Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The FBI has issued an alert on a wave of phishing attacks targeting Middle Eastern students who are studying in the US. The campaign has targeted students from the United Arab Emirates (UAE), Saudi Arabia, Qatar, and Jordan. The scammers impersonate government officials and claim there is an issue with the student’s visa.

Many organizations, after a period of relative quiet, might believe the ransomware bubble has burst. The headlines may have shifted, and other emerging cyber threats might seem to dominate the news cycle, but recent data from Marsh's 2024 UK cyber insurance claims report suggests otherwise. It paints a stark picture of an ongoing and evolving threat landscape. While claims decreased by 20% compared to 2023, they remained significantly higher than in previous years.

Many of today’s most damaging scams are built on repeatable, well-understood patterns. The legal world defines four core elements of fraud with direct applicability to today’s phishing, impersonation, and account takeover (ATO) threats: By understanding this structure, security leaders and fraud teams can spot threats earlier and counter them more effectively.

An effective insider threat program is a core part of any modern cybersecurity strategy. Having controls in place to detect and respond to insider attacks is necessary to protect your organization’s sensitive data and critical systems. It’s also a requirement of many IT regulations, standards, and laws. An insider threat program can enhance your overall cybersecurity and support compliance with HIPAA, PCI DSS, and NIS2, among others.

It must be the season for API security incidents. Hot on the heels of a developer leaking an API key for private Tesla and SpaceX LLMs, researchers have now discovered a set of tools for validating account information via API abuse, leveraging undocumented TikTok and Instagram APIs. The tools, and assumed exploitation, involve malicious Python packages - checker-SaGaF, stein lurks, and inner core - uploaded to PyPI.

An IP PIN is a six-digit code that protects US residents from fraudulent tax submissions. Electronic tax filings require an IP PIN and Social Security Number, allowing the former to act as a form of two-factor authentication. While IP PINs are primarily used by adults, they can also protect minors from having their identities used by fraudulent actors. A child without an IP PIN is at risk of having their identity used to file fake taxes.