New TTP attack data covering 2023 sheds much needed light on the threat actor and user actions that are putting organizations at the most risk. In cybersecurity vendor ReliaQuest’s Annual Cyber-Threat Report: 2024, there is a ton of great detail mapped to the MITRE ATT&CK Framework outlining which threat actions are used and how organizations are most effectively fighting back and stopping attacks.

The risk both to and from AI models is a topic so hot it’s left the confines of security conferences and now dominates the headlines of major news sites. Indeed, the deluge of frightening hypotheticals can make AI feel like we are navigating an entirely new frontier with no compass. And to be sure, AI poses a lot of unique challenges to security, but remember: Both the media and AI companies have a vested interest in upping the fright hype to keep people talking.

A trojanized version of the McAfee Security app is installing the Android banking Trojan “Vultur,” according to researchers at Fox-IT. The attackers are spreading links to the malicious app via text messages and phone calls. “In order to deceive unsuspecting individuals into installing malware, the threat actors employ a hybrid attack using two SMS messages and a phone call,” the researchers write.

Researchers discover a new version of the Tycoon 2FA AiTM kit, a phishing attack disguises keylogger as bank payment notice, and TheMoon malware targets ASUS routers.

Get Free Mobile Application Penetration Testing Checklist Even though iOS and Android come with robust security features, like secure data storage and communication APIs, they only work well if they’re set up right. That’s why thorough mobile app penetration testing is vital—to ensure these features are correctly integrated and protect your data effectively.

Scammers use psychology to create some of the most convincing internet cons – here's how to advise your customers on what to watch out for.

Granting privileged access to an end user’s device is a common practice in organizations. Admins do it to give end users the ability to manage administrative tasks such as downloading applications and accessing resources on their devices. It can be done manually, which is cumbersome and introduces risks. Or it can be managed to improve user productivity without requiring additional IT help or intervention, so that IT can focus on higher priority tasks.