Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

BlackBasta Ransomware Gang Uses New Social Engineering Tactics To Target Corporate Networks

ReliaQuest warns that the BlackBasta ransomware gang is using new social engineering tactics to obtain initial access within corporate networks. The threat actor begins by sending mass email spam campaigns targeting employees, then adding people who fall for the emails to Microsoft Teams chats with external users. These external users pose as IT support or help desk staff, and send employees Microsoft Teams messages containing malicious QR codes.

Attackers Abuse Eventbrite to Send Phishing Emails

Attackers are abusing Eventbrite’s scheduling platform to send phishing emails, according to researchers at Perception Point. These attacks increased by 900% between July and October 2024. “Perception Point researchers observed phishing emails delivered via ‘noreply@events.eventbritecom,’” the researchers write.

Why Secure Infrastructure Access Must Evolve: Insights from Teleport's 2024 Survey

89% of organizations suffered at least one security incident in the past three years, according to The 2024 State of Secure Infrastructure Access, a new survey of 250 security and engineering leaders. The rise of cloud computing, the surge of identity-based attacks, and increasing regulatory compliance concerns have forced companies to rethink how they handle security, productivity, and compliance.

What To Do if You Opened a Phishing PDF

If you think you’ve accidentally opened a phishing PDF, it’s important to immediately disconnect your device from the internet, back up your files, run a virus scan on your device and change your passwords. Typically, you can spot a phishing attempt if an email contains urgent and threatening language, too-good-to-be-true offers, spelling and grammatical errors or requests for private information.

Can Viruses Come From a PDF?

Yes, viruses can come from a PDF by hiding in malicious code. A virus is a type of malware, which is malicious software intended to infect your device and steal private data. A virus can infect your device only if you interact with it, which could happen by opening a PDF containing a virus. Since PDFs are so widely used, hackers can hide viruses within innocent-looking files to jeopardize your privacy.

Announcing the New Cloud Exchange 5.1.0 Update

This blog series continues to explore a number of different workflows that those comfortable using basic scripting, or enablement tools like Postman, can employ to programmatically update and inform your inline policy actions. These are just some of the functions that the newest version of Cloud Exchange (CE), version 5.1, supports now and in the future.

Real Estate Fraud is Running Rampant in the US

Real Estate Fraud is Running Rampant in the US Real estate is an area ripe for fraud and scams: transactions usually involve large sums of money, convoluted paperwork, and messaging back and forth. Criminals can use a wide variety of methods to intercept legitimate communications or launch their own scams in order to deceive their targets.

CMMC 2.0 Explained: What You Must Know For 2025

With the final CMMC rule published, here’s a summary of everything you need to know for your CMMC Level and when. Another step closer. After more than seven years in the making, the US Department of Defense (DoD) finalized a rule establishing the Cybersecurity Maturity Model Certification (CMMC) program and outlining how it will work. The final program rule was published in the Federal Register on 15 October and will go into effect on 16 December.

Operation Magnus: Analyzing the cybercrime community reaction

International cooperation has become crucial to disrupt the operations of malicious cybercrime actors. A prime example of this is ‘Operation Magnus’ which has showcased the effectiveness of global collaboration in tackling sophisticated threats. By dismantling their infrastructure and exposing key players, Operation Magnus not only delivered a significant blow to cybercriminals but also sent shockwaves throughout underground forums and dark web communities.

DORA Compliance Checklist: Essential Steps for Successful Implementation

DORA is an EU-based regulation that is going to be effective from January 17, 2025. It is a digital security framework that works alongside the General Data Protection Regulation (GDPR) to provide strong security protection to financial entities and ICT service providers from cybercrimes. Generally, every financial entity and ICT service provider inside or outside the EU that does business with the EU entities has to comply with DORA.