Application programming interface (API) security is critical for retailers increasingly reliant on cloud technology. However, they also open potential gateways for cyber threats, making robust security protocols essential to protect sensitive data and maintain customer trust. The complexity of retail systems, which often involve numerous third-party integrations, can create multiple points of vulnerability.

While most end users are well-acquainted with the dangers of traditional phishing attacks, such as those delivered via email or other media, a large proportion are likely unaware that Microsoft Teams chats could be a phishing vector. Most Teams activity is intra-organizational, but Microsoft enables External Access by default, which allows members of one organization to add users outside the organization to their Teams chats.

Network segmentation, software patching, and continual threats monitoring are key cybersecurity best practices for Industrial Control Systems (ICS). Although ICSs significantly improve health and safety by automating dangerous tasks, facilitating remote monitoring and control, and activating safety protocols in the case of emergency, they’re increasingly exposed to cybersecurity threats.

In the ever-evolving cybersecurity landscape, 2023 witnessed a dramatic surge in the sophistication of cyber threats and malware. AT&T Cybersecurity Alien Labs reviewed the big events of 2023 and how malware morphed this year to try new ways to breach and wreak havoc. This year's events kept cybersecurity experts on their toes, from expanding malware variants to introducing new threat actors and attack techniques.

We’re pleased to announce the availability of the 2023 AT&T Cybersecurity Insights Report: Focus on Finance. The report examines the edge ecosystem, surveying finance IT leaders from around the world, and provides benchmarks for assessing your edge computing plans. This is the 12th edition of our vendor-neutral and forward-looking report. Last year’s focus on finance report documented how we secure the data, applications, and endpoints that rely on edge computing (get the 2022 report).

The exponential rise of ransomware attacks in recent times has become a critical concern for organizations across various industries. Ransomware, a malicious software that encrypts data and demands a ransom for its release, can wreak havoc on an organization's operations, finances, and reputation. This comprehensive guide delves into the intricate landscape of ransomware, exploring sophisticated attack vectors, common vulnerabilities, and providing detailed strategies for prevention.

Organizations face a constant challenge to balance transparency and security in today's rapidly evolving digital landscape. One emerging concept that has gained traction in recent years is the practice of "self-doxxing." This seemingly counterintuitive term refers to the deliberate and controlled sharing of an organization's information, often sensitive, to enhance transparency, accountability, and trust.

This is part three of a three-part series written by AT&T Cybersecurity evangelist Theresa Lanowitz. It’s intended to be future-looking, provocative, and encourage discussion. The author wants to assure you that no generative AI was used in any part of this blog.

With the democratization of computing comes attack surface expansion. According to Gartner, 91% of businesses are engaged in some form of digital initiative, and 87% of senior business leaders say digitalization is a priority. 89% of all companies have already adopted a digital-first business strategy or are planning to do so.

Do you recall how tentatively and maybe naively we approached the year 2000, otherwise known as Y2K? We stressed over two bytes in COBOL programs and regression tested every line of code to ensure our systems were ready to go at midnight on January 1, 2000. The clock struck 12, and the world breathed a collective sigh of relief – we survived the predicted digital disaster.

Artificial intelligence (AI) has seamlessly woven itself into the fabric of our digital landscape, revolutionizing industries from healthcare to finance. As AI applications proliferate, the shadow of privacy concerns looms large. The convergence of AI and privacy gives rise to a complex interplay where innovative technologies and individual privacy rights collide.

BlackCat is and has been one of the more prolific malware strains in recent years. Believed to be the successor of REvil, which has links to operators in Russia, it first was observed in the wild back in 2021, according to researchers. BlackCat is written in the Rust language, which offers better performance and efficiencies than other languages previously used. BlackCat is indiscriminate in how it targets its victims, which range from healthcare to entertainment industries.

In the ever-evolving landscape of cybersecurity threats, social engineering remains a potent and insidious method employed by cybercriminals. Unlike traditional hacking techniques that exploit software vulnerabilities, social engineering manipulates human psychology to gain unauthorized access to sensitive information.

In the current cyber landscape, adversaries commonly employ phishing as the leading technique to compromise enterprise security. The susceptibility of human behavior makes individuals the weakest link in the security chain. Consequently, there is an urgent need for robust cybersecurity measures. Phishing, which capitalizes on exploiting human behavior and vulnerabilities, remains the adversary's top choice. To counter this threat effectively, ongoing education and awareness initiatives are essential.

In addition to the overt signs of cyber threats we've become conditioned to recognize, like ransomware emails and strange login requests, malicious actors are now utilizing another way to achieve their nefarious purposes — by using your everyday devices. These hidden dangers are known as botnets. Unbeknownst to most, our everyday devices, from toasters to smart fridges, can unwittingly be enlisted as footsoldiers in a digital army with the potential to bring down even corporate giants.

AT&T Alien Labs has identified a campaign to deliver AsyncRAT onto unsuspecting victim systems. During at least 11 months, this threat actor has been working on delivering the RAT through an initial JavaScript file, embedded in a phishing page. After more than 300 samples and over 100 domains later, the threat actor is persistent in their intentions.

Virtual reality (VR) and augmented reality (AR) technologies capture everyone’s imagination with use cases and an unlimited potential for future implementations. While these concepts have been around for decades, they continue to be buzzwords with a fascinating flavor of science fiction. The truth is that the VR and AR combination is close to mainstream adoption these days, with plenty of examples of successful projects creating ripples in ecommerce, entertainment, and many other industries.

In era of digital devices, where the specter of data breaches and cyber threats looms large, the role of ethical hackers, colloquially known as white hat hackers, has become paramount. This article embarks on an in-depth journey into the realm of ethical hacking, illuminating its profound significance in identifying vulnerabilities and fortifying the intricate tapestry of overall cybersecurity.

A week before my 15th birthday in September 2023, and quite coincidentally in time for my favorite phone's 15th iteration (cough cough, parents, hint hint), AT&T along with AST-Science successfully made a call. Well, in the 21st century that’s not very “Mr. Watson, come here. I want to see you.”, but this call was on another level, or as one could say, out of this world!