Breaking into an organisation’s IT infra doesn’t always require complex methods. Hackers often exploit normal applications and API functions in unexpected ways to access sensitive data. For example, the 2019 Venmo breach involved the exploitation of an open API to scrape millions of payment records. A design oversight in the API allowed attackers to exploit its normal functions in an unintended manner—scraping payment records without proper authorization.

The cybersecurity threat landscape is constantly evolving, requiring organizations to regularly evaluate their security stack to ensure it not only offers the highest level of protection, but is operated by a firm with a long track record of developing, implementing, and properly maintaining the highest quality security tools.

As expected, threat actors are taking advantage of the global IT outage caused by a faulty CrowdStrike update last Friday, SC Media reports. We've been covering this story and it looks like the campaigns have only continued.

Tl;dr: The Shadow IT report, conducted in late 2023, shows that 47% of companies allow employees to access their resources on unmanaged devices, authenticating via credentials alone.

A new phishing scam is leveraging trusted aspects of ecommerce to make their scams look legitimate. Perception Point has spotted a new level of credibility used by phishing scammers in which fake payment pages include the use of legitimate support chat. Spoofed payment pages resembling marketplace, like Etsy and Upwork, ask business owners to “claim” payments for products or services sold.

Healthcare data security is one of the top responsibilities in this digital age. Since patients’ sensitive information can be stored and shared online, healthcare companies need to work hard on securing it by implementing more stringent measures as cyber threats are rapidly changing. In this piece we will explore deeply the central aspects of healthcare data security: challenges, best practices and future activities.

If you are evaluating a new role that requires proficient knowledge of SIEM, this comprehensive guide offers an extensive list of frequently asked interview questions. Each question is paired with detailed, well-explained answers to ensure you fully understand the concepts and can confidently showcase your expertise.

Phishers are in the business of deception. They trick unsuspecting individuals into compromising sensitive data, potentially bringing an entire organization to its knees. Awareness training for employees is one of the most important tools a company can use in its anti-phishing strategy. However, it also has its downsides. Some of these flaws can, and should be fixed. Others leave no choice but to complement training with additional anti-phishing tools.

The recent AT&T data breach, which compromised call and text records of nearly all its cell customers, highlights the urgent need for robust data security. As partners with Snowflake, we at Protegrity are dedicated to working together to strengthen data protection and ensure our customers’ information remains secure.