Researchers at Check Point observed more than a thousand newly registered malicious or suspicious web domains related to Amazon last month. The criminals are likely gearing up to target users during Amazon Prime Day next week. “While Prime Day offers incredible savings, it is crucial for shoppers to remain vigilant, exercise caution while clicking on links or providing sensitive information, and ensure they are navigating legitimate platforms,” the researchers write.

Analysis of the latest phishing-as-a-service (PhaaS) platform ONNX Store highlights just how successful these platforms can be. Security analysts at threat intelligence vendor Eclectic IQ have been tracking ONNX Store, noting it’s a rebranded evolution of the Caffeine PhaaS platform. According to analysis, ONNX has been used to target financial institutions, “including banks, private funding firms and credit union service providers across the EMEA and AMER regions.”

Software applications are becoming more sophisticated every day. As a result, organizations often struggle to manage the complexity and operational costs of securing them.

For many teams, managing governance, risk, and compliance (GRC) is still a very manual process. As a security leader, you might be wondering how to future-proof and scale your GRC program when so much of your team’s time is spent on collecting screenshots or copying and pasting information from one spreadsheet to another. ‍ The future of GRC management doesn’t have to be more of the same though.

In the age of generative AI, data security is a key concern for organizations to manage. In my previous blog post, I dug into how modern SSE technology helps to better secure genAI. The recently published ebook Securing GenAI for Dummies offers further clarity on strategies organizations can use when it comes to securing and enabling genAI apps. With that in mind, we’ve compiled 10 essential questions to keep in mind as you assess your data security, along with how Netskope can help address them.

GitGuardian's Lead security engineer, Kayssar Daher, shares his team's successes, challenges, and results of the past year.

For modern organizations, identity and access management (IAM) solutions serve as the frontline defense for data security. They enable accurate and efficient management of identities and their access rights to content, applications and other IT resources. Activity auditing and analytics help IT teams promptly spot threats and respond effectively to preserve security and business continuity. Moreover, adopting IAM is a key step in embracing a Zero Trust security model.

Securing non-human identities is just as critical as managing human ones in today's complex IT landscapes. Non-human identities, such as service accounts, application identities, and IoT devices, play pivotal roles in automation and system integration. Managing these identities in hybrid environments, where on-premises Active Directory (AD) integrates with cloud-based Entra ID (formerly Azure AD), presents unique challenges.

The digital world thrives on constant connectivity, making websites and online services the cornerstones of countless businesses. But these crucial platforms are constantly under siege by malicious actors. Distributed denial of service (DDoS) attacks, where attackers overwhelm an online service infrastructure with a flood of traffic, pose a significant threat, causing service disruption and downtime which results in financial losses and reputational damage.

As organizations consider their journey to establishing a strong Zero Trust culture, they must adopt a data-centric approach, and this begins with ensuring database security. Data, or more specifically, knowing your data, is at the heart of Zero Trust. This means databases must be considered critical assets with the appropriate security considerations applied.