Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Is Santa an insider threat? He breaks into your home, consumes cookies, drinks milk/whisky and leaves a collection of items hidden behind highly decorated wrapping paper. Rumor has it that he can tell if you’re naughty or nice and is actively tracked by NORAD. Can we trust Santa with his elevated access? The answer is, of course, Yes, because we are all Santa. Santa is ultimate trusted Certificate Authority, entrusting intermediate trust to parents worldwide.

Taking traditional “delayed package” scams up a notch, new phishing and smishing attack campaigns are leveraging freemium DNS services to avoid detection by security solutions. In some ways, the old adage “there’s nothing new under the sun” seems to be holding up. Take the latest USPS impersonation scam identified by domain monitoring vendor Bolster. It follows many of the same steps and uses similar tactics as any of the USPS scams I’ve covered before.

A new BazarCall phishing campaign is using Google Forms to send phony invoices, according to researchers at Abnormal Security. “BazarCall/BazaCall attacks typically start with a phishing email designed to appear as a payment notification or subscription confirmation from a known brand,” Abnormal explains. “Within the email, recipients can find the amount to be charged—generally between $49.99 to $500 or more, depending on the subscription or service being impersonated.

Security awareness training (SAT) works! A well-designed security awareness training campaign will significantly reduce cybersecurity risk. We can safely state that from over 13 years of experience with tens of thousands of customer organizations and hundreds of millions of customer interactions. We have the data to prove it. The average new customer comes to us with about a third of their workforce proven to click on any phishing email.

Each day there are more and more cyber attacks and threats occurring, with those looking to exploit your IT systems finding various different methods to infiltrate your IT infrastructure. This means it's more vital than ever that you limit the vulnerabilities of your IT infrastructure and guarantee its security. In regards to this, a viable solution available to you is vulnerability assessment.

Forrester has named CrowdStrike a Leader in The Forrester Wave™: Managed Detection And Response Services In Europe, Q4 2023, only a few months after naming CrowdStrike a Leader in The Forrester Wave™: Managed Detection and Response, Q2 2023. In Forrester’s MDR report for Europe, CrowdStrike Falcon® Complete received the highest scores in the Current Offering and Strategy categories, as well as the highest possible scores in 13 of 22 criteria.

Nightfall AI is excited to announce a new generation of detectors powered by generative AI (GenAI). Read on to learn more about recent advancements in our PII, PHI, secrets, and images detectors—as well as how they stack up against competitors like AWS Comprehend, Google DLP, and Microsoft Purview.

There are various ways to measure any given machine learning (ML) model’s ability to produce correct predictions, depending on the task that the system performs. Named Entity Recognition (NER) is one such task, in which a model identifies spans of sensitive data within a document. Nightfall uses NER models extensively to detect sensitive data across cloud apps like Slack, Microsoft Teams, GitHub, Jira, ChatGPT, and more.

Researchers at Abnormal have discovered the latest evolution in call-back phishing campaigns.

Our guest today is Rita Gurevich, the CEO and Founder of SPHERE, an identity hygiene platform. Gurevich joins host David Puner to explore the challenges and dynamics surrounding identity and cyber hygiene in today’s cybersecurity landscape. The conversation begins by addressing the accelerated pace at which cyber controls and identity hygiene requirements are evolving, emphasizing the critical role they play in cybersecurity strategies.