Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A new phishing scam is leveraging trusted aspects of ecommerce to make their scams look legitimate. Perception Point has spotted a new level of credibility used by phishing scammers in which fake payment pages include the use of legitimate support chat. Spoofed payment pages resembling marketplace, like Etsy and Upwork, ask business owners to “claim” payments for products or services sold.

As expected, threat actors are taking advantage of the global IT outage caused by a faulty CrowdStrike update last Friday, SC Media reports. We've been covering this story and it looks like the campaigns have only continued.

The cybersecurity threat landscape is constantly evolving, requiring organizations to regularly evaluate their security stack to ensure it not only offers the highest level of protection, but is operated by a firm with a long track record of developing, implementing, and properly maintaining the highest quality security tools.

You’ve worked tirelessly to build your business, carefully assembling a team you trust. However, even the most successful companies face an unsettling reality—the risk and the impact of employee fraud. Occupational fraud costs businesses up to 5% of annual revenue, with $3.1B lost to fraud in 2024. Here, we discuss practical strategies for detecting and preventing employee fraud. We look at various types of fraud, red flags to watch for, and prevention tactics to protect your business.

Elastic Security has exceptionally powerful capabilities that surpass those of smaller vendors Elastic Security has achieved remarkable results in the recent AV-Comparatives Business Security Test, ranking in the top five with other notable security vendors. Elastic Security was identified as being in the larger end of the market and offers exceptionally powerful tools with capabilities that surpass those of smaller packages.

Technological advances in how we create and consume media have repeatedly transformed how election campaigns are fought: social media, TV and radio were all revolutions in their times.There have always been concerns about the impact these new technologies would have on democracy: the Milwaukee Journal worried following the first televised presidential debate, in 1960, that “American Presidential campaigning will never be the same again.” Perhaps they were right…

As organizations continue to look for consolidated platforms to address their security needs, an important shift has happened. Customers have discovered that traditional tools focusing exclusively on static risks (such as misconfigurations, policy/control failures, and network exposure) are not enough to address today’s dynamic cloud threats.

Phishers are in the business of deception. They trick unsuspecting individuals into compromising sensitive data, potentially bringing an entire organization to its knees. Awareness training for employees is one of the most important tools a company can use in its anti-phishing strategy. However, it also has its downsides. Some of these flaws can, and should be fixed. Others leave no choice but to complement training with additional anti-phishing tools.

Tl;dr: The Shadow IT report, conducted in late 2023, shows that 47% of companies allow employees to access their resources on unmanaged devices, authenticating via credentials alone.

Breaking into an organisation’s IT infra doesn’t always require complex methods. Hackers often exploit normal applications and API functions in unexpected ways to access sensitive data. For example, the 2019 Venmo breach involved the exploitation of an open API to scrape millions of payment records. A design oversight in the API allowed attackers to exploit its normal functions in an unintended manner—scraping payment records without proper authorization.