Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

Zero Standing Privileges (ZSP): Vendor Myths vs. Reality

Several new vendors entering the privileged access management (PAM) market are boldly claiming they can – or will soon be able to – provide access with zero standing privileges (ZSP). In reality, these lofty vendor claims likely ignore the limited use cases of their own technology. This betrays a fundamental misunderstanding of PAM – the most challenging problem in cybersecurity.

The Latest Email Scams: Key Trends to Look Out For

Amid the numerous instruments that have augmented our digital communication and commerce experiences over time, email remains a staple for everything, from confirming purchases to life-changing events like the authorization of financial aid. It comes as no surprise that email scams have been a mainstay of cyberattacks since the earliest days of online correspondence. Worse yet, their scope and sophistication have kept pace with and taken liberal advantage of general digital developments.

Aligning Your Cybersecurity Strategy with the NIST CSF 2.0

So, you're considering integrating the NIST CSF 2.0 (National Institute of Standards and Technology Cybersecurity Framework) into your cybersecurity practices. Congratulations! You've taken the first step toward improving your organization's cybersecurity posture. However, you may need clarification about the best approach to aligning your cybersecurity practices with the NIST CSF.

Half of all Financial Services Cyber Attacks Start with a Very Costly Phish

New analysis of attacks on the financial sector shows that the combination of phishing emails and compromised credentials is a recurring — and financially impactful — threat. According to IBM, financial services is the second most expensive sector with an average cost of a data breach at $6.1 million.

Educate Your Users About Malicious SEO Poisoning Attacks

Since the beginning of computers, social engineering has been the number one way that computers and networks have been compromised. Social engineering is involved in 70% to 90% of all successful data breaches. Nothing else is even close (unpatched software and firmware are involved in 33% of successful attacks, everything else is 1% or less).

Zscaler: There are 200 Malicious Lookalike Domains for Every 1 Impersonated Brand

Analysis of typosquatting and brand impersonation activity across 500 of the most visited domains provides insight in to how these techniques come together to effectively deceive. From February 2024 to July 2024, Zscaler’s ThreatLabz tracked more than 30,000 lookalike domains that impersonated some of the world’s most well-known brands.

6 Key Principles of AI and Data Protection: How the AI Act Safeguards Your Data

Artificial Intelligence (AI) plays a critical role in modern data handling. AI processes vast amounts of data, from personal information to business analytics, at unprecedented speeds. This raises serious concerns about AI and data protection. With AI’s growing capabilities, ensuring the security of personal data is essential. The AI Act aims to regulate AI systems, focusing on responsible data usage. It introduces rules that safeguard user data, complementing existing regulations like GDPR.

Major X Accounts Hack Fizzles in Botched Crypto Scam Attempt

A wave of X account hacks has led to the rapid success of a pump-and-dump scheme for the $HACKED Solana token, with users rushing to buy in. High-profile accounts compromised in this attack include MoneyControl (1.4 million followers), People Magazine (7.8 million), and EUinmyRegion, run by the European Commission, with nearly 100,000 followers. Moreover, Computer brand Lenovo’s India division, film director Oliver Stone, Yahoo News UK, and Brazilian soccer player Neymar Jr.

Want better network visibility? Don't just go with the (net)flow

In the Black Hat Network Operations Center (NOC), the conference’s leadership team must assemble best-in-class technologies that complement each other to build and harden an enterprise-grade network in just a few days. Then, the NOC must continuously monitor and adapt the network throughout the course of the conference before dismantling it after the conference concludes.