Knowing who has credentials, how those credentials are granted, and how they are being used is the foundation of any secure environment. It begins with user accounts and the credentials they use. Maintaining a thorough inventory of all accounts and verifying any changes to those accounts as authorized and intentional vs unintended is paramount to establishing a secure environment, and this includes service accounts.

Researchers at Malwarebytes are tracking a major malvertising campaign that’s abusing Google Ads to target individuals and businesses interested in advertising. The threat actors are using compromised Google Ads accounts to run ads that impersonate Google, leading victims to a fake Google login page designed to steal their credentials.

Security Operations Center (SOC) analysts have it rough. Modern security tools generate an extraordinary number of alerts, attackers are more sophisticated than ever, and IT infrastructures are unprecedentedly complex. As a result, analysts are overwhelmed with workload and alerts, making it near-impossible to make intelligent, informed decisions. Fortunately, artificial intelligence (AI) is helping to ease the strain. Let’s look at how.

The Russian threat actor “Star Blizzard” has launched a spear-phishing campaign attempting to compromise WhatsApp accounts, according to researchers at Microsoft. The operation targets individuals who are involved in providing assistance to Ukraine.

More than ever, business growth is reliant on proving security and compliance. According to Vanta’s State of Trust Report, nearly two-thirds (65%) of organizations say that customers, investors, and buyers require proof of compliance. ‍ GRC and security teams are on the frontlines managing these requests. Yet these teams are too often under-resourced and burdened with processes and systems that waste their time.

FunkSec ransomware threatens victims globally, malvertising scam targets Google Ads users, and threat actors use fake software and installers to push malware.