Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In a concerning development, hackers are leveraging a Python clone of Microsoft’s iconic Minesweeper game to target financial organizations across Europe and the United States. This novel approach involves concealing malicious scripts within the game code, posing a significant challenge to enterprise risk management and endpoint security. As organizations grapple with these evolving threats, Foresiet remains steadfast in its commitment to providing cutting-edge cybersecurity solutions.

An increasing number of phishing campaigns from several threat groups are being tracked as they leverage legitimate Cloudflare services as part of account compromise attacks. Security analysts at Netskope take an expository look at the misuse of Cloudflare services for the purpose of enabling phishing attacks that leverage HTML Smuggling and Transparent Phishing tactics. We’ve seen HTML Smuggling attacks for several years, including its continued use this year.

In today's digital landscape, data security is more crucial than ever. Recently, Snowflake, a leading cloud data platform, has observed a significant uptick in cyber threat activity targeting some of its customers' accounts. This development has prompted an in-depth investigation to understand and mitigate these risks.

On May 28, 2024, Check Point released an advisory for CVE-2024-24919, a high priority bug which according to NIST NVD is categorized as “Exposure of Sensitive Information to an Unauthorized Actor”. The NVD has yet to assess a CVSS score for CVE-2024-24919 as of this writing. This vulnerability affects Check Point Security Gateway devices connected to the internet and configured with either IP-Sec VPN or Mobile Access software blades.

A major botnet operation that controlled an estimated 19 million IP addresses and was responsible for $99 million in illegal gains was shut down this week, and an international law enforcement operation arrested its primary operator. Botnet operations may not be as top of mind as ransomware, but these attacks are still responsible for millions in losses and pose a massive threat to businesses and consumers.

Pressure is increasing on manufacturers to monitor their shop floors for malicious activity to avoid creating major disruptions in the supply chain. One key security defensive tool for monitoring network-connected devices in a manufacturing environment is Operational Technology Security or just OT. Let’s look at what OT is and how it can detect malicious activity.

Your email is a goldmine for cybercriminals because of the extensive amount of information an attacker can gain from it, making it important to protect your email from unauthorized access. To prevent scammers from accessing your email, you should use a passkey to log in (if available), enable MFA and have an email recovery option set up. Continue reading to learn the importance of protecting your email and the steps you should be taking to protect your email account.

In the age of software subscriptions, it is expected for over the air updates and bug fixes to happen instantaneously. To fix bugs and improve the user experience the software must be able to contact the creator to inform them of what is in need of optimization.

Many organizations struggle with handling BYOD and mobile devices. Permitting those devices to access resources poses a larger challenge for governance, risk, and compliance (GRC). Questions of how to deploy approved apps and updates remain unresolved. It’s an even greater struggle when legacy Active Directory infrastructure is added to the mix. The temptation to piece together a strategy with point solutions can be met with resistance from IT directors who favor consolidation.

Cyber attacks often begin with reconnaissance. Before they launch an attack, threat actors poke and prod at an organization’s defenses, looking for vulnerabilities. If you’ve invested in robust cybersecurity solutions, you may feel you’re protected against that threat. But what if your attackers don’t target your corporate network? What if, instead, they target your employees? And what if your employees don’t even know they’re being targeted?