Modern business operations have become synonymous with outsourcing to vendors, as essentially every business relies on at least a few third-party partnerships to improve efficiency and enhance capabilities. However, these partnerships also present various cybersecurity risks that can negatively impact an organization’s performance, reputation, and compliance with industry regulations and standards. To mitigate these risks, organizations must develop a robust Vendor Risk Management (VRM) process.

CLEARFAKE is the term used to describe the malicious in-browser JavaScript framework deployed on compromised webpages as part of drive-by compromise campaigns to deliver information stealers. It has the potential to impact all sectors. Although the CLEARFAKE fake browser update campaign (which was initially identified in Q2 2023) originally targeted Windows users, it expanded to macOS users in Q4 2023.

Recent high-profile breaches at Ticketmaster and Santander, attributed to the ShinyHunters group, have brought the critical need for robust data protection measures to the forefront. ShinyHunters, a notorious cybercriminal group known for stealing data from various organizations for financial gain, has demonstrated how vulnerabilities in third-party platforms can lead to significant data breaches.

A large solutions and services company facing strict compliance regulations and enforcements needed a powerful, scalable enterprise data protection solution for their data being migrated over to S3, Athena, Amazon Redshift, and Glue environments. The sensitive data included HR, Financial and customer information. Using Protegrity’s field-level data protection, the company overcame this challenge, significantly improving their processes.

Cybersecurity is the most crucial curve in today’s rapidly evolving digital landscape, and all organizations of any size need to be at the forefront of it. With AI becoming mainstream, new emerging trends shape the cybersecurity industry daily.

Twilio, the cloud communications provider, has disclosed a security breach affecting its Authy app, exposing users' phone numbers due to an exploit in an unauthenticated endpoint. Understanding the Authy App Breach Twilio confirmed unauthorized access to an endpoint within Authy, leading to the exposure of data linked to Authy accounts, specifically users' cell phone numbers.

Brazil's data protection authority, Autoridade Nacional de Proteção de Dados (ANPD), has issued a temporary ban on Meta from processing personal data of users to train its artificial intelligence (AI) algorithms. This decision stems from concerns over inadequate legal justification, lack of transparency, and potential risks to privacy rights, particularly for children and adolescents.

A newly identified ransomware group, "Volcano Demon," has emerged, targeting executives directly with threatening phone calls instead of the typical data leak sites. Over the past two weeks, this group has carried out several attacks, deploying a unique ransomware variant known as “LukaLocker,” according to a report from Halcyon. LukaLocker Ransomware Attack Overview Volcano Demon’s ransomware, LukaLocker, encrypts files with a.nba extension.

Researchers at Menlo Security discovered three state-sponsored phishing campaigns that have targeted 40,000 important individuals over the past three months.

As social media becomes more intertwined with our daily routines, cybercriminals are using it to trick people with fake job offers. What are these social-media recruitment scams, and how can you spot the red flags? With unemployment surging in many countries around the world, in particular countries like South Africa, which is currently at the top of the highest unemployment list in the world at over 32%, it’s no wonder that scams targeting job seekers are becoming more common.

A new phishing campaign tries to trick email recipients into pasting and executing malicious commands on their system that installs DarkGate malware. Security researchers at Ahnlab have discovered a new phishing campaign that leverages a unique user interaction. Normally, phishing campaigns simply need users to open an HTML attachment.

Two vulnerabilities—stored XSS and insecure file upload— have been detected in the Alpha 0.5 version of CervantesSec. This article will outline what CervantesSec does, the vulnerabilities found, and its current status.