The exploitation of cloud services is a flexible weapon in the hands of attackers, so flexible that we uncover new campaigns abusing legitimate apps on a daily basis.

Data safety has become a primary issue for business organizations of any scale as they move to cloud computing. With businesses using cloud services to save and run critical information, the development of confidence encryption and essential management techniques is paramount. Several security methods have become popular; bring your own key (BYOK) is among them.

Some organizations are just beginning their migration to the cloud, while others are already firmly settled there, but almost everyone is in the cloud in some capacity by now. And for good reason: the cloud creates substantial advantages in speed, scalability, and cost. But the sobering reality is that modern threat actors have also made gains from migrating to the cloud. By weaponizing cloud automation, these threat actors can fully execute an attack in 10 minutes or less.

My hacker story occurred not too long ago at the Hong Kong office of an undisclosed multinational corporation. The hackers pulled off a first-of-its-kind scam that leveraged a phishing email as the initial attack vector followed by a deepfake video call. In this instance, there was enough information to establish a perceived authority for a finance worker who transferred a total of HK$200 million in 15 transactions to five different Hong Kong bank accounts until the scam was detected.

Small and medium-sized businesses (SMBs) increasingly rely on mobile technology to drive efficiency and stay competitive. However, the use of mobile devices introduces security risks that SMBs must address. Recognizing this, CrowdStrike Falcon for Mobile now offers iOS unmanaged support, extending robust security to devices without the cost and complexities of traditional mobile device management (MDM). Let’s take a closer look.

The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that scammers are impersonating its employees in an attempt to commit fraud. In an alert posted on the CISA website, the organisation warned that so-called impersonation scams are on the rise. An impersonation scam is any type of fraud where a criminal pretends to be a trusted individual or organisation to dupe a victim into handing over personal information or money or taking an unwise action.

A new phishing-as-a-service toolkit that leverages credential interception and anti-detection capabilities has put EU banks at severe risk of fraud. One of the growing dangers of the cyber crime economy is the phishing toolkit. Putting well-designed, expertly-coded webpages, authentication services, and obfuscation features into the hands of even a would-be cybercriminal creates havoc for the intended victim organizations.

The growing sophistication of threat actors, supply chain disruptions, and the potential for systemic and catastrophic losses make for a precarious landscape for insurers and those seeking insurance. To help customers reduce risk at scale, insurers and brokers must adopt technology in order to visualize vulnerabilities while also forecasting, quantifying, and monitoring risks.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! Didn’t take them long did it?

We are excited to announce that BDRSuite by Vembu has been named as a 2024 MSP Today Product of the Year Award winner by TMC’s MSP Today. This award showcases our commitment to delivering comprehensive and cost-effective backup and disaster recovery solutions to managed service providers (MSPs) and the channel.