Today, when threats are coming from a variety of places, not just one or a few, it becomes much harder to prepare for attacks and know what to patch or otherwise remediate because there is a lot more to address.
Despite years of public shaming by security professionals, some SaaS vendors only offer Single Sign-On (SSO) in high-end “enterprise” product tiers. By withholding this capability from smaller organizations, they put customers’ security at risk.
A clever phishing campaign aimed at stealing users’ business email account credentials by impersonating OpenAI, the company behind the ChatGPT chatbot, has been spotted by Inky researchers.
While investigating attacks targeting a government entity in the UAE, Fortinet researchers also discovered an implant on Microsoft Exchange servers which was a novel web shell, dubbed ExchangeLeech, due to its unique ability to harvest credentials.
FortiGuard Labs came across an ongoing threat campaign targeting YouTube users searching for pirated software earlier this month. Videos advertising downloads of pirated software are uploaded by verified YouTube channels with large subscriber counts.
While there are no reported instances of Slack messages being weaponized, the trove of communications the platform collects from clients ranging from government agencies to activists has made user communications a target of both lawsuits and hackers.
A Brazilian hacking crew targeted users of over 30 Portuguese financial institutions earlier this year in a campaign that provides the latest example of financially motivated hackers in Brazil hitting foreign targets, according to SentinelLabs.
While the group doesn’t develop its own ransomware, it does utilize what appears to be one custom-developed tool, an information stealer designed to search for and archive specified file types.
“The use of a new ransomware, written in C++, is noteworthy, as it demonstrates the group’s expanding capabilities and ongoing effort in developing new tools,” Check Point researchers Marc Salinas Fernandez and Jiri Vinopal said.
Preparing a security vision and garnering support from other departments in the company requires cross-functional collaboration, and a compelling business case for security investment is critical for a security department’s success.