ESET has published its threat report for the second half of 2024, outlining a new social engineering tactic targeting mobile banking users. Threat actors are using Progressive Web Apps (PWAs) and WebAPKs to bypass mobile security measures, since these files don’t require users to grant permissions to install apps from unknown sources. “The initial phishing messages were delivered through various methods, including SMS, automated voice calls, and social media malvertising,” ESET says.

A threat actor is abusing HubSpot’s Free Form Builder service to craft credential-harvesting phishing pages, according to Palo Alto Networks’ Unit 42. The campaign has targeted at least 20,000 users at European companies in the automotive, chemical, and industrial compound manufacturing sectors. The attacks are designed to steal credentials in order to compromise victims’ Microsoft Azure cloud services.

There is a type of scam where victims are contacted by someone fraudulently posing as a popular trusted entity (e.g., Amazon, U.S. Post Office, etc.), law enforcement, or an intelligence agency that initially claims to have evidence linking the victim to a global, spy-like scam. Initially, the victim is befuddled, clueless and scared. The caller then asks the victim to hold on as they are then passed to one or more purported national law enforcement agencies.

White-box fuzz testing has proven highly effective in finding critical bugs and vulnerabilities. Tech giants like Google and Microsoft uncover thousands of issues using this method. But why doesn’t every company adopt fuzz testing as part of their testing strategy? The main barrier is the high level of manual effort and the extensive time required to properly set it up and maintain it.

An IoT denial of service attack overwhelms devices with traffic, making them unresponsive. This article explains these attacks and offers strategies to protect your devices.

In today’s IT environment, the only certainty is uncertainty. This adage holds true across nearly every sector and industry, especially in the ever-evolving tech world, where uncertainty and change are constant. Organizations that fail to adapt quickly risk being left behind. As the saying goes, “past behavior or actions are often a good predictor of future behavior or actions”. To stay one step ahead it is essential understanding the past, present, and future trends.

Find out how unpatched software can compromise your security and discover strategies to mitigate these risks effectively.

The term LLMjacking refers to attackers using stolen cloud credentials to gain unauthorized access to cloud-based large language models (LLMs), such as OpenAI’s GPT or Anthropic Claude. This blog shows how to strengthen LLMs with Sysdig. The attack works by criminals exploiting stolen credentials or cloud misconfigurations to gain access to expensive artificial intelligence (AI) models in the cloud. Once they gain access, they can run costly AI models at the victim’s expense.

Every time your customers make an online payment, they trust that their sensitive data won’t end up in the wrong hands. But what if it did? With cybercriminals using AI and launching direct attacks on payment systems, securing financial transactions has become a high-stakes challenge for businesses worldwide. In the first half of 2023, around 48.77 billion card payments were made with EU/EEA-issued cards, of which an average of 7.31 million were fraudulent.

For an enterprise business, the holidays can be a mixed bag. On the one hand, depending on your industry, you’re either winding down or doing the most business you’ll do all year. On the other, you’re especially vulnerable to holiday hacking attempts. Your customer data makes your organization an attractive target at a time when employee vacation time and office closures mean you have fewer employees to guard against holiday hackers.