Cato CTRL security researchers have recently discovered a threat actor, ProKYC, selling a deepfake tool in the cybercriminal underground that helps threat actors beat two-factor authentication (2FA) for conducting account fraud attacks. The tool being sold is customized to target cryptocurrency exchanges—specifically ones that authenticate new users leveraging a government-issued document and by enabling the computer’s camera to perform facial recognition.

Sniper Dz targets social media and online services, Elastic Security Labs releases its 2024 Global Threat Report, and Andariel launches financial attacks against U.S. organizations.

An employee at a large organization is doing research for a client and clicks on what they believe is a legitimate website. What they don’t realize is, while they’re browsing, malware in the form of a Trojan virus is swiftly downloading onto their endpoint. The Trojan jumps from the endpoint into the organization’s network, and suddenly, their cybersecurity system rings alarms as ransomware takes hold in the environment.

In today’s digitally connected world, any organization with digital assets and internet access is vulnerable to cyberattacks. That reality has become all too pervasive in recent years. While it may not be part of your business plan, protection against cyber attacks must be a high priority. Keeping your business safe from attack should be a shared objective across all areas of the organization.

In the ever-evolving landscape of cybersecurity threats, the DragonForce ransomware group has quickly become a serious menace to organizations worldwide. First discovered in August 2023, DragonForce has made headlines by leveraging two powerful ransomware variants—a fork of the infamous LockBit3.0 and a modified version of ContiV3.

Attackers continue to exploit URL rewriting to hide their phishing links from email security filters, according to researchers at Abnormal Security. URL rewriting is a security technique used by many email security platforms to analyze links in emails to verify their safety before users are allowed to click on them. However, this technique can also be abused to mask the original phishing link.

You can prevent Man-in-the-Middle (MITM) attacks in your organization by investing in a password manager, using a VPN, monitoring your network and training employees on security best practices. MITM attacks occur when a cybercriminal intercepts private data sent between two businesses or individuals to steal or alter the data with malicious intent.

On April 12, 2024, Palo Alto Networks published a security advisory detailing an actively exploited maximum severity zero-day vulnerability affecting the GlobalProtect feature of PAN-OS. Dubbed CVE-2024-3400, it was assigned the maximum critical severity score of 10.0 through the Common Vulnerability Scoring System (CVSS), meaning the potential for damage was large and the path to exploit was easy for cybercriminals.

Cybercriminals are targeting educational institutions, attracted by the vast amount of sensitive data they handle: student and employee personal information, research, and intellectual property. With tight technology budgets and often weak defenses, many of these organizations are easy prey for increasingly complex cyberattacks, putting their reputation and operations at risk.