Every day, organizations subject themselves to audit violations and data leaks when their end-users share sensitive data with third parties – essentially anyone outside of your organization. Various regulations and compliance frameworks require sensitive data to be encrypted with industry-grade security while at rest and in transit.
Passwords and other shared secrets are the number one cause of data breaches. The security risks of passwords is widely recognized in the consumer space with the leading tech companies (and competitors) including Microsoft, Google, Apple joining together to create the FIDO Alliance to reduce the over-reliance on passwords. With FIDO, passwords are replaced with more secure, and easier to use biometric and cryptographic authentication.
On June 23, The Cybersecurity and Infrastructure Security Agency (CISA) and the United States Coast Guard Cyber Command (CGCYBER) released a joint Cybersecurity Advisory (CSA) warning network defenders that cyber threat actors, including state-sponsored advanced persistent threat (APT) actors, have continued to exploit CVE-2021-44228 (Log4Shell) in VMware Horizon® and Unified Access Gateway (UAG) servers.
mr.d0x, a security researcher who previously released phishing tactics such as browser-in-the-browser (BitB) and utilized NoVNC to circumvent two-factor authentication (2FA), has released a new phishing attack method that exploits WebView2 applications to steal cookies and credentials. The code base utilizes a modified version of Microsoft’s WebView2 Samples repository. Microsoft has developed a new module called “Microsoft Edge WebView2 control”.
Malware can come from and in a variety of attack vectors. Besides using ‘traditional’ methods of spreading malware, adversaries can leverage more sophisticated methods to turn your Power System into a ‘malware host’. The key target is your data. Data is valuable, and organisations have paid at least $602 million to ransomware gangs in 2021.
A $10 million reward is being offered for information leading to the identification or location of malicious hackers working with North Korea to launch cyber attacks on US critical infrastructure. The offer comes from the US State Department which is understandably eager to disrupt the activities of hacking gangs linked to foreign governments who may have engaged in espionage, cryptocurrency theft, and other malicious activities.
We are excited to officially announce the launch of the new Tines Story Library - making it easier than ever to unlock the potential for greater business efficiency and more streamlined operations in less time with less effort! The power of no-code automation is now at your fingertips. From interacting with SIEMs to chatbots, case management systems, and more, the Story Library is filled with ready-to-use automation Stories, providing inspiration and digital transformation with just one click.
A few months ago, we reported on an interesting site called the Chameleon Phishing Page. These websites have the capability to change their background and logo depending on the user’s domain. The phishing site is stored in IPFS (InterPlanetary File System) and after reviewing the URLs used by the attacker, we noticed an increasing number of phishing emails containing IPFS URLs as their payload.
Threats are becoming more sophisticated and the cybersecurity challenges organizations face are growing. Today, one of the biggest risks is hybrid work. According to a Canalys report, 134 million employees worldwide work remotely or under a hybrid model. As we addressed in our Cybersecurity Insights, extending beyond the company office perimeter makes protection a much greater challenge.
