Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

New data focused on the first half of the year shows some anomalies. Phishing attacks are slowing down… that is, until you dive into the details. I can’t remember the last time I posted a headline stating that phishing numbers were down; that’s because we haven’t seen this trend occur in a number of years. But new data from Vade Secure’s H1 2023 Phishing and Malware Report shows an interesting outlier that skews a high-level view of the data.

Amid potential concerns by governments, customers, and prospects about ties with the Russian government, the cybersecurity vendor Group-IB continues in its promise to separate itself from Russia. You can understand how an organization may look at a Russia-based company these days; it’s not the fault of the Russian company, but of the negative posture many feel towards the Russian government.

Fraudsters are spreading scams on Facebook that pose as ads for legitimate AI tools, according to researchers at Check Point. The Facebook pages impersonate ChatGPT, Google Bard, Midjourney, Jasper, and more.

How many security products does it take to monitor an organization? Even a small company often finds itself working with multiple monitoring tools to gain visibility into its security posture. This creates multiple blind spots, as a security analyst needs to jump between different tools with different formats and configurations to research a security incident. Adding to this problem is that the reporting from each tool usually differs, making the creation of a uniform report a chore.

New rules requiring publicly-listed firms to disclose serious cybersecurity incidents within four days have been adopted by the US Securities and Exchange Commission (SEC). The tough new rules, although undoubtedly well-intentioned, are likely to leave some firms angry that they are being "micromanaged" and - it is argued - could even assist attackers.

Microsoft is a large tech company based in the United States with operations in many other parts of the world. The organization is best known for its computer operating systems and its Microsoft 365 suite of business applications. The company employs more than 220,000 individuals and is involved in the management of countless businesses around the world.

The challenges companies face regarding private and professional data protection are more important today than ever. In the modern enterprise, cloud computing and the use of cloud-native architectures enable unmatched performance, flexibility, velocity, and innovation. However, as digitalization pushes applications and services to the cloud, cyber criminals’ intrusion techniques have become increasingly sophisticated.

SafeBreach recently held its second annual Validate Summit at The Star in Frisco, Texas, where SafeBreach customers, cybersecurity experts, and influencers explored how enterprises can stay ahead of risk and safeguard their critical business assets from inevitable cyberattacks by implementing proactive security practices. One hot topic was communicating security risk to the board.

Let’s face it, the tech world is a whirlwind of constant evolution. AI is no longer just a fancy add-on; it’s shaking things up and becoming part and parcel of various industries, not least software development. One such tech marvel that’s stealthily carving out a significant role in our software supply chain is OpenAI’s impressive language model – ChatGPT.

In an ideal world, security incidents result in minimal damage, and we can learn from them to improve our future defenses. Fortunately, such appears to be the case with JumpCloud. According to JumpCloud’s blog post, its recent security incident impacted fewer than 5 JumpCloud customers and fewer than 10 devices. Moreover, working together with their incident response (IR) partner Crowdstrike (also a Salt Security partner), JumpCloud has mitigated the attack vector used by the threat actor.