Over the past year, BlueVoyant’s cyber threat analysts have identified a significant rise in third-party phishing tactics, most notably with a campaign impersonating the Zelle digital payment service. By mimicking a well-known payment site like Zelle, threat actors can evade detection more effectively while collecting credentials and personally identifiable information (PII) from online users of hundreds of financial institutions.

You trust us with your most important workflows, and we take that trust seriously. In developing AI in Tines, we’ve been laser-focused on helping users leverage AI without exposing their organizations to security and privacy risks. But we also spoke with so many teams struggling to fully realize AI's potential impact. They wanted AI to do more, while still preserving those all-important security and privacy guardrails.

This is the second in a series of articles about cloud-based attack vectors. Check out our last article about admin takeovers! Inside the Cloud: Attacks & Prevention – Administrative Account Compromise Ransomware has long been associated with takeovers of endpoints. However, attackers are evolving to target cloud environments – and the effects can be devastating.

Emansrepo Stealer spreads via email, Palo Alto sheds light on top-level domains, and Earth Lusca deploys a new multiplatform backdoor.

Consider the case of a malicious actor attempting to inject, scrape, harvest, or exfiltrate data via an API. Such malicious activities are often characterized by the particular order in which the actor initiates requests to API endpoints. Moreover, the malicious activity is often not readily detectable using volumetric techniques alone, because the actor may intentionally execute API requests slowly, in an attempt to thwart volumetric abuse protection.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! Might want to patch that Acrobat Reader then…

Developers of plugins and themes for WordPress.org have been told they are required to enable two-factor authentication (2FA) from October 1st. The move is intended to enhance security, helping prevent hackers from gaining access to accounts through which malicious code could be injected into code used by millions of websites running the self-hosted version of WordPress.