Most social engineering scams search out their potential victims, often sending emails to known email addresses, sending chat messages to them or calling known phone numbers. The attackers take an active role in seeking out and making contact with their victims.
On March 15th, 2023, a new feature released from Microsoft enabled organizations with a paid subscription to Microsoft 365 for business, Microsoft Dynamics CRM Online, Enterprise Mobility Suite, or other Microsoft services, to add company branding to their Microsoft 365 sign-in page via Azure Active Directory. This update is often recommended to improve both user experience and security by providing assurance the individual is logging in via the legitimate page for their company.
In today's world, cybercriminals are learning to harness the power of AI. Cybersecurity professionals must be prepared for the current threats of zero days, insider threats, and supply chain, but now add in Artificial Intelligence (AI), specifically Generative AI. AI can revolutionize industries, but cybersecurity leaders and practitioners should be mindful of its capabilities and ensure it is used effectively.
Most organizations are still using weak forms of multi-factor authentication (MFA), a survey by Nok Nok has found. These forms of MFA can be bypassed if an employee falls for a social engineering attack. “72% of organizations still use phishable MFA factors for their customer-facing applications,” the researchers write. “The cost and risk of lost or stolen data, business, and funds from compromised accounts is motivating organizations to make MFA mandatory for their customers.
Your business is at high risk if you have no security measures. A cyber attack can cause devastating financial damage to your business, including legal liabilities. Cyberattacks can result in lasting adverse repercussions on the reputation of your network security, as clients and customers can lose faith in your business if their personal data gets leaked.
Researchers at SafeBreach Labs have recently discovered several novel attack methods which can circumvent common security controls and execute some jaw-dropping malicious actions including: SafeBreach threat researchers have successfully executed and verified each of these attack methods, however none have been used in the wild at this point.