Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The massive uptick in business email compromise (BEC) is considered one of the costliest attack types, requiring organizations to put employees on notice to stay vigilant. The latest research from the FBI puts the average cost of BEC attacks at around $125,000. What makes them so dangerous is that they largely rely on text-only emails using social engineering to trick those with finance responsibilities into parting with the money they control.

In 2022, a German security researcher disclosed that he had gained remote control of over 25 electric vehicles. In doing so, he was able to access numerous onboard features of these vehicles such as querying the vehicle location, disabling security features, unlocking doors, and starting the engine. The security flaw that allowed this break was not with the vehicle’s system itself, but presented by an open source companion application.

Safeguarding an organization’s virtual realms has never been more important. Today, connectivity and data are the new currency. Yet, as technology advances, so do the malicious actors and their methods, constantly devising more unique and covert ways to breach defenses. Herein lies the role of detection engineering. Acting as the digital watchtower for organizations, detection engineering responds to known threats and continuously scans the horizon for the slightest hint of a potential breach.

New assets, vulnerabilities, and even human errors like server misconfigurations make a continuously updated overview non-negotiable. AppSec and ProdSec teams must take action on newly discovered vulnerabilities and policy breaches quickly and efficiently. Prioritizing which vulnerabilities and risks to remediate first and having this information all in one place will help security teams get the latest insights about their attack surface immediately.

Kroll has observed an uptick in cases of DARKGATE malware being delivered through Microsoft Teams messages. These campaigns have mainly targeted organizations in the transportation and hospitality sectors. This activity has also been reported throughout open-source reporting, sharing a number of key indicators with Kroll observations, such as common filenames, adversary infrastructure and similar domain name conventions to host the initial download.

In my role as an Inside Solutions Architect at 11:11 Systems, my objective is to match 11:11 Systems range of solutions to meet customer’s data protection needs, from simple off-site BaaS to fully managed DRaaS solutions. That objective is easier to achieve when customers come to the table with an effective and reliable recovery plan. So how do you make an effective and reliable recovery plan? Here are a couple of key consideration points when constructing your recovery plan.

Earlier this year, we introduced the LimaCharlie SecOps Cloud Platform (SCP). The SCP is a unified platform for modern cybersecurity operations. Similar to what the public cloud did for IT, the SCP offers security teams core cybersecurity capabilities and infrastructure: on-demand, pay-per-use, and API-first. In short, the SCP is a new paradigm for cybersecurity. It’s a game-changer for enterprise security teams and cybersecurity solutions builders.

Back to school is a great time to remember basic cybersecurity best practices to protect you and your family. These won’t surprise anyone who’s been parenting for the last few years, but what might surprise you is how fast things are changing, which can increase your risk of giving access to cyber criminals. That is mostly around all the applications, and even micro-applications, that most frequently provide the lowest levels of security.

Penetration testing is a pivotal strategy amongst various security methodologies, aimed at bolstering an organisation’s digital environment. Commonly known as “pen testing” or “ethical hacking”, this type of test represents a structured and regulated method for assessing the security integrity of a company’s digital ecosystem.

Composing song lyrics, writing code, securing networks — sometimes it seems like AI can do it all. And with the rise of LLM-based engines like ChatGPT and Google Bard, what once seemed like science fiction is now accessible to anyone with an internet connection. These AI advancements are top-of-mind for most businesses and bring up a lot of questions.