In a supply chain attack, hackers aim to breach a target's defenses by exploiting vulnerabilities in third-party companies. These attacks typically follow one of two paths. The first involves targeting a service provider or contractor, often a smaller entity with less robust security. The second path targets software developers, embedding malicious code into their products. This code, masquerading as a legitimate update, may later infiltrate the IT systems of customers.

This is a continuation of my interview with Scott Scheppers, chief experience officer for AT&T Cybersecurity, on the cybersecurity talent shortage. Scheppers points out that organizations have to pay attention to compensation when it comes to talent retention. “Good pay - don’t discount that. You need to be competitive and compensate people well, but that’s not the only thing that matters.”

In our rapidly evolving digital landscape, the accumulation of old electronic devices is a common occurrence. Laptops, smartphones, external hard drives, and USB flash drives quickly become outdated and obsolete, yet they often contain a wealth of sensitive information. Safeguarding your personal and confidential data during the disposal process is of utmost importance.

Our friends at BlackBerry recently released an in-depth blog post on a campaign by threat actors targeting online payment businesses that discusses what happens from initial compromise to the skimmer scripts themselves. You can read their blog here. This blog is focused on what we found across the AT&T Cybersecurity customer base as we looked for the indicators of compromise (IOCs) identified in the BlackBerry blog and on the quick-follow up analysis we performed and provided to our customers.

In an era where technology advances at breakneck speed, the corporate world finds itself facing an evolving and insidious threat: deepfakes. These synthetic media creations, powered by artificial intelligence (AI) algorithms, can convincingly manipulate audio, video, and even text - posing significant risks to businesses, their reputation, and their security. To safeguard against this emerging menace, a forensic approach is essential.

Scott Scheppers, chief experience officer for AT&T Cybersecurity, weighs on how his team is addressing the cybersecurity talent shortage. This is part one of a two-part blog.

“History repeatedly has demonstrated that inferior forces can win when leaders are armed with accurate intelligence.” – Central Intelligence Agency; Intelligence in War In the ever-changing landscape of global cybersecurity, the boundaries between traditional military intelligence and cybersecurity are increasingly blurred. At the heart of this convergence lies the science of intelligence analysis—a process fundamental to both realms.

In the field of Digital Forensics and Incident Response (DFIR), acquiring a forensic copy of a suspect's storage device is a critical first step. This process involves either disk imaging or disk cloning, each with its own distinct purposes and methodologies. In this blog, we'll delve into the differences between disk imaging and disk cloning, when to use each method, and provide step-by-step guidance on how to create a forensic disk image using FTK Imager.

As Cybersecurity Awareness Month winds down and you prepare for Halloween festivities like trick-or-treating and pumpkin carving, don't forget to protect against real-world monsters: artificial intelligence-driven cyber threats. Here are a few steps that may help ward off such threats like garlic protects against Dracula: Taking precautionary steps against them may keep the real monsters at bay!

The healthcare industry is progressing towards a more mature cybersecurity posture. However, given it remains a popular attack target, more attention is needed. Results from The Cost of a Data Breach Report 2023 reported that healthcare has had the highest industry cost of breach for 13 consecutive years, to the tune of $10.93M. In 2022, the top 35 global security breaches exposed 1.2 billion records, and 34% of those attacks hit the public sector and healthcare organizations.