In a rapidly evolving cybersecurity landscape, organizations across all industries and sizes face an ever-growing array of sophisticated threats. Privileged accounts, in particular, have become prime targets for hackers, with nearly every major breach in recent years involving unauthorized access. Breaches caused by phishing and compromised credentials (the most common type of attack) cost an average of $4.76M and take almost 11 months to resolve.

Business email compromise (BEC) attacks surged by 246% last year, according to researchers at ReliaQuest.The researchers believe the increase is due to widely available phishing kits that facilitate BEC.

With QR-code phishing attacks on the rise, new data sheds light on just how unprepared organizations actually are in stopping and detecting these device-shifting attacks. One of the challenges with attacks is that we rely on security solutions to look for indicators of malicious intent. Content within an email, where a link points to, and the insides of an attachment can indicate potential foul play.

As the adoption of generative AI (GenAI) accelerates across enterprises, one of the most promising applications emerges in customer support. GenAI enables automated responses, allowing businesses to engage in natural conversations with customers and provide real-time chat support. However, this convenience comes with inherent risks, particularly concerning data privacy.

The modern enterprise relies on hundreds of SaaS apps, email services, generative AI (GenAI) tools, custom apps, and LLMs, which often contain sensitive data. For too long, security teams have been forced to patch together point solutions for coverage across these channels, increasing their workloads and creating opportunities for sensitive data to slip through the cracks. This is precisely where Nightfall’s single-pane-of-glass solution comes into play: With Nightfall Sensitive Data Protection.

An affiliate of the LockBit ransomware gang has been sentenced to almost four years in jail after earlier pleading guilty to charges of cyber extortion and weapons charges. 34-year-old Mikhail Vasiliev, who has dual Russian and Canadian nationality, was arrested in 2022 as part of a multinational law enforcement investigation into LockBit that started in March 2020.

It is impressive how explosively the cloud security market has embraced detection and response in recent months. The industry, including both users and vendors, is rapidly acknowledging the complexity of modern cloud attacks. Facilitated by automation and APIs, attacks cannot be effectively countered with traditional solutions that lack context of cloud environments or focus solely on posture.

In the fast-paced realm of digital connectivity, the effective management of internet bandwidth is pivotal for ensuring business continuity through seamless access to business-critical applications. Network administrators often grapple with the constant challenge of prioritizing business critical applications during network contention, a challenge exacerbated by the prevalence of high-bandwidth-consuming non-business web applications.

While grandma’s stuffing might be the best part of your holiday turkey dinner, credential stuffing attacks can be the worst part of being the person responsible for your company’s security monitoring. Your IT environment likely consists of all the ingredients attackers need to deploy an attack successfully.

Since the discovery of CRIME, BREACH, TIME, LUCKY-13 etc., length-based side-channel attacks have been considered practical. Even though packets were encrypted, attackers were able to infer information about the underlying plaintext by analyzing metadata like the packet length or timing information. Cloudflare was recently contacted by a group of researchers at Ben Gurion University who wrote a paper titled “What Was Your Prompt?