Dallas Mavericks owner and well-known investor Mark Cuban reportedly lost nearly $900,000 in a phishing attack targeting his MetaMask cryptocurrency wallet. The incident was first flagged by crypto investigator WazzCrypto, who observed unusual transactions linked to a wallet associated with Cuban. This particular wallet had been dormant for about six months before all its funds were suddenly moved.

The digitalization wave is the latest focus for enterprise IT modernization. While it offers enormous opportunities it also creates great challenges. As organizations hasten to digitalize, they often neglect sufficient cybersecurity leaving them vulnerable to cyberattacks and data theft. According to the latest IBM report, the global average cost of a data breach in 2023 was $4.45 million. Every day adversaries launch malicious attacks on business infrastructures to disrupt or obtain sensitive data.

Welcome to the 9th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API8:2023 Security Misconfiguration. In this series we are taking an in-depth look at each category – the details, the impact and what you can do about it.

Today’s uncertain economy has presented an array of problems to organizations of every size and across all industries. In the world of tech titans alone, 70,000 jobs have been lost over the past year. It’s safe to say that businesses have laid off and lost talented and experienced professionals from their rosters. We feel losing talent more acutely in cybersecurity and privacy as risk of cyberattacks and breaches may cost the global economy $10.5 trillion annually by 2025.

Storing your bank passwords in a password manager is the safest way to store them without putting them at risk of becoming compromised. When targeting online accounts, cybercriminals often target those that are most valuable, which includes your bank accounts. Securing your bank accounts with strong passwords is crucial to preventing bad actors from accessing them.

Out of the over 350 brands regularly impersonated in phishing attacks, Microsoft continues to stand out because they provide attackers with one unique advantage over other brands. The whole idea behind impersonation is to establish the illusion of legitimacy for a phishing email. This lowers the “defenses” of the email recipient, allowing social engineering tactics to take effect and to get the victim to interact with the email.

Establishing urgency through a false need to “upgrade” or lose services, this new attack takes advantage of the widespread use of the popular accounting app to attract victims. Impersonation in phishing attacks only works if the target has an established rapport or relationship with the sender.

The United States FBI, NSA, and CISA have released a joint report outlining the various social engineering threats posed by deepfakes. “Threats from synthetic media, such as deepfakes, present a growing challenge for all users of modern technology and communications, including National Security Systems (NSS), the Department of Defense (DoD), the Defense Industrial Base (DIB), and national critical infrastructure owners and operators,” the report says.

A malwareless and linkless phishing attack uses sextortion and the threat of legal action to get the attention of potential victims and get them to respond. Usually, the intent of a phishing attack is evident. For example, if the attack is pretending to be Microsoft and sends you to a spoofed login page, the whole point of the attack is to harvest the victim’s Microsoft 365 credentials.