#EnterpriseSecurity – Page 2

Microsoft: Creative Abuse of Cloud Files Bolsters BEC Attacks

October 9, 2024 by Xynik

October 9, 2024 at 09:11AM Threat actors are enhancing business email compromise (BEC) campaigns by using legitimate cloud file-sharing services like Dropbox and OneDrive, combined with social engineering tactics. This approach bypasses traditional security measures, allowing attackers to phish credentials and conduct further malicious activities. Microsoft advises enterprises to implement extended detection and response (XDR) … Read more

The Secret Weakness Execs Are Overlooking: Non-Human Identities

October 3, 2024 by Xynik

October 3, 2024 at 11:42AM Traditional perimeter-based security measures are no longer sufficient in today’s distributed cloud environments. The shift to a new gold standard of enterprise security, “zero trust,” emphasizes the importance of managing both human and non-human identities. Mismanaged identities have led to high-profile breaches, highlighting the need for comprehensive and continuous visibility, … Read more

Torq Secures $70M Series C for HyperSOC

September 27, 2024 by Xynik

September 27, 2024 at 01:46PM Torq, a startup specializing in AI-powered security automation, has secured $70 million in a Series C funding round led by Evolution Equity Partners. This brings their total raised to $192 million. The funding will be used to further advance their AI-driven security operations platform and expand their client base, which … Read more

Five Eyes Agencies Release Guidance on Detecting Active Directory Intrusions

September 27, 2024 by Xynik

September 27, 2024 at 10:21AM Government agencies from the Five Eyes countries have provided guidance on threat actor techniques targeting Microsoft Active Directory. These techniques exploit the directory’s vulnerabilities, making it a prime target for bad actors. The guidance recommends prioritizing privileged access security and implementing a tiered model. It also outlines common compromise techniques … Read more

Over 1,000 ServiceNow instances found leaking corporate KB data

September 17, 2024 by Xynik

September 17, 2024 at 09:32AM Over 1,000 misconfigured ServiceNow instances exposed sensitive corporate information in Knowledge Base articles to external users and potential threat actors. Based on the meeting notes provided, the clear takeaway is that over 1,000 misconfigured ServiceNow enterprise instances were discovered, which led to the exposure of sensitive corporate information in Knowledge … Read more

SplxAI Raises $2 Million to Protect AI Chatbot Apps

September 11, 2024 by Xynik

September 11, 2024 at 11:24AM SplxAI, an early-stage startup, has secured $2 million in pre-seed funding led by Inovo.vc, with additional investments from Runtime Ventures, South Central Ventures, and angel investors. Founded in 2023, SplxAI aims to provide a security platform to identify vulnerabilities in AI chatbots and conversational systems, with plans to build an … Read more

Webinar: How to Protect Your Company from GenAI Data Leakage Without Losing It’s Productivity Benefits

September 9, 2024 by Xynik

September 9, 2024 at 08:24AM GenAI has become essential for productivity, but also poses security risks due to employees sharing sensitive information. To address this, organizations can identify and protect sensitive data, set restrictions, and utilize GenAI DLP tools to monitor and control data input. A webinar by LayerX offers insights and best practices for … Read more

Microsoft Warns of Unpatched Office Vulnerability Leading to Data Breaches

August 10, 2024 by Xynik

August 10, 2024 at 01:45AM Microsoft has disclosed an unpatched zero-day in Office (CVE-2024-38200) that could lead to unauthorized disclosure of sensitive information to malicious actors. A patch is expected on August 13, with an alternative fix already enabled. Three mitigation strategies have been outlined. Microsoft is also working on addressing other zero-day flaws in … Read more

Threat Actors Exploit Fresh ServiceNow Vulnerabilities in Attacks

July 26, 2024 by Xynik

July 26, 2024 at 08:27AM Threat actors exploiting critical vulnerabilities in ServiceNow, including input validation flaws and a file read security defect, targeting vulnerable instances for reconnaissance. Approximately 300,000 instances susceptible to probing, with threat actors attempting to extract data from private sector and government agencies worldwide. ServiceNow urged customers to apply patches and hotfixes … Read more

Webinar: Securing the Modern Workspace: What Enterprises MUST Know about Enterprise Browser Security

July 25, 2024 by Xynik

July 25, 2024 at 06:10AM The modern enterprise faces browser-based security threats that traditional tools can’t fully protect against. A new approach to securing the browser itself is needed. In a live webinar, experts will discuss challenges in the hybrid-work world, gaps in current security solutions, and the importance of securing the browser, which has … Read more