Disney, Nike, IBM Signatures Anchor 3M Fake Emails a Day

August 2, 2024 at 11:46AM The EchoSpoofing campaign sent millions of fake emails, exploiting a vulnerability in Proofpoint’s email protection service and Microsoft 365. By using a misconfiguration flaw, the attackers impersonated blue chip companies like Disney and Coca-Cola, exploiting the trust between Microsoft 365 and Proofpoint to send fraudulent emails. Proofpoint implemented a fix, … Read more

Kaspersky is shutting down its business in the United States

July 15, 2024 at 03:55PM Kaspersky Lab, a Russian cybersecurity company, will begin shutting down its US operations on July 20, including laying off its US employees, following sanctions from the US Treasury Department and Department of Commerce. The company cited the US legal requirements and business viability as reasons for the decision. After a … Read more

Addressing Risk Caused by Innovation

April 29, 2024 at 10:00AM Businesses urgently adopt new technology to meet customer demands, but this poses cybersecurity risks. A proactive approach integrating cybersecurity defenses with new technology implementation is essential. CEOs invest in AI and cloud solutions to enhance customer experience but often neglect cybersecurity, leaving businesses and customers vulnerable. Integrated cybersecurity measures improve … Read more

Execs in Japan busted for winning dev bids then outsourcing to North Koreans

March 28, 2024 at 02:34AM Two executives, Pak Hyon-il and Toshiron Minomo, are facing arrest warrants in Japan for allegedly establishing a business that outsourced work to North Korean IT engineers without the knowledge of Japanese customers. The police suspect ties to North Korea’s foreign currency acquisition activities and fraudulent financial practices. Hiring North Korean … Read more

Beyond the Hype: Questioning FUD in Cybersecurity Marketing

February 14, 2024 at 07:09AM FUD marketing, rooted in fear, uncertainty, and doubt, is often linked to cybersecurity and large, dubious numerical figures. The $8 trillion annual cybercrime cost figure, widely repeated, lacks transparent validation. Experts question its validity and relevance. While FUD does exist in cybersecurity marketing, it is sometimes justifiable, posing a challenge … Read more

5 Steps to Improve Your Security Posture in Microsoft Teams

February 13, 2024 at 10:11AM Summary: Despite being underestimated, SaaS chat apps like Microsoft Teams and Slack are susceptible to sophisticated cyber threats, including phishing campaigns and malware attacks. These attacks exploit vulnerabilities in Teams’ external access settings, posing a growing risk to users. To mitigate these risks, organizations are advised to implement specific remediation … Read more

Bugcrowd Announces Vulnerability Ratings for LLMs

December 20, 2023 at 08:21AM Bugcrowd has updated its Vulnerability Rating Taxonomy with a new system for categorizing and prioritizing vulnerabilities in large language models. The open-source VRT initiative, launched in 2016, aids Bugcrowd and its customer organizations in standardizing vulnerability classification and assessing cybersecurity risks. The update was influenced by the OWASP Top 10 … Read more

3 Ways to Stop Unauthorized Code From Running in Your Network

November 22, 2023 at 12:03PM More than 50% of organizations plan to incorporate AI and automation technologies in 2023. However, the development of code using AI tools needs to be closely monitored to prevent unauthorized code from running in networks. Three steps to prevent this include requiring secure code-signing certificates, implementing self-replicating security architectures, and … Read more

Navigating Tech Risks in Modern M&A Waters

November 10, 2023 at 10:03AM Executives need a profound understanding of cyber, data, and technology risks in today’s business landscape, especially during mergers and acquisitions (M&A). The significance of cybersecurity during M&A due diligence lies in evaluating the target company’s cybersecurity posture. Intangible assets, specifically digital assets, hold substantial value but are susceptible to breaches … Read more

Industry Reactions to SEC Charging SolarWinds and Its CISO: Feedback Friday

November 4, 2023 at 12:30PM The US Securities and Exchange Commission (SEC) has charged SolarWinds and its chief information security officer (CISO), Timothy Brown, for allegedly misleading investors about cybersecurity practices and risks before the disclosure of a major hacker attack. The SEC claims that SolarWinds’ filings misled investors while Brown knew of specific cybersecurity … Read more