Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

It’s late Friday evening and Tom (your average everyday employee) has worked diligently to meet project deadlines and follow up with customers before his much-anticipated weeklong vacation. Exhausted from burning the midnight oil and juggling multiple tasks, he’s eager to wrap up his work and enjoy a well-deserved break. As Tom completes his last remaining task, he is greeted with one final email before signing off for the week.

With the rise of hybrid work, data leakage has become a significant issue. Employees are now working from a variety of locations, including their homes, coffee shops, and even public libraries. This makes it more difficult to keep track of data moving between managed endpoints and your organization's SaaS applications or private apps. Shadow IT, the use of unauthorized or unapproved software and services by employees has always been a challenge for IT departments.

Social engineering is involved in 70% to 90% of successful compromises. It is the number one way that hackers and malware successfully attack devices and networks. No other initial root cause comes close (unpatched software and firmware are a distant second, being involved in about 33% of attacks). A particular type of social engineering is responsible for more successful compromises than any other type of attack: spear phishing.

New data focused on the first half of the year shows some anomalies. Phishing attacks are slowing down… that is, until you dive into the details. I can’t remember the last time I posted a headline stating that phishing numbers were down; that’s because we haven’t seen this trend occur in a number of years. But new data from Vade Secure’s H1 2023 Phishing and Malware Report shows an interesting outlier that skews a high-level view of the data.

Amid potential concerns by governments, customers, and prospects about ties with the Russian government, the cybersecurity vendor Group-IB continues in its promise to separate itself from Russia. You can understand how an organization may look at a Russia-based company these days; it’s not the fault of the Russian company, but of the negative posture many feel towards the Russian government.

Fraudsters are spreading scams on Facebook that pose as ads for legitimate AI tools, according to researchers at Check Point. The Facebook pages impersonate ChatGPT, Google Bard, Midjourney, Jasper, and more.

How many security products does it take to monitor an organization? Even a small company often finds itself working with multiple monitoring tools to gain visibility into its security posture. This creates multiple blind spots, as a security analyst needs to jump between different tools with different formats and configurations to research a security incident. Adding to this problem is that the reporting from each tool usually differs, making the creation of a uniform report a chore.

New rules requiring publicly-listed firms to disclose serious cybersecurity incidents within four days have been adopted by the US Securities and Exchange Commission (SEC). The tough new rules, although undoubtedly well-intentioned, are likely to leave some firms angry that they are being "micromanaged" and - it is argued - could even assist attackers.

Microsoft is a large tech company based in the United States with operations in many other parts of the world. The organization is best known for its computer operating systems and its Microsoft 365 suite of business applications. The company employs more than 220,000 individuals and is involved in the management of countless businesses around the world.