December 12, 2024 at 10:24AM Sublime Security, a D.C. startup offering email security solutions for Microsoft 365 and Google Workspace, has secured $60 million in funding, bringing total investments to $93.8 million. The company, gaining traction with major clients, provides AI-driven tools for threat detection and management, competing in the growing email security market. ### … Read more
December 10, 2024 at 05:12AM Cybersecurity threats are evolving, with ongoing zero-day attacks using corrupted files largely undetected, as seen in a recent analysis by ANY.RUN. Additionally, fileless malware and phishing tactics are on the rise. Utilizing advanced tools like ANY.RUN’s Interactive Sandbox helps organizations identify and analyze these threats effectively. ### Meeting Takeaways (Dec … Read more
December 9, 2024 at 03:03PM Researchers from Mandiant have demonstrated a method to bypass browser isolation using QR codes, allowing attackers to transmit commands to compromised devices. This technique exploits remote rendering processes to convey data visually, though it faces limitations, including latency and QR code size constraints. Mandiant still endorses browser isolation as a … Read more
December 2, 2024 at 05:41PM A new phishing campaign exploits Microsoft Word’s file recovery feature with corrupted document attachments, evading security measures. These emails, disguised as payroll communications, prompt users to scan a QR code leading to a credential-stealing site. Most antivirus solutions fail to detect these attachments, enhancing their effectiveness. ### Meeting Takeaways 1. … Read more
November 21, 2024 at 05:43PM Microsoft seized 240 domains linked to ONNX, a phishing-as-a-service platform targeting companies and individuals since 2017. ONNX was the leading player in middle (AitM) phishing, promoting phishing kits on Telegram. Microsoft’s legal action aims to disrupt ONNX’s operations, though other threat providers may emerge. ### Meeting Takeaways 1. **Domain Seizure**: … Read more
November 18, 2024 at 10:05AM The cybersecurity landscape is evolving rapidly, driven by increasing threats and the exploitation of AI by cybercriminals. Companies are significantly raising cybersecurity budgets, yet attacks continue to escalate. As specialized solutions are in demand, companies that harness emerging technologies to enhance security will likely experience substantial growth in the sector. … Read more
November 13, 2024 at 04:37PM Suspected Russian hackers exploited a recently patched Windows vulnerability (CVE-2024-43451) targeting Ukrainian entities. This NTLM Hash Disclosure flaw allows attackers to steal user login credentials via phishing emails. Microsoft confirmed the vulnerability’s exploitation requires minimal user interaction and has affected all supported Windows versions, prompting CISA to issue a security … Read more
November 13, 2024 at 07:15AM The rise of SaaS and cloud environments has increased cybersecurity threats, particularly through browsers. LayerX released a guide, “Kickstarting Your Browser Security Program,” outlining steps for implementing browser security, including threat mapping, stakeholder collaboration, and gradual rollouts. Successful programs adapt to evolving risks, focusing on data protection and credential safety. … Read more
November 12, 2024 at 04:47PM Microsoft revealed a critical vulnerability (CVE-2024-49040) in Exchange Server 2016 and 2019, allowing email spoofing by forging legitimate senders. Discovered by Vsevolod Kokorin, the flaw leads to exploitation risks. Microsoft has released updates for detection and added warning banners for suspicious emails, urging users to maintain security features. ### Meeting … Read more
November 6, 2024 at 05:56PM Check Point Research has tracked a spear-phishing campaign, “CopyR(ight)hadamantys,” targeting hundreds of companies globally with emails claiming copyright infringement. The emails deliver the sophisticated infostealer Rhadamanthys, capable of stealing sensitive data. Attackers use automation to send these messages, often impersonating known brands in technology and entertainment industries. ### Key Takeaways … Read more