Netskope Threat Labs is tracking a phishing campaign that mimics a FedEx package delivery as bait to steal credit card data. This type of social engineering attack is commonly found in phishing pages, emails, and other scams, where a false sense of urgency is created to urge the victim into doing an action that eventually leads to personal data theft.
After COVID, enterprise IT security got turned on its head. As the world adjusted to working from home, and continues to, IT teams worked overtime to enable remote access for millions of employees. This transition has gone smoothly for most organizations, but many security gaps still remain years later. The SolarWinds data breach is a worrying example. It shows how vulnerable organizations are to malicious activity in our changing risk environment.
Automation has revolutionized the way cybersecurity functions. Not only has it led to significant time savings, but it has also improved the consistency and accuracy of various processes. Here, we will discuss how to effectively record the time saved from automation to demonstrate its value. Tines offers great utilities to easily record the time an analyst has saved by automating manual, repetitive tasks over the course of a day, right down to the second.
The JFrog Security Research team recently discovered a new malware payload in the PyPI repository, written in C#. This is uncommon since PyPI is primarily a repository for Python packages, and its codebase consists mostly of Python code, or natively compiled libraries used by Python programs. This finding raised our concerns about the potential for cross-language malware attacks.
The risk of supply chain attacks increases as more companies rely on third-party vendors and suppliers for critical services and products. Supply chain attacks have become increasingly prominent in recent years. In 2022, for instance, supply chain attacks surpassed the number of malware-based attacks by 40%.
The Consumer Financial Protection Bureau (CFPB) is a government agency that's tasked with protecting consumers from financial institutions. The agency mostly works to prevent companies from charging outrageous fees and surcharges to customers, but it helps with monitoring how consumer data is being used by companies as well.
We’ve had occasion to write about ChatGPT’s potential for malign use in social engineering, both in the generation of phishbait at scale and as a topical theme that can appear in lures. We continue to track concerns about the new technology as they surface in the literature.
You may be hearing about password sharing more often these days as Netflix cracks down on users sharing logins with anyone outside their household. The new rule has been met with strong opposition by those who share streaming logins with friends and family. For many, password sharing has become the norm when it comes to streaming services. Password sharing refers to the act of sharing login credentials with other people so they also have access to your account.
Forensic investigators must understand how to navigate challenges to successfully uncover digital evidence in the cloud. By following best practices and utilizing the latest tools and techniques, organizations can be better prepared to investigate cyber threats and mitigate risks.
