Social engineering has long been a popular tactic among cybercriminals. Relying exclusively on information security tools does not guarantee the safety of an IT infrastructure these days. It is critically important to enhance the knowledge of employees regarding information security threats. Specifically, there is often a pressing need to educate employees about phishing. But how could phishing awareness training go wrong, and what can be done about it?

Have you ever wondered why PIN pads at grocery stores often have a protective shield surrounding the buttons? It’s to prevent an attack called “shoulder surfing.” Shoulder surfing is a method of information theft in which the perpetrator watches the victim from nearby to see any information they type or view on their screens. Keep reading to learn why shoulder surfing is a threat to cybersecurity and how to protect your private information from this form of attack.

On July 26, 2023, the U.S. Securities and Exchange Commission (SEC) voted to adopt new cybersecurity requirements for publicly traded companies, creating new obligations for reporting “material” cybersecurity incidents and requiring more detailed disclosure of cybersecurity risk management, expertise, and governance. Companies will be required to disclose risks in their annual reports beginning on December 15, 2023.

If you’ve been following our series on the PEAK threat hunting framework, you might already know that the purpose of threat hunting isn’t just to find security incidents your automated detection systems missed. Finding incidents is more like a helpful side effect. The real reason to hunt is to drive improvement to your security posture over time.

HTTP Strict Transport Security (HSTS) plays an important role in web security — ensuring secure communication between websites and the web browsers of users. Read on to learn about the importance of HSTS, key features such as HSTS preloading, the threats that HSTS can mitigate, and some of the limitations of the protocol.

Bots have become integral to our lives, offering many benefits across various industries. Of all these bots, there are good bots, bots for telling dad jokes and (significantly less cool) bots focused on distributing malware. Understanding the types of bots out there should help you harness the power of good bots while helping you identify bots to avoid. This article will explore all types of bots, empowering you to make informed decisions and reap the rewards while keeping risks at bay.

For nearly a decade, Egnyte has been applying AI to help customers protect and manage large volumes of unstructured data. The outputs of these models were historically focused on a relatively narrow set of IT security, privacy, and compliance applications. Today, we’re announcing the next generation of AI-powered solutions at Egnyte, unleashing content intelligence for every user on our platform!

We recently shared that we’ll soon be rolling out a privacy-preserving telemetry system that will help us improve 1Password by leveraging aggregated, de-identified usage data. Here we’ll share technical details about how this system works and the steps we’ve taken to protect customer privacy while engaging with the resulting data.

Since the fallout of Conti ransomware in mid-2022, Conti-affiliated threat actors have splintered off and developed or joined other ransomware groups to continue extorting victim organizations. Due to Conti’s source code being leaked, attribution back to the Conti ransomware group via code overlap is much more difficult. However, leveraging blockchain analysis, we can begin to discern what ransomware groups Conti-affiliated threat actors have worked with; one such group is Akira.