Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

One of the primary ways that adversaries gain access to environments is through valid credentials. Because of this, maintenance and auditing of user accounts is an integral part of maintaining a good security posture. When an employee leaves a company or organization, it is important that all associated accounts be removed and permissions revoked. If these accounts are not removed, they are a potential avenue for attackers to enter a network.

The second a system is connected to a network, it becomes vulnerable to a cyber attack. We’ve seen news of companies experiencing cyber attacks across different industries more often than we can count. But now that the automotive industry has joined the digital bandwagon, cybersecurity threats and attacks are also becoming an issue.

In 2021, malicious Office documents accounted for 37% of all malware downloads detected by Netskope, showing favoritism for this infection vector among attackers. This is likely due to the ubiquitous usage of Microsoft Office in enterprises across the globe. Throughout 2021 we have analyzed many techniques used by attackers to deliver payloads through infected documents, which included the return of Emotet, a campaign that primarily uses infected documents to spread malware.

It's easy for cybersecurity teams to think they're doing everything to stay ahead of data breaches and cyberattacks in this post-pandemic era. For instance, you've probably rallied qualified experts to augment your IT ecosystem and supplied them with state-of-the-art threat detection and mitigation technologies that offer real-time insight into your infrastructure security.

Artificial Intelligence (AI) is one of the most high-profile technology developments in recent history. It would appear that there is no end to what AI can do. Fom driverless cars, dictation tools, translator apps, predictive analytics and application tracking, as well as retail tools such as smart shelves and carts to apps that help people with disabilities, AI can be a powerful component of wonderful tech products and services.

It has been a long time coming! The upgrade to the international standard for information security management systems, ISO27001:2013, is here (almost). Hallelujah! If you’re reading this article, then there’s a reasonable assumption that you know what ISO27001 is and you’re not going to be too worried about the back story. But let’s all be clear on a couple of points. The current version of the Information Security Management Standard is ISO27001:2013.

We wanted to call out some great adjacent research from the team at Sophoslabs Uncut that was released on December 21, 2021. Research groups frequently analyze similar (or in this case, identical) campaigns through their own unique lens. This is fantastic for the security community, as the campaign gets more eyes and different perspectives applied towards the same problem.