Ericom Blog

“Operation Duck Hunt” Shuts Down QakBot Botnet

The FBI-led takedown of Qakbot was an operation that involved seven countries. Malware was removed from 700,000 computers. But don’t think all that makes you safe.

How GenAI is Supercharging Zero-Day Cyberattacks

Generative AI empowers its users to work fast, better and more efficiently. Alas, this includes cybercriminals, who are using malicious GenAI platforms to accelerate zero-day exploit creation.

Cybercriminals Disdain the Law, But Find Law Firms Attractive

Cybercriminals love the multiplier effect they get from attacking law firms: Hack in, and they get firm data PLUS juicy confidential client info.

Signed Proxy App Slips Malware Past Virus Detection

Malware samples embedded in pirated software and games silently installed proxies on millions of devices to create a malicious botnet, without users approving or even knowing that they were installed.

Zero-Days are the Delivery Vector of Choice for Today’s Ransomware Groups

Ransomware actors have shifted to using zero-day vulnerabilities and one-day flaws to execute attacks, resulting in a huge increase in ransomware victims.

Is Disabling Internet Access a Reasonable Cybersecurity Solution?

In an ironic case of “Do as I say, not as I do,” Google is cutting off some employees’ web access to reduce the threat of cyberattacks – while touting its security features to users like us.

Generative AI Could Improve Productivity - or Endanger Your Company

It’s never wise to enter sensitive or proprietary data into a public web app. But now, in the Generative AI era, the risks, including data exposure and legal and regulatory liability, are greater than ever before.

Stop Phishing to Prevent Up to 90% of Security Breaches

Given the enormous sums being spent on phishing training, there are many studies that attempt to evaluate the effectiveness of the training. Many have found that it can't transform users into a reliable phishing defense force.

Despite Best Intentions, Humans Remain the Weak Link

When it comes to cybersecurity, the fatal flaw in the best practices to-do list is that every element requires every single IT manager and user to be completely on board, 100% of the time.