A report from Darktrace has found that 62% of phishing emails in the first half of 2024 were able to bypass DMARC verification checks in order to reach users’ inboxes. “Building on the insights from the 2023 End of Year Threat Report, an analysis of malicious emails detected by Darktrace / EMAIL in 2024 underscores the implication that email threats are increasingly capable of circumventing conventional email security tools,” the report says.

CrowdStrike is aware of inaccurate reporting and false claims about the security of the Falcon sensor. This blog sets the record straight by providing customers with accurate technical information about the Falcon sensor and any claims regarding the Channel File 291 incident. CrowdStrike has provided a Technical Root Cause Analysis and executive summary that describes the bug in detail.

In recent years, almost every major cloud breach has been marked by overly permissive credentials, followed by lateral movement and privilege escalation. These vulnerabilities have allowed attackers to navigate through systems with ease, escalating their privileges to cause significant harm. It’s crucial for cloud threat responders to be aware of threats as they occur and to be able to contain these attacks swiftly and effectively.

Running tests against your security controls and other systems is a critical aspect of protecting your organization from a potential data breach and ensuring that you maintain compliance. Vanta’s platform has automated tests with continuous monitoring that run on an hourly basis against your controls as well as customized tests that you can adapt to your organization's needs.

Tectonic shifts are occurring across the cyber landscape, and organizations are increasingly turning to Microsoft as a cornerstone of their security strategy. At Trustwave, we have been at the forefront of this trend, partnering with Microsoft for years to deliver unparalleled security solutions and outcomes for our clients. Microsoft 365 E5 has become a compelling option for many organizations due to its robust suite of productivity tools and integrated security features.

The months leading up to audits can be some of the most stressful for security and privacy teams. Some audits can take up to 9 months to prepare for and another 3 months to complete, with security and privacy teams spearheading the evidence collection. Collecting evidence used to be a walk in the park, but that was before multi-cloud environments, new standards, and emerging regional privacy requirements.

Bring Your Own Device, better known as BYOD, is when employees can use their personal devices on a company’s network to complete their work tasks. Companies sometimes prefer their employees to use their own devices because they save money on providing technology and resources. Despite this financial benefit, companies should recognize the security risks BYOD can bring to their employees and organizations.

Downgrade attacks—also known as version-rollback attacks—are a type of attack designed to revert an immune, fully up-to-date software back to an older version. They allow malicious actors to expose and exploit previously fixed/patched vulnerabilities to compromise systems and gain unauthorized access.