Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Vulnerability management has been a key part of how companies protect their digital assets and has helped cybersecurity evolve. In the last few decades, vulnerability management has changed from simple patch management to complex, multi-layered plans meant to act upon cyber threats that are getting smarter all the time. In the early days of cybersecurity, people only took action after security was breached instead of trying to stop them.

Phishing-as-a-Service (PaaS) platforms have become the go-to tool for cybercriminals, to launch sophisticated phishing campaigns targeting the general public and businesses, especially in the financial services sector. PaaS operates much like other subscription-based malware models, where cybercriminals offer phishing kits, including spam tools, phishing pages’ templates, bulletproof servers, and victim databases to less-experienced attackers.

Several new vendors entering the privileged access management (PAM) market are boldly claiming they can – or will soon be able to – provide access with zero standing privileges (ZSP). In reality, these lofty vendor claims likely ignore the limited use cases of their own technology. This betrays a fundamental misunderstanding of PAM – the most challenging problem in cybersecurity.

Amid the numerous instruments that have augmented our digital communication and commerce experiences over time, email remains a staple for everything, from confirming purchases to life-changing events like the authorization of financial aid. It comes as no surprise that email scams have been a mainstay of cyberattacks since the earliest days of online correspondence. Worse yet, their scope and sophistication have kept pace with and taken liberal advantage of general digital developments.

So, you're considering integrating the NIST CSF 2.0 (National Institute of Standards and Technology Cybersecurity Framework) into your cybersecurity practices. Congratulations! You've taken the first step toward improving your organization's cybersecurity posture. However, you may need clarification about the best approach to aligning your cybersecurity practices with the NIST CSF.

New analysis of attacks on the financial sector shows that the combination of phishing emails and compromised credentials is a recurring — and financially impactful — threat. According to IBM, financial services is the second most expensive sector with an average cost of a data breach at $6.1 million.

Since the beginning of computers, social engineering has been the number one way that computers and networks have been compromised. Social engineering is involved in 70% to 90% of all successful data breaches. Nothing else is even close (unpatched software and firmware are involved in 33% of successful attacks, everything else is 1% or less).

Analysis of typosquatting and brand impersonation activity across 500 of the most visited domains provides insight in to how these techniques come together to effectively deceive. From February 2024 to July 2024, Zscaler’s ThreatLabz tracked more than 30,000 lookalike domains that impersonated some of the world’s most well-known brands.

Artificial Intelligence (AI) plays a critical role in modern data handling. AI processes vast amounts of data, from personal information to business analytics, at unprecedented speeds. This raises serious concerns about AI and data protection. With AI’s growing capabilities, ensuring the security of personal data is essential. The AI Act aims to regulate AI systems, focusing on responsible data usage. It introduces rules that safeguard user data, complementing existing regulations like GDPR.