Cybercriminals Selling "Golden Tickets" to Phish Microsoft 365... $500,000 in Sales in 10 Months

In the movie, "Willy Wonka and the Chocolate Factory," kids unwrap chocolate bars in hopes of winning a golden ticket, giving the holder an inside tour of the sugar factory. The W3LL store is selling advanced phishing kits – a golden ticket for hacking Microsoft 365 accounts -- that can bypass multi-factor authentication (MFA) no less.

Demystifying NIST Vulnerability Management: A Comprehensive Guide

Protecting sensitive information and securing digital assets now require the use of cybersecurity. Organizations must employ proactive steps to spot and address vulnerabilities as cyber threats continue to become more complex and sophisticated. Vulnerability assessment is one such method, which is important in cybersecurity risk management.

Phishing Scammers are Using Artificial Intelligence To Create Perfect Emails

Phishing attacks have always been detected through broken English, but now generative artificial intelligence (AI) tools are eliminating all those red flags. OpenAI ChatGPT, for instance, can fix spelling mistakes, odd grammar, and other errors that are common in phishing emails. This advancement in AI technology has made it easier for even amateur hackers to analyze vast amounts of publicly available data about their targets and create highly personalized and convincing emails within seconds.

Falcon Complete for Service Providers: New Program Expands Access to Market-Leading MDR Service

CrowdStrike is expanding access to its market-leading managed detection and response (MDR) service, CrowdStrike Falcon® Complete. With the announcement of Falcon Complete for Service Providers, CrowdStrike partners can now license and build upon Falcon Complete to provide 24/7 expertise to customers, empowering them to augment their cybersecurity teams and stop breaches.

AP Stylebook Data Breach Compromises Customer Personal Information

The Associated Press (AP) has disclosed a data breach affecting the legacy AP Stylebook website that led to phishing attacks against impacted customers, BleepingComputer reports. “On July 20, 2023, Stylebooks.com notified us that AP Stylebook customers had received phishing emails directing them to a fake website that imitated AP Stylebook to provide updated credit card information,” the AP said. “APS immediately engaged a cyber forensics firm to investigate the incident.

A Multinational Effort Takes Down the Qakbot Banking Trojan

In late August, the FBI took down and dismantled Quakbot, a banking Trojan that primarily spread through spam and phishing emails and has been active and continuously updated since 2008. Trustwave SpiderLabs has tracked Qakbot for years and has worked hard to counter the malware’s efforts, including publicly releasing the encryption algorithm Qakbot used to encrypt registry keys, enabling victims to recover from an attack.

New Vulnerabilities in Apple Products Exploited in the Wild

On September 7, 2023, Apple released emergency security updates to fix a buffer overflow vulnerability (CVE-2023-41064) and a validation issue vulnerability (CVE-2023-41061) among macOS, iOS, iPadOS, and watchOS products. These vulnerabilities can be exploited with a maliciously crafted attachment or image which leads to arbitrary code execution.

Product Quality at Rubrik - Part 1

At Rubrik, we are on a mission to Secure the World’s Data and we consider product quality a top priority. In this blog, we will talk about the automated test strategy we follow at Rubrik to ensure the best quality products for our customers. Before we deep dive into our test strategy and the process we follow, let’s quickly understand what product quality means and why it’s important to our organization as well as our customers.