate system processes and services.

Fake Captchas and Malicious Software Downloads

As seen in recent similar campaigns, hackers have been leveraging typosquatting and social engineering tactics to present fake products as legitimate within their supply chains. This includes:

Masquerading Software: Attackers also disguise their malicious files as trustworthy applications, such as Tor Browser, SIP (VoIP) software or Adobe products, increasing the chances that users will execute them.

Fake Captchas: Users may encounter a fake captcha, especially the Cloudflare captcha feature, that tricks them into executing malicious code. These captchas often originate from typosquatted domains, resembling legitimate sites. When users attempt to pass the captcha, they are prompted to execute code that has been copied to their clipboard.

Fake captcha used in the attack (Screenshot Securonix)

Evasion Techniques

The OBSCURE#BAT malware campaign is a major cybersecurity threat to both individuals and organizations, primarily due to its ability to compromise sensitive data through advanced evasion techniques. These include:

API Hooking: By using user-mode API hooking, the malware can hide files, registry entries, and running processes. This means that common tools like Windows Task Manager and command-line commands cannot see certain files or processes, particularly those that fit a specific naming scheme (e.g., those starting with “$nya-“).

Registry Manipulation: It registers a fake driver (ACPIx86.sys) in the registry to ensure further persistence. This driver is linked to a Windows service, allowing it to execute malicious code without raising suspicion.

Stealthy Logging: The malware monitors user interactions, such as clipboard activity, and regularly writes this data to encrypted files, further complicating detection and analysis.

Countries Targeted in the OBSCURE#BAT Attack

According to Securonix’s detailed technical report, shared with Hackread.com before its official release on Thursday, the malware appears to be financially motivated or aimed at espionage, targeting users primarily in the following countries:

  • Canada
  • Germany
  • United States
  • United Kingdom

How to Protect Yourself from the OBSCURE#BAT Attack

While common sense is a must when downloading software or clicking on unknown links, users and organizations should also follow these key security measures to protect their systems from OBSCURE#BAT and similar threats:

  • Clean downloads: Only download software from legitimate websites, and be wary of fake captchas and other social engineering tactics.
  • Use endpoint logging: For organizations, deploy endpoint logging tools, such as Sysmon and PowerShell logging, to enhance detection and response capabilities.
  • Monitor for suspicious activity: Regularly monitor systems for suspicious activity, such as unusual network connections or process behaviour.
  • Use threat detection tools: Consider using threat detection tools, such as behavioural analysis and machine learning-based systems, to detect and respond to threats like OBSCURE#BAT.


LockBit Developer Rostislav Panev Extradited from Israel to the US

0

The US extradites LockBit ransomware developer, Rostislav Panev, from Israel. Learn how his arrest impacts the fight against cybercrime and understand LockBit’s devastating impact.

The United States has achieved a significant victory in its ongoing battle against cybercrime with the extradition of Rostislav Panev, a 51-year-old dual Russian and Israeli national, who is accused of being a key developer of the notorious LockBit ransomware. 

Panev is alleged to have been deeply involved in the development and maintenance of the LockBit ransomware from its inception around 2019 until at least February 2024. During this period, he and his co-conspirators are believed to have transformed LockBit into what the Department of Justice (DoJ) describes as “the most active and destructive ransomware group in the world.”

The group, operating as a ransomware-as-a-service (RaaS) model, is believed to have targeted over 2,500 victims across at least 120 countries, including approximately 1,800 victims within the United States. These victims spanned across critical sectors, encompassing hospitals, schools, and government agencies, causing widespread disruption and financial losses.

The financial impact of LockBit’s activities is staggering. According to the DoJ, the group successfully extracted at least $500 million in ransom payments, while causing billions of dollars in additional losses through lost revenue and recovery costs. Evidence uncovered by law enforcement indicates Panev’s direct involvement in the development of tools that facilitated these attacks.

