Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

As the cybersecurity landscape continually evolves, SOCs must quickly identify, evaluate, and counteract cyberattacks. In the heat of a security investigation or incident response, achieving rapid visibility and rich contextual insights about the attack are not merely advantageous, but essential.

Recently, we observed a phishing campaign targeting the Latin American region. The phishing email contained a ZIP file attachment that when extracted reveals an HTML file that leads to a malicious file download posing as an invoice. Figure 1. Phishing email sample with zip file attachment Upon checking the email header, we see that it has an email address format that uses the domain ‘temporarylink’.

Suppose someone left their home, got in their car, and drove to the grocery store. Much like data packets that travel over Internet highways, the car will use various pathways to reach its destination; however, once the car gets to the store, a question remains: what happened between the generating point and the destination? If nothing happened, the driver (our data) traveled safely and without incident.

Privileged Access Management (PAM) protects an organization’s most critical systems and accounts from unauthorized access, making it important to have a good PAM strategy in place. Some of the best practices to develop a good PAM strategy include implementing least privilege access, monitoring privileged accounts, adopting password security best practices, requiring multi-factor authentication and auditing privileges regularly.

Ever follow an ad featuring limited-time products to a company’s web page only to find they’re selling something else entirely? Or have you added a product to a cart only to discover a laundry list of issues, from poor quality to endless fees? Bait and switch (also called “bait-and-switch” or “B&S”) is a classification of fraudulent activities that most recognize as false advertising.

January 2020 is when the Department of Defense (DoD) released the Cyber Maturity Model Certification (CMMC) framework, aimed at evaluating and strengthening the cybersecurity readiness of the Defense Industrial Base (DIB). As per the DoD’s directive, all prime contractors and subcontractors within the supply chain must undergo auditing and certification under the CMMC framework.

Top tips is a weekly column where we highlight what’s trending in the tech world today and list ways to explore these trends. This week, we’re looking at four machine learning-related risks to watch out for. Machine learning (ML) is truly mind-blowing tech. The very fact that we’ve been able to develop AI models that are capable of learning and improving over time is remarkable.

Every IT admin, regardless of the company size or employee count, shares a common fear: data breaches. The horror of discovering their organization’s data exposed on the dark web, accessible to anyone, is definitely a nightmare. So, IT admins are on the constant lookout for leading solutions that protect access to organization data and manage employee identities effectively. But where does the real challenge lie? In managing the employee identities, or their access to data?

Establishing a proactive security posture involves a data-driven approach to threat detection, investigation, and response. In the past, this was challenging because there wasn’t a centralized way to collect and analyze security data across sources, but with Amazon Security Lake it is much simpler.

The Common Vulnerability Scoring System (CVSS) is used to evaluate and communicate the technical severity of software, hardware and firmware vulnerabilities. While CVSS has been around for nearly 2 decades and now stands as an industry standard tool for scoring the severity of a vulnerability, the framework still has its limitations. To mitigate some of these challenges and improve the efficacy of the system, an updated version of CVSS was released in November 2023.