Greetings, digital guardians. Today, we’ll be diving into the wonderful world of External Attack Surface Management (EASM) platforms. As the sun rises on another day in your cyber kingdom, you may find yourself wondering whether your EASM platform is really up to the task of protecting it. In this article, we’ll be your guiding light in the dark alleys of EASM uncertainty.

Thanks to EV Code Signing Certificates, a software application can be downloaded and installed with high trust. These certifications offer the highest assurance signal that the product hasn’t been tampered with by removing any potential warning indicators that customers may perceive. This promotes credibility and confidence in the software development industry. For the code signing certificate to be granted, the identity of the publisher and the software publisher must be strongly validated.

Researchers at Group-IB have found an extensive campaign in which criminal operators have created a large number of fake Facebook profiles that repost messages in which the scammers misrepresent themselves as tech support personnel from Meta (Facebook’s corporate parent). Researchers discovered some 3200 bogus profiles in twenty-three languages. By far most of the profiles were created in English, more than 90%, followed by Mongolian (2.5%), Arabic (2.3%), Italian (0.8%), and Khmer (0.6%).

This piece was originally published on Fortra’s AlertLogic.com Blog.

The boon of online business and credit card transactions in the early 90s and 2000s resulted in an increasing trend of online payment fraud. Since then, securing business and online card transactions has been a growing concern for all business and payment card companies. The increasing cases of high-profile data breaches and losses from online fraud emphasized the need for urgent measures and a standardized approach to address the issue.

Active Directory (AD) security groups enable administrators to grant access to IT resources, both within a domain and across domains. However, groups can be members of other groups. This group nesting has profound implications for security, so it’s vital to understand nesting and how to nest groups correctly. This article explains how group nesting works and the best practices to follow.

In recent years, several major cyberattacks targeted critical infrastructure in Australia, including a major telecommunication company, which suffered a devastating data breach in September 2022. Soon after this cyberattack, Australia’s biggest health insurer also faced a ransomware attack in October 2022 that caused systems to go down. Customers could not access services through the company’s website or app.

Threat hunting has become an increasingly important aspect of cybersecurity, as organizations strive to identify and mitigate security incidents that automated systems may have missed. Yes, the definition of threat hunting can vary, and it generally involves a combination of manual and machine-assisted processes driven by human curiosity and pattern recognition.

As cyber threats continue to evolve and the attack surface continues to expand, the risk of a breach becomes a matter of if not when. With migration to the cloud accelerating along with a shift to hybrid work and a surge of new IoT devices at play in every industry, it’s time for organizations to shift the way they view cybersecurity. It is no longer enough to play defense, hoping you can thwart an attack and contain the damage when it comes.