“The LockBit group attacked more than 2,500 victims in at least 120 countries around the world, including 1,800 in the United States. Their victims ranged from individuals and small businesses to multinational corporations, including hospitals, schools, nonprofit organizations, critical infrastructure, and government and law-enforcement agencies,” the DoJ’s press release revealed.

Authorities discovered administrator credentials on his computer, granting access to a dark web repository containing the source code for multiple versions of the LockBit builder, which enabled affiliates to generate custom malware.

They also found source code for the StealBit tool, used to exfiltrate stolen data, and evidence of direct communications between Panev and Dmitry Yuryevich Khoroshev, the alleged primary administrator of LockBit. They were charged by the DoJ, discussing development work on the LockBit builder and control panel.

Furthermore, financial records revealed cryptocurrency transfers exceeding $230,000 from Khoroshev to Panev between June 2022 and February 2024, providing concrete evidence of their financial relationship. In interviews with Israeli authorities, Panev reportedly admitted to performing coding, development, and consulting work for LockBit, confirming the regular cryptocurrency payments he received.

Panev’s extradition from Israel, where he was apprehended in August 2024 following a US provisional arrest request, marks a crucial step in holding individuals accountable for their roles in the devastating ransomware attacks that have plagued organizations worldwide. He has since appeared before a US magistrate and will remain detained pending his trial.

Top/Featured Image: Pixabay/Maxleron


Best WordPress Plugins for Cybersecurity 2025

0

WordPress is a great platform for building websites, but it is also a common target for hackers. Keeping your website safe is important to protect your data, visitors, and business. Cybercrime is a growing problem, with 39% of UK businesses experiencing cyber attacks in 2023.

Using security plugins can help reduce risks and keep your site safe from threats and are essential for any wordpress site, and even more so if your site has personal customer data on it. We speak with Sierra Six, a leading SEO agency in Essex to get their recommendations on the best plugins for security and to reduce cyber attacks.

Wordfence Security

Wordfence Security is one of the most popular cybersecurity plugins for WordPress. It provides a firewall that blocks malicious traffic before it reaches your website. It also has a malware scanner that checks your site for viruses and suspicious code. If anything harmful is found, Wordfence will alert you so you can take action. Another useful feature is its login protection, which helps stop hackers from guessing passwords.

Sucuri Security

Sucuri Security is another excellent plugin that protects your site from hackers. It offers a website firewall, which blocks attacks before they can do any harm. The plugin also scans your website for malware and removes it if necessary. If your site ever gets hacked, Sucuri provides help to clean it up. This is useful because recovering from a hack can be difficult without expert support.

iThemes Security

iThemes Security is designed to strengthen your WordPress site against attacks. It protects against brute force attacks, where hackers try thousands of password combinations to break into your site. The plugin also scans for vulnerabilities and fixes weak points in your website’s security. Another feature is two-factor authentication, which adds an extra layer of protection when logging in.

All In One WP Security & Firewall

This plugin is great for beginners who want an easy way to secure their website. It comes with a firewall to block suspicious traffic and a login lockdown feature to stop repeated failed login attempts. The plugin also scans for weak passwords and forces users to create stronger ones. Since weak passwords are responsible for 81% of hacking-related breaches, this is an important feature.

Conclusion

Cyber threats are increasing, and UK businesses must take website security seriously. Using security plugins like Wordfence, Sucuri, iThemes Security, and All In One WP Security can help protect your WordPress site from hackers and malware. Regular updates and strong passwords also play a key role in keeping your site safe. By taking these steps, you can reduce the risk of cyber attacks and keep your website secure.

The post Best WordPress Plugins for Cybersecurity 2025 appeared first on IT Security Guru.

Symantec Demonstrates OpenAI’s Operator Agent in PoC Phishing Attack

0

Symantec’s threat hunters have demonstrated how AI agents like OpenAI’s recently launched Operator could be abused for cyberattacks. While AI agents are designed to boost productivity by automating routine tasks, Symantec’s research shows they could also execute complex attack sequences with minimal human input.

