Amos’s Cybersecurity Almanac: Like a dictionary, only cooler
Fun with a serious and very useful side.
Jun 16, 2026
By subscribing you agree to our Privacy Policy and provide consent to receive updates from our company.
Employees are a major attack vector for threat actors targeting organizations. Recent research by Stanford University confirms this, revealing that 88% of all data breaches are caused by human error. These human errors might be as simple as sending an email to an incorrect address or leaving a database publicly viewable; but they can also be more involved, as when employees become victims of targeted phishing campaigns. Let’s detail how employees might be increasing risk for organizations and what organizations […]
When you come across a threat that seems mundane at first glance, is it OK to let AI try to mop it up on its own?
Banks with safe deposit vaults don’t set them up so that every box gets the same key. But when it comes to online accounts, we’re not always so careful…
HTTPS needed at least two decades to take hold, for a bunch of curious and sometimes contradictory reasons. Join Paul Ducklin for Part 2 of this peculiar but educational tale…
HTTPS needed at least two decades to take hold, for a bunch of curious and sometimes contradictory reasons. Join Paul Ducklin for Part 1 of this peculiar but educational tale…
If you work in a large organization with an extensive attack surface, you might have considered establishing a security operations center (SOC) for more dedicated monitoring and response. Establishing a SOC makes sense for enterprise organizations that face constant threats, handle sensitive and high-value data, and/or have large and complex infrastructures. Such organizations include financial institutions, healthcare organizations, government agencies, high-profile companies, large entertainment companies with A-list celebrities on their rosters, and massive e-commerce companies. For these organizations, a SOC […]
Dire cybersecurity warnings about QR codes are commonplace, but is the risk really as bad as some vendors are saying?
Join Paul Ducklin and SolCyber CTO David Emerson as they talk about the human element in cybersecurity in our new podcast TALES FROM THE SOC.
What do you do when malware you’re chasing hasn’t left a copy of itself behind on disk? Or if it’s lying about where to find it, so you grab the wrong thing?
ChatGPT’s release in late 2022 brought the AI industry out of obscurity, turned Nvidia into the fourth-largest company in the world, and generally reawakened the stock market. Yet it didn’t take long for the naysayers and FUD (Fear-Uncertainty-Doubt) mongers to start spreading terrifying news about AI’s risks—everything from supposedly AI-created malware to robots developing general intelligence and taking over the world. Seriously. However, 1.5 years later, we can now take a step back, evaluate what’s happened, —and what hasn’t— and […]
Sometimes, measurements and observations that seem obvious and intuitive turn out to be way off base.
These ‘bad guesses’ can lead to all sorts of risky conclusions, especially in cybersecurity.
Following our recent article series about VPNs, a reader asked about Tor, saying, “Can you give us a balanced view so we can figure it out for ourselves?”
The answer is: Yes!
The healthcare industry has had a rough start to 2024. It’s still reeling from February’s attack on Change Healthcare that brought production screeching to a halt. The breach shut down offices and healthcare facilities, cut off patient access to medication and care, and cost large hospitals and pharmacies upward of $100 million per day. Though Change has managed to get many of its systems back online, an American Medical Association survey conducted on April 29 found that 60% of respondents […]
Just how much security does a VPN give you?
What could go wrong with the security you think you’re enjoying, and what potential problems do you need to be aware of?
Employees are a major attack vector for threat actors targeting organizations. Recent research by Stanford University confirms this, revealing that 88% of all data breaches are caused by human error. These human errors might be as simple as sending an email to an incorrect address or leaving a database publicly viewable; but they can also be more involved, as when employees become victims of targeted phishing campaigns. Let’s detail how employees might be increasing risk for organizations and what organizations […]
When you come across a threat that seems mundane at first glance, is it OK to let AI try to mop it up on its own?
Banks with safe deposit vaults don’t set them up so that every box gets the same key. But when it comes to online accounts, we’re not always so careful…
By subscribing you agree to our Privacy Policy and provide consent to receive updates from our company.
HTTPS needed at least two decades to take hold, for a bunch of curious and sometimes contradictory reasons. Join Paul Ducklin for Part 2 of this peculiar but educational tale…
HTTPS needed at least two decades to take hold, for a bunch of curious and sometimes contradictory reasons. Join Paul Ducklin for Part 1 of this peculiar but educational tale…
If you work in a large organization with an extensive attack surface, you might have considered establishing a security operations center (SOC) for more dedicated monitoring and response. Establishing a SOC makes sense for enterprise organizations that face constant threats, handle sensitive and high-value data, and/or have large and complex infrastructures. Such organizations include financial institutions, healthcare organizations, government agencies, high-profile companies, large entertainment companies with A-list celebrities on their rosters, and massive e-commerce companies. For these organizations, a SOC […]
Dire cybersecurity warnings about QR codes are commonplace, but is the risk really as bad as some vendors are saying?
Sometimes, measurements and observations that seem obvious and intuitive turn out to be way off base.
These ‘bad guesses’ can lead to all sorts of risky conclusions, especially in cybersecurity.
Following our recent article series about VPNs, a reader asked about Tor, saying, “Can you give us a balanced view so we can figure it out for ourselves?”
The answer is: Yes!
The healthcare industry has had a rough start to 2024. It’s still reeling from February’s attack on Change Healthcare that brought production screeching to a halt. The breach shut down offices and healthcare facilities, cut off patient access to medication and care, and cost large hospitals and pharmacies upward of $100 million per day. Though Change has managed to get many of its systems back online, an American Medical Association survey conducted on April 29 found that 60% of respondents […]
Just how much security does a VPN give you?
What could go wrong with the security you think you’re enjoying, and what potential problems do you need to be aware of?
By subscribing you agree to our Privacy Policy and provide consent to receive updates from our company.
