Legitimate services can be exploited in social engineering, including business email compromise (BEC) attacks. Researchers at Check Point describe one current BEC campaign that’s using Soda PDF to send messages encouraging the recipients to call a phone number. Should they make the call, the bad actor on the line seeks to winkle them out of their cash. Check Point calls these kinds of attempts, which “leverage legitimate services to send out malicious material,” BEC 3.0.

Cybercriminals still know that the easiest way to successfully infiltrate an organization is through its people. While organizations continue evaluating and investing in their technology-based security layer, the human layer continues to be the most enticing and vulnerable attack vector. This marks the sixth consecutive year that KnowBe4 has analyzed hundreds of millions of data points in order to provide our annual Phishing by Industry Benchmark Report.

Have you or someone you know been a victim of a breach of your privacy? Would you know if you did? The majority of people tend not to worry about breaches in their privacy until it’s too late. By this point, your confidential information may already be in the wrong hands. Not to worry, though; this article will equip you with the tools to construct your own personal shield, which will defend you against the possible ways in which your data may be used to directly cause you or your business harm.

At Netskope, we’ve talked a lot lately about how to safely enable ChatGPT and other generative AI applications such as Google Bard and Jasper. Why? As the saying goes, “There’s no going back.” Generative AI is here to stay and will have a transformative effect on our day-to-day lives whether we’re in technology or not.

GitGuardian has made strategic executive hires and been selected for the French Tech 2030 program, positioning the company for growth and advancement in cybersecurity and code security solutions.

You’ve probably heard the Boy Scout motto, “be prepared.” In his 1908 handbook, Scouting for Boys, the author explained, “it shows you how you must be prepared for what is possible, not only what is probable.” Your cyber incident response plan is how you prepare for a possible, and, also in today’s world, probable security incident or data breach. Unfortunately, since every organization is different, no single plan will work for everyone.

Vendor risk management is top of everyone’s mind considering recent headline grabbing supply chain attacks, such as SolarWinds. But as more vendors enter your digital supply chain, keeping up with vendor adoption is tough. According to Accenture, 79 percent of businesses are adopting technologies faster than they can address related security issues. For your organization to be truly protected against supply chain cyber risks, you must develop a robust vendor risk management (VRM) program.

Verizon’s much anticipated 2023 Data Breach Investigations Report (DBIR) has hit the market and we have the missing pieces you need to convert its findings into action. In this blog, we’ll break down.

The ransomware trend continues to run rampant. One in four breaches involve ransomware, and organized crime actors use ransomware in more than 62 percent of incidents. Cyber criminals are taking advantage of these new opportunities to exploit a greatly expanded attack surface: But ransomware is only one small piece that a security leaders has to manage. The threat of ransomware is compounded by a distributed workforce, trends toward technology consolidation, geopolitical upheaval, and budget constraints.

Zero trust is a hot topic in cybersecurity, and for a good reason. There is no one-size-fits-all solution to securing your data and networks; rather, zero trust offers a more holistic perspective comprised of many different safety measures and practices and a shift in perspective on security.