This is a big change from older AI models, which could only provide limited help in making harmful content. Symantec’s research came just a day after Tenable Research revealed that the AI chatbot DeepSeek R1 can be misused to generate code for keyloggers and ransomware.

In Symantec’s experiment, the researchers tested Operator’s capabilities by requesting it to:

  • Obtain their email address
  • Create a malicious PowerShell script
  • Send a phishing email containing the script
  • Find a specific employee within their organization

According to Symantec’s blog post, though the Operator initially refused these tasks citing privacy concerns, researchers found that simply stating they had authorization was enough to bypass these ethical safeguards. The AI agent then successfully:

  • Composed and sent a convincing phishing email
  • Determined the email address through pattern analysis
  • Located the target’s information through online searches
  • Created a PowerShell script after researching online resources

Watch as it’s done:

J Stephen Kowski, Field CTO at SlashNext Email Security+, notes that this development requires organizations to strengthen their security measures: “Organizations need to implement robust security controls that assume AI will be used against them, including enhanced email filtering that detects AI-generated content, zero-trust access policies, and continuous security awareness training.”

While current AI agents’ capabilities may seem basic compared to skilled human attackers, their rapid evolution suggests more sophisticated attack scenarios could soon become reality. This might include automated network breaches, infrastructure setup, and prolonged system compromises – all with minimal human intervention.

This research shows that companies need to update their security strategies because AI tools designed to boost productivity can be misused for harmful purposes.


Modat launches premier product, Modat Magnify for Cybersecurity Professionals

0

The Hague, the Netherlands, March 13th, 2025, CyberNewsWire

Founded in 2024, Modat – the European-crafted, research-driven, AI-powered cybersecurity company, has announced the launch of its premier product, Modat Magnify.   

Designed by and for cybersecurity professionals, the team behind the product aims to speed up the lives of these individuals easier by giving them access to the largest Internet ‘Device DNA’ dataset available. The ‘Device DNA’ catalogues the essential attributes of each internet-connected device to create a unique profile.

  • FAST. AI-powered for unparalleled speed. Continuously scanning the entire internet and identify adversary infrastructure in real-time. 
  • SMART. Research enhances the development of the platform and offers contextualized data, historical context, and predictive insights. 
  • EASY. User-centric UI designed from firsthand experience as cybersecurity professionals From the initial query to the findings result pages, easy-to-filter, read and use.  

“It starts with research to gain insight and build,” says Soufian El Yadmani, CEO & Founder of Modat. “Offensive and defensive professionals shared what solutions they need to be faster and to focus on what they do best. Scanning the internet is just a beginning. Speed, contextual data, and insight is vital to our products and services. Our ‘Device DNA’ gives value in the results to increase proactive efforts and build cyber resilience.” 

“Protecting your country takes clear insight into internet connected devices. Modat helps you to protect your country’s infrastructure with this insight,” emphasized Vincent Thiele, COO & Co-Founder of Modat. “We support communities to improve the health of the Internet and deliver products to help make the internet a safer place.”

Recent research covered by 35+ media outlets Global Impact:

Users can learn more:

Pricing & Access:  

  • FREE:  covers most basic use cases. Solid start for many security professionals 
  • Practitioner: €20/m  
  • Professional: €60/m 
  • Business: €400/m 
  • Enterprise: tailored solutions for more complex needs of organisations and governments 

About Modat

Modat, founded in 2024 is the European-crafted, AI-powered, research-driven cybersecurity company dedicated to helping security professionals outpace adversaries and stay ahead of evolving threats. Their flagship product, Modat Magnify, provides access to the world’s largest Internet “Device DNA” dataset.  

Modat was created by researching, listening to, and directly experiencing the needs and challenges of security professionals. Their products enable the security community by giving access to unparalleled speed, contextualized data, and predictive insights.  

