Google’s Threat Analysis Group (TAG) has published a report describing the activities of “ARCHIPELAGO,” a subset of the North Korean state-sponsored threat actor APT43. ARCHIPELAGO’s operators frequently impersonate real journalists or experts in order to make initial contact with their targets.

A newly documented phishing campaign demonstrates how timely themes can be impactful in creating a successful attack that gets the recipient to engage with malicious content. As we approach this year’s deadline for filing taxes in the U.S. for 2022, security researchers from Malwarebytes have provided details of an IRS-themed phishing email received by their very own Senior Director of Threat Intelligence.

A new public service announcement focuses on a specific form of BEC attack using little more than a spoofed domain and common vendor payment practices to steal hardware, supplies and more. When I talk about BEC attacks, it’s usually a digital fraud type of attack where legitimate funds being paid to a vendor are diverted to an attacker-controlled bank account by means of the attacker using a spoofed domain or via email compromise.

A risk register is a tool used to manage potential problems or risks within an organization. It helps to identify and prioritize risks, their likelihood of occurrence, and provides ways to mitigate them. Risk registers allow you to play offense and defense – you’re proactively planning for potential challenges and minimizing their impact on your project’s success in the event that the roadmap does veer off course.

In today’s digital age, online security has become a major concern for businesses of all sizes. With the increasing number of cyber-attacks and data breaches, it is crucial that organizations take measures to protect their sensitive information from falling into the wrong hands. This is where SSL/TLS certificates come in handy as they provide encryption and authentication to ensure secure communication between servers and clients.

Most SSE solutions can support moving branch security to the cloud. But only a few can securely cloudify the datacenter firewall. This is because datacenter firewalls don’t just address the need for secure Internet access, which is the main SSE capability. Rather, these firewalls are also used for securing WAN access, datacenter LAN segmentation and ensuring reliability and high availability to network traffic.

Imagine this: you’re a developer working on a critical software application that thousands of people use daily. You’ve spent countless hours writing and testing code and are proud of what you’ve created. But as the application grows more complex and new features are added, you worry about potential security risks. How can you be sure that every component and dependency is secure and up-to-date? It’s a daunting task that can keep you up at night.