Medusa ransomware pivots to extortion, Infostealers evade macOS anti-malware, and the FBI and CISA issue a joint advisory for Androxgh0st malware.

A suspected North Korean state-sponsored threat actor called “ScarCruft” is launching spear phishing attacks against cybersecurity professionals, according to researchers at SentinelOne.

Technical vulnerabilities are areas of weakness in your source code or infrastructure that attackers could potentially exploit. It’s important for your business to address its technical vulnerabilities to protect itself from these types of threats, in addition to gaining or maintaining compliance with SOC 2 and ISO 27001. ‍ For many of these standards, you’re required to have vulnerability scanners running to ensure you’re continuously monitoring for new threats.

CI/CD pipelines can be exploited in a number of ways and we're going to share a few with you.

As the use of Cloud SaaS platforms of generative AI solutions increases, the likelihood of more “GPT” attacks used to gather credentials, payment info and corporate data also increases. In Netskope’s Cloud and Threat Report 2024, they show a massive growth in the use of generative AI solutions – from just above 2% of enterprise users prior to 2023 to over 10% in November of last year. Mainstream AI services ChatGPT, Grammarly, and Google Bard all top the list of those used.

If you’re a business executive or a risk leader, you’re likely familiar with “proxy season,” the time of year when public companies hold their annual general meetings. During these meetings, investors have the opportunity to vote on important issues such as the election of board members and executive compensation.

The average cost of invoice fraud to middle-market businesses is almost $280,000 per year. Invoice fraud affects businesses of all sizes, and the levels of fraud have increased in part because it’s not possible to authenticate all invoices that come in manually, with many businesses paying out invoices without authentication if they’re under a certain amount. Today’s information security rules and regulations can’t keep up.

The mother of all breaches (MOAB). That’s how security experts are referring to the recent discovery of a massive database that is composed of data from thousands of previous breaches, leaks, and private data databases.

Starting today, you can review and mitigate potential SSH key security risks in 1Password Watchtower.

The discovery of what has been dubbed the Mother of all Data Breaches (MOAB), reportedly containing 12TB or 26 billion records representing 3,800 separate data breaches, should remind everyone of the need to maintain strong passwords and change default credentials.