By design, the Modat Magnify platform helps offensive and defensive professionals by giving them a fast, smart, easy way to stop searching and start finding. Our ‘Device DNA’ catalogues the essential attributes of each internet-connected device to create a unique profile to support proactive cybersecurity. 

Modat empowers individuals, companies, and governments to strengthen their security posture and increase cyber resiliency. The team actively joining the fight to get ahead of cyber-attacks by narrowing the growing gap between digital threats and resilience. Join us to outpace and outlast.

Contact:

modat.io

LIn:

Bluesky:

For quotes/to schedule an interview, users can reach: 

Soufian El Yadmani – CEO & Founder 

Email: [email protected]  

LinkedIn: 

Vincent Thiele – COO & Co-Founder 

Email: [email protected]  

LinkedIn:

Contact

Head of Marketing
Bessie Schenk
Modat
[email protected]


KnowBe4 research reveals a confidence gap in cybersecurity, putting organisations at risk

0

KnowBe4, cybersecurity platform that comprehensively addresses human risk management, has released new research indicating that while 86% of employees believe they can confidently identify phishing emails, nearly half have fallen for scams. The study, which surveyed professionals across the UK, USA, Germany, France, Netherlands, and South Africa, reveals a growing gap between confidence and competence in identifying cyber threats.

Notably, South Africa leads with both the highest confidence levels and the highest scam victimization rate, suggesting that misplaced confidence can create a false sense of security, leaving employees more susceptible to advanced cyber threats. Beyond training, the report highlights the importance of fostering a transparent security culture. While 56% of employees feel “very comfortable” reporting security concerns, 1 in 10 still hesitate due to fear or uncertainty.

Key findings from the survey included:

●      86% of employees believe they can confidently identify phishing emails.

●      24% have fallen for phishing attacks.

●      12% have been tricked by deepfake scams.

●      68% of South African employees reported falling for scams—the highest victimisation rate.

“Overconfidence fosters a dangerous blind spot—employees assume they are scam-savvy when, in reality, cybercriminals can exploit more than 30 susceptibility factors, including psychological and cognitive biases, situational awareness gaps, behavioural tendencies, and even demographic traits,” said Anna Collard, SVP content strategy and evangelist, KnowBe4. “With phishing, AI-driven social engineering, and deepfake scams evolving rapidly, organisations must counteract misplaced confidence with hands-on, scenario-based training. True cyber resilience comes not from assumed knowledge but from continuous education, real-world testing, and an adaptive security mindset.”

The survey findings emphasize the critical need for personalised, relevant, and adaptive training that caters to employees’ individual needs while considering regional influences and evolving cyber tactics. Organisations that prioritise this approach will not only reduce risk but also cultivate a genuine security-first culture. In the battle against digital deception, the most dangerous mistake employees can make is assuming they are immune.

The survey findings, “Security Approaches Around the Globe: The Confidence Gap,” is available for download here.

The post KnowBe4 research reveals a confidence gap in cybersecurity, putting organisations at risk appeared first on IT Security Guru.

Cold Wallets vs. Hot Wallets: Which Offers Better Security?

0

Cryptocurrency isn’t just a buzzword anymore. By December 2024, the number of global cryptocurrency owners reached approximately 659 million, marking a 13% increase from January 2024. That might not sound like a massive chunk, but it still represents millions of individuals who want to protect their virtual holdings. Where regular banking once ruled, self-managed wallets are now front and center for those who prefer having full control of their tokens.

Part of the appeal is the chance to bypass middlemen. However, questions arise on the best way to handle security—especially for people who want quick access to their coins while also trying to avoid potential hacks. 

Hot Wallets and Why People Use Them

Hot wallets and cold wallets both serve important purposes in this field, yet they each come with a unique mix of convenience and risk. Anthony Clarke’s research on crypto storage might notice that he discusses various features of the top web3 wallets. A significant number of these are what we call “hot” wallets, which are connected to the internet at nearly all times. Plenty of enthusiasts who enjoy web-based gaming services lean on hot wallets because they often allow speedy deposits and withdrawals, leading to near-instant play. Once that gaming topic is covered, though, these wallets also appeal to traders, freelancers, or anyone who wants immediate transfers.

