A threat actor is abusing HubSpot’s Free Form Builder service to craft credential-harvesting phishing pages, according to Palo Alto Networks’ Unit 42. The campaign has targeted at least 20,000 users at European companies in the automotive, chemical, and industrial compound manufacturing sectors. The attacks are designed to steal credentials in order to compromise victims’ Microsoft Azure cloud services.

ESET has published its threat report for the second half of 2024, outlining a new social engineering tactic targeting mobile banking users. Threat actors are using Progressive Web Apps (PWAs) and WebAPKs to bypass mobile security measures, since these files don’t require users to grant permissions to install apps from unknown sources. “The initial phishing messages were delivered through various methods, including SMS, automated voice calls, and social media malvertising,” ESET says.

It’s easy to get you and your loved ones onboarded and set up with 1Password Families.

Google Workspace is a popular productivity suite, and its broad collection of apps (such as Gmail, Drive, Calendar, and Docs) can give attackers a central point of entry for accessing sensitive and valuable data if they compromise an account. Learning how to identify malicious activity in your Workspace environment enables you to stop threats before they become more serious. In this post, we’ll look at a few ways attackers gain access to and take advantage of Google Workspace.

Configuration management tools like Ansible, Chef, and Puppet offer various methods for handling secrets, each with inherent trade-offs. The article explores these approaches alongside modern OIDC-based solutions that enable short-lived authentication tokens for automated processes.

Welcome to the most prestigious event in the world of cyber trickery: the annual Avast Phishing Awards! Join us as we unveil the most noteworthy, side-eye-inducing, and downright dubious email headlines that made this such a year to remember.

No matter how businesses look at it, the importance of data protection and backup in IT strategies will grow in upcoming years. These aspects have become vital to every business venture and are driven by increasing cyber threats and stringent regulatory requirements. According to Gartner’s predictions, around 75% of enterprises will rely more on SaaS (Software-as-a-service) application backups. By 2028, they are expected to be a critical requirement for business ventures.

The Society for Worldwide Interbank Financial Telecommunication (SWIFT) provides secure and reliable communication networks for over 11500 connected financial institutions to facilitate cross-border payments and securities transactions.

The cloud has enabled faster, more reliable and more scalable software delivery for organizations. Alongside these improvements come greater complexity and security considerations, all of which have implications when preparing for cloud security audits. Like all security audits, cloud security audits help ensure that data is kept safe from unauthorized access and theft.

In the ever-evolving landscape of cybersecurity, the use of open-source red teaming tools has become indispensable. These tools not only raise awareness about potential vulnerabilities but also encourage security teams to think like attackers so they can begin the process of protecting their organizations against them. By simulating real-world attack scenarios, organizations can better understand their security posture and proactively address weaknesses.