As organizations deploy more AI-enabled systems across their networks, adversaries are taking note and using sophisticated new tactics, techniques and procedures (TTPs) against them. The need for continued innovation to fight these threats is paramount.

The General Data Protection Regulation (GDPR) of the European Union and the California Privacy Rights Act (CPRA) represent landmark regulations designed to protect consumer data privacy. While GDPR became enforceable in May 2018, CPRA came into effect in January 2023, building on its predecessor, the California Consumer Privacy Act (CCPA). Both laws aim to empower individuals with greater control over their personal data while imposing rigorous obligations on businesses.

Cyber threats are at an all-time high because the digital world is rapidly changing so quickly. Every day, new vulnerabilities are found in security systems. Attacks threaten businesses of all sizes by stealing data, disrupting operations, and damaging reputations. It has become clear that Vulnerability Management as a Service (VMaaS) is the best way for companies to protect their digital assets without having to manage security systems themselves.

A phishing campaign is impersonating HR to target employees who are making annual insurance changes during the open enrollment period, according to researchers at Abnormal Security. The attackers are using legitimate notifications from Dropbox to send phishing messages, asking recipients to view a document on Dropbox regarding annual salary increases and open enrollment elections.

Welcome to Corelight Labs' latest hunt! This blog continues our tradition of analyzing trending threat groups and TTPs on Any.Run and writing detectors for them, providing the community with open-source threat intelligence, and acting as a tutorial in engineering threat detections with Zeek Script.

The threat group FIN7 is using the lure of generating nude images of favorite celebrities to get victims to download their NetSupport RAT. In any social engineering scam, there’s always the need to create some sense of urgency to act in order to make the potential victim take an action that enables the attack. In the case of a new attack by threat group FIN7, the urgency appears to be the desire to see deepfake nude images.

Welcome to the Threat Context Monthly blog series where we provide a comprehensive roundup of the most relevant cybersecurity news and threat information from KrakenLabs, Outpost24’s cyber threat intelligence team. Here’s what you need to know from November.

Are you worried about your personal information leaking online? Worried your email has breached online or leaked on the dark web? Unsure if you’re passwords are safe? Don’t worry, you’re not alone. Fortunately, encryption is our friend. It is an advanced technology that prevents hackers from stealing our sensitive information, protects us from data breaches, and ensures businesses can comply with data protection laws.