Hot wallets are praised for their ease of use. They’re typically tied to user-friendly apps or browser extensions, so you can send or receive tokens within seconds. While this makes day-to-day transactions painless, it also means a constant link to the internet. Hackers often eye anything that’s frequently connected, so staying sharp with two-factor authentication and strong passwords is a must. Phishing attacks are a known threat, where someone might trick you into giving away personal details or private keys.

Another consideration is how these hot solutions store your credentials. Some keep private keys on external servers, while others let you store them on your own device. Either way, the open nature of being connected leaves a bigger window for unwanted visitors to sneak through. If you’re someone who likes fast trades, though, hot wallets remain a popular choice.

 

 

Cold Wallets: Safeguarding Your Crypto Offline

While hot wallets thrive on convenience, cold wallets shut off direct access to the web. They come in the form of hardware devices that look like USB sticks, or even paper wallets with keys and QR codes printed on them. Because these storage methods aren’t plugged into the internet all the time, they present a far smaller target for hackers. Someone would need physical control of your device or printout, making it way harder for them to stage a remote break-in.

Cold wallets are known for long-term storage. If you have coins you’re holding for months or years, it makes sense to lock them away from prying eyes. Many large investors keep the bulk of their funds in offline vaults to minimize risk. However, this approach creates its own challenges. Losing the device or paper could be devastating, and there’s no customer support line that can restore lost private keys. You might want multiple backups—perhaps in separate secure locations—so one house fire or other mishap doesn’t wipe out your stash.

Though it can be more tedious to move your coins in and out of cold storage, the added security is often worth that extra step. Many people prefer a hybrid strategy: store most of your holdings offline, and keep a small portion in a hot wallet for quick trades.

Picking the Right Match for Your Needs

Hot wallets and cold wallets each have their strengths, so the choice depends on how you plan to manage your cryptocurrency. If you’re regularly trading tokens, a hot wallet feels more convenient. Just stay on your toes: never click random links or download unverified software, and consider pairing your wallet with hardware-based two-factor solutions. That level of caution is essential, because even a moment of inattention can lead to stolen funds.

On the flip side, if you’re happy to park coins for a while, cold wallets offer a sense of security that’s tough to beat. Not being connected nearly closes the door on remote hacking attempts. The downside is that you’ll have to keep track of your physical device and backups. Anyone who loses their cold wallet without a recovery phrase faces the possibility of never seeing their crypto again.

Some people take a balanced path, splitting their holdings between the two methods. A portion stays hot for day-to-day transactions, while the rest sits offline. This gives you that sweet spot of easy access and lower risk. Think of it like keeping a bit of cash in your pocket for small expenses, with the bulk of your savings safely locked away.

In the crypto world, your personal habits play a big role in choosing the best wallet type. Day traders and gamers may favor rapid moves, but that also means they should be extra cautious with security steps. Long-haul investors often breathe easier knowing their coins are tucked away in cold storage, though they accept the burden of safeguarding physical devices.

 

The post Cold Wallets vs. Hot Wallets: Which Offers Better Security? appeared first on IT Security Guru.

WatchGuard unveils FireCloud Internet Access

0

WatchGuard® Technologies, a provider of unified cybersecurity, has announced the launch of FireCloud Internet Access, the first in what it’s describing as “a new family of hybrid secure access service edge (SASE) products”. The company said that FireCloud “uniquely meets the needs of hybrid organisations and WatchGuard’s partners by delivering consistency across Fireboxes and FireCloud with nearly identical configurations and no learning curve.”

Managing real-world cybersecurity means managing hybrid networks that combine traditional on-premises and Cloud/firewall-as-a-service (FWaaS) environments. Many vendors providing SASE solutions overlook the importance of integrated on-premises environments, which diminishes the value of deploying a SASE solution. When a SASE solution does not take these environments into account, they end up creating isolated systems that are managed separately, leading to unnecessary complexity and overhead.

