The business impact of critical open source vulnerabilities such as Spring4Shell and Log4j illustrate the crucial importance of detecting remediating such vulnerabilities as fast as possible, This is particularly important for the financial technology, which handles vast volumes of sensitive financial data for investors. That was certainly the case for MSCI, who deployed Mend to speedily thwart any potential threats posed by Spring4Shell.

The industrial sector is one of the largest, most diverse and changing segments of the global economy. It is also one of the main targets for cybercriminals. Industrial sites and factories continue to transform and digitize, which means that more and more critical assets and infrastructure are being connected to the Industrial Internet of Things (IIoT). This has raised security concerns about operational technology (OT) in manufacturing, which is increasingly at risk.

Here at 1Password, we’re big fans of two-factor authentication (2FA). It adds an extra layer of protection to your online accounts, making it much harder for attackers to break into them.

The cybersecurity landscape is continuously evolving. It has led businesses to question how they are protecting themselves and their consumers from data breaches. Since 2014, the Department for Digital, Culture, Media and Sport (DCMS) has commissioned the Cybersecurity Breaches Survey of the UK to understand what protections are in place, and where the UK can improve for future security postures.

The San Francisco 49ers, confirmed a ransomware attack, Cisco was attacked by the Yanluowang ransomware gang, and Entrust was attacked by Lockbit. And that’s just a handful of ransomware accounts noted in 2022.

Some of the world’s largest tech companies, like Google and Microsoft, have embedded AI into their business productivity suites, with Microsoft going a step further and releasing AI Copilot for Power Apps, its low-code platform. This integration has raised concerns over the decision-making power granted to business users to integrate data with AI and grant access, which can be done without oversight or control from IT.

Cross-site request forgery (CSRF) attacks are a form of cyberattack from malicious websites, emails, blogs, instant messages, or applications. This type of attack tricks the user's web browser into executing an unwanted action on a secure website. Browsers typically attach session cookies when making a request to a website. Thus, it becomes difficult for the site to differentiate between legitimate requests that are authorized and forged requests that have been authenticated.

In a highly connected, internet-powered world, transactions take place online, in person, and even somewhere in between. Given the frequency of digital information exchange on our devices, including smartphones and smart home gadgets, cybersecurity has never been more important for protecting sensitive customer information. In response, the US Federal Trade Commission has rolled out updated measures to ensure that customers’ details are fully protected.

Hackers used the Telerik bug to breach a US federal agency, a suspected Chinese actor used the Fortinet zero-day along with custom malware to engage in cyberespionage, and the Tick advanced persistent threat (APT) group targeted the customers of an East Asian data loss prevention (DLP) company.

Netskope Threat Labs publishes a monthly summary blog post of the top threats we are tracking on the Netskope platform. The purpose of this post is to provide strategic, actionable intelligence on active threats against enterprise users worldwide.