Vishing, also known as voice phishing, occurs when scammers make phone calls to trick you into sharing personal information or sending money. By impersonating legitimate companies and using social engineering tactics, scammers hope to gain your trust and persuade you to share sensitive information, which they can use to commit fraud or identity theft.

An insider is any person with authorized access to systems or data that gives them the ability to take potentially harmful actions. Insiders range from business partners or third party contractors to full- and part-time employees–essentially all valid users with access to resources that you'd rather keep out of the wrong hands. People are just people, but when they mishandle data, they fall into the category of being an insider threat–intentional or not.

In the intense arena of Formula 1 racing, every millisecond counts – not just on the track but also in protecting the valuable data that drives success. Williams Racing, a team that has an impressive record in F1 with nine Constructors’ Championships and seven Drivers’ Championships, recently faced a critical challenge: securing sensitive data across a global operation while maintaining the lightning-fast access their team needs to compete.

Bonus offers, free trials, gifts, and other promotions are great ways for companies to encourage customer loyalty. But what happens when fraudsters and other malicious actors exploit the system to reap unfair rewards? Welcome to the world of bonus abuse. Bonus abuse costs an average of 15% of the iGaming sector’s annual revenues. This unethical behavior takes advantage of incentives designed to attract new customers or reward long-standing ones.

Read also: An alleged Scattered Spider member arrested in the US, a Chinese hacker who compromised over 80,000 Sophos firewalls charged, and more.

‍Security questionnaires are a standard part of almost every due diligence process before companies sign on to work with a new third party. ‍ By asking detailed questions via questionnaires, organizations learn about a seller’s security controls and compliance with relevant standards. With that information, they determine how and if a partnership with that third party will expand their attack surface and increase risk—and ultimately decide if the increased risk is acceptable.

Cybersecurity frameworks often feel as exciting as tax codes and instruction manuals, useful but not exactly captivating. Yet, the MITRE ATT&CK framework has managed to capture the attention of security professionals worldwide by mapping out adversary tactics, techniques, and procedures (TTPs). Many organizations don’t operationalize MITRE ATT&CK’s potential fully, using the framework in predictable ways. But it doesn’t have to be that way.

For decades, we have all been warned to be appropriately skeptical of internet search engine results. Sadly, most people are not. Most people think that what Google, Bing, or Duck Duck Go brings back is heaven sent and can be trusted. It cannot. Results often include malicious links from search engine optimization (SEO) poisoning, where the attacker has been able to trick the search engine into returning its URL when a user searches for something.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! To add to the continued pile of e-waste…

To compete in an era of dynamic, multimodal cyberattacks, cybersecurity programs must become multidimensional, capable of simultaneously contending with a wide range of cyber threats. In this post, we explain how your organization can develop such a multipronged approach with a branch of cybersecurity known as cybersecurity threat detection.