FireCloud Internet Access, WatchGuard said, is the “right answer” for hybrid environments because it integrates with WatchGuard Cloud and shares unified policy management with Firebox, combining firewall-as-a-service (FWaaS) and secure web gateway (SWG) to deliver robust protection without complexity. Furthermore, WatchGuard enables managed service providers (MSPs) to deliver a valuable SASE solution to their clients with an adoption model that fits their hybrid environments. This solution is part of the WatchGuard Unified Security Platform® architecture, which includes Identity, Network, and Endpoint security components, unified management in the WatchGuard Cloud, and a common installation framework for WatchGuard endpoints.

“FireCloud Internet Access provides real security for real-world challenges that today’s businesses face. As remote and distributed work environments evolve and companies transition to the Cloud, the range of threat surfaces and location of endpoints that need protection has expanded,” said Andrew Young, chief product officer at WatchGuard. “Existing solutions don’t allow security teams to seamlessly manage their network security in concert with their SASE deployments, creating security gaps and management complexities. To overcome these limitations, we have developed a new hybrid SASE approach which begins with FireCloud Internet Access.”

 

The FireCloud Internet Access Difference: In addition to being uniquely designed for hybrid Cloud/on-premises environments, FireCloud Internet Access also promises ease of deployment, flexible and scalable licensing and pricing, and integration into WatchGuard’s threat detection and response platform.

  • Designed for Hybrid – WatchGuard’s SASE architecture is one of the few solutions that is designed to deliver value and benefits to a hybrid environment. For lean IT teams or MSPs, this approach means easier management, consistent security controls, and lower costs over other SASE offerings.
  • Ease of Deployment – Administrators can configure and enforce security policies from a single interface, which simplifies management by using consistent policy structures and terminology. Security settings are automatically deployed to all WatchGuard-hosted points of presence (PoPs) worldwide, ensuring consistent policy enforcement no matter where the user is located. FireCloud clients are delivered from the WatchGuard Cloud, making them easy to deploy and manage.
  • Flexible and Scalable – The flexible pricing available with WatchGuard’s FlexPay helps build and grow managed security services provider (MSSP) business. As a firewall-as-a-service, the number of users doesn’t impact performance, and more licenses can be easily added with customer growth.

WatchGuard is committed to delivering a complete SASE solution to meet partners’ and their clients’ needs. Over time, WatchGuard’s FireCloud family of solutions covering private access, SD-WAN, ZTNA, and CASB will be built out and deployed, and along the way, FireCloud customers will also benefit from soon-to-be-released integrations with ThreatSync+ software as a service (SaaS) delivering overwatch threat detection and response, and the client will be integrated with the soon-to-be-released WatchGuard Universal Agent that simplifies device management. As always, WatchGuard said it will work closely with partners to determine the specific SASE needs of their clients.

“SASE is the future of secure connectivity, merging network and security functions into a Cloud-native service. With FireCloud Internet Access and its overall approach to hybrid SASE architecture, WatchGuard’s focus on delivering powerful cybersecurity solutions specially designed for MSPs is on full display,” said Kevin Willette, president of Verus. “This is an affordable and effective solution to protect our clients’ networks and users while still using the same enterprise security found in our Firebox, which makes my business more efficient and improves our bottom line.”

This news follows WatchGuard’s recent acquisition of ActZero, a leading provider of Managed Detection and Response (MDR) services, to accelerate MDR growth for MSP partners and extend their sales reach. WatchGuard, which received recognition from IT Awards, ChannelVision, Fortress Cybersecurity, InfoSec Awards, and TMCnet for its security solutions in 2024, continues to lead the industry in security innovation to offer MSPs more scalable, ready-to-sell solutions that drive revenue.

 

The post WatchGuard unveils FireCloud Internet Access appeared first on IT Security Guru.

Popular Posts

My Favorites