With more and more businesses relying on SaaS solutions, securing the endpoint browser is vital. Often this involves enterprises imposing a particular browser on their users rather than allowing a choice.

In a new approach, Menlo Security is launching a complete enterprise browser solution that can turn any browser into a secure enterprise browser.

Continue reading →

Phishing is the most common form of cyberattack as criminals seek to obtain credentials to access bank accounts or corporate networks.

Abnormal Security has analyzed which phishing attacks generate the highest click rate and categorized them based on the words included in the subject line.

Continue reading →

Wyze customers experienced a service disruption last Friday morning due to an outage originating from their partner, Amazon Web Services (AWS). This incident temporarily disabled Wyze devices, preventing users from accessing live camera feeds and event recordings. The company has since apologized for the inconvenience this caused.

During efforts to restore camera functionality, a security issue emerged. Approximately 13,000 Wyze users inadvertently received thumbnails from cameras that were not their own, and 1,504 users interacted with these thumbnails. In some instances, users were able to view event videos from other accounts. Wyze has confirmed that all affected users have been notified and reassured that the majority of accounts remained unaffected.

Continue reading →

As cybercrime continues to increase, organizations must consider actions to improve their cyber security and cyber resilience. There are constantly new ransomware and data breach headlines hitting the news, and, according to research, a company falls victim to a cyberattack every 39 seconds.

To bolster cybersecurity, organizations must maintain constant awareness, and they should regularly update systems, encrypt and backup data. Cyber security is an ongoing action, it requires constant vigilance as cybercriminals are always looking for new ways to exploit systems and steal data. In addition, 85 percent of all organizations consider their data as one of their most valuable assets, and hackers also share this view. Ransomware is not a problem that is going to go away on its own, especially as it continues to be very profitable for criminal cyber gangs. Having said that, there are many things that you and your organization can do to mitigate against becoming another victim of cyber crime.

Continue reading →

New research from Malwarebytes reveals that employees are being tricked into downloading remote monitoring and management tools like AnyDesk to open up back doors to corporate networks.

In a standard phishing technique potential victims are targeted via an email or SMS message, personalized to match their roles within the organization. The link in the email goes to what looks like a legitimate bank website with a link to open a chat support session.

Continue reading →

Traditionally, organizations have focused on measuring the results of their cyber security strategies in terms of threat events or security incidents to determine how effective their security controls are.

However, in today's fast-paced world, the real game-changer is aligning security outcomes with business objectives and this is where 'outcome-based security' plays a huge role. It's a shift in focus for organizations, but one which can empower security teams to add even greater value to the strategic goals of the business.

Continue reading →

Google has decided to make Magika open source, but what exactly is it? Well, it is an innovative AI-powered system that the search giant designed to revolutionize the way binary and textual file types are identified. Magika stands out for its ability to deliver precise file identification within milliseconds, even when operating on a CPU.

Magika employs a custom, highly optimized deep-learning model that has been meticulously designed and trained using Keras. This model is remarkably lightweight, weighing in at just about 1MB. For inference, Magika utilizes Onnx as an engine, ensuring that files are identified swiftly, almost as quickly as non-AI tools, even on a CPU.

Continue reading →

The latest ransomware report from GuidePoint Security shows a decline in activity in January compared to the final quarter of last year, with a drop in the total number of posted victims by 33 percent and 60 percent relative to December and November 2023.

However, this is consistent with the trends of January of 2022 and 2023, both of which also followed heightened Q4 activity from the previous year.

Continue reading →

A 'forest' -- in case you didn't know -- is the top-level logical container in an Active Directory configuration that holds domains, users, computers, and group policies.

This level presents a security challenge and a new survey of 1,000 IT professionals from Cayosoft reveals a 172 percent increase in forest-wide Active Directory outages since 2021.

Continue reading →

A new report from HP Wolf Security shows cybercrime groups are using professional advertising tools to optimize their malware campaigns and convince users to take the bait.

The report identifies the DarkGate campaign which uses ad tools to sharpen attacks. Malicious PDF attachments, posing as OneDrive error messages, direct users to sponsored content hosted on a popular ad network. This leads to DarkGate malware which hands backdoor access to cybercriminals into networks, exposing victims to risks like data theft and ransomware..

Continue reading →

In a new report on the impact of generative AI on security posture, Menlo Security looks at employee usage of gen AI and the subsequent security risks these behaviors pose to organizations.

It finds that 55 percent of data loss prevention events detected by Menlo Security in the last thirty days included attempts to input personally identifiable information. The next most common type of data that triggered DLP detections included confidential documents, which represented 40 percent of input attempts.

Continue reading →

A new report from Veracode shows that software security debt -- flaws that have gone unfixed for over a year -- is found in 42 percent of applications.

Although the number of high-severity flaws has reduced 70.8 percent of organizations still suffer from security debt. 45.9 percent have critical security debt, that is high-severity flaws that have been unfixed for 12 months or more.

Continue reading →

Just as cybersecurity threats are constantly evolving, so are the compliance regulations that organizations must follow. And as these regulations tighten so the risks of non-compliance become higher.

Cam Roberson, VP at Beachhead Solutions, a provider of cloud-managed PC and mobile device encryption, security, and data access control, sat down with us to discuss what enterprises need to know about the current state of cybersecurity compliance.

Continue reading →

1Password has launched its new global partner program today, aiming to enhance its suite of security solutions through strategic partnerships and support tools. This initiative is part of a multi-year strategy designed to provide partners with comprehensive access to 1Password’s security solutions and a toolkit of sales, marketing, and enablement resources.

The program is launching with key partners including Amazon Web Services (AWS), Arrow Electronics, Insight Enterprises, Microsoft, SVA, and many others. 1Password aims to grow its partner ecosystem further by adding more partners across North America, EMEA, and APAC regions.

Continue reading →

With cyber threats becoming increasingly sophisticated, organizations face new challenges in safeguarding their digital assets. A new report from Info-Tech Research Group looks at the issues IT and security leaders must prioritize over the coming year.

It highlights the need to take account of the cybersecurity talent shortage, the rise of AI-driven threats, the integration of security risks with business risks, the adoption of zero-trust frameworks, and the increasing significance of automating security operations.

Continue reading →