Security News

Beware of Ghost Sites: Silent Threat Lurking in Your Salesforce Communities
2023-05-31 13:00

Improperly deactivated and abandoned Salesforce Sites and Communities could pose severe risks to organizations, leading to unauthorized access to sensitive data. "Because these unused sites are not maintained, they aren't tested against vulnerabilities, and Admins fail to update the site's security measures according to newer guidelines."

6 Steps to Effectively Threat Hunting: Safeguard Critical Assets and Fight Cybercrime
2023-05-31 11:47

How to do that efficiently and effectively is no small task - but with a small investment of time, you can master threat hunting and save your organization millions of dollars. This article offers a detailed explanation of threat hunting - what it is, how to do it thoroughly and effectively, and how cyber threat intelligence can bolster your threat-hunting efforts.

Organizations spend 100 hours battling post-delivery email threats
2023-05-30 03:00

The research shows that cybercriminals continue to barrage organizations with targeted email attacks, and many companies are struggling to keep up. While spear-phishing attacks are low-volume, they are widespread and highly successful compared to other types of email attacks.

3 Challenges in Building a Continuous Threat Exposure Management (CTEM) Program and How to Beat Them
2023-05-29 11:47

In this article, we'll look at another trending acronym - CTEM, which stands for Continuous Threat Exposure Management - and the often-surprising challenges that come along with seeing a CTEM program through to maturity. Continuous Threat Exposure Management is not a technology and you can't go to a vendor in hopes of finding a CTEM solution.

Threat actors exploit new channels for advanced phishing attacks
2023-05-26 04:30

Perception Point's team has identified a 356% increase in the number of advanced phishing attacks attempted by threat actors in 2022. Overall, the total number of attacks increased by 87%, highlighting the growing threat that cyber attacks now pose to organizations.

GoldenJackal: New Threat Group Targeting Middle Eastern and South Asian Governments
2023-05-23 15:30

Government and diplomatic entities in the Middle East and South Asia are the target of a new advanced persistent threat actor named GoldenJackal. The targeting scope of the campaign is focused on Afghanistan, Azerbaijan, Iran, Iraq, Pakistan, and Turkey, infecting victims with tailored malware that steals data, propagates across systems via removable drives, and conducts surveillance.

The Rising Threat of Secrets Sprawl and the Need for Action
2023-05-23 11:16

Regrettably, maintaining secrets has become increasingly challenging, as highlighted by the 2023 State of Secrets Sprawl report, the largest analysis of public GitHub activity. This alarming surge in secrets sprawl highlights the need for action and underscores the importance of secure software development.

DarkBERT could help automate dark web mining for cyber threat intelligence
2023-05-19 10:02

Researchers have developed DarkBERT, a language model pretrained on dark web data, to help cybersecurity pros extract cyber threat intelligence from the Internet's virtual underbelly. A team of researchers from Korea Advanced Institute of Science and Technology and data intelligence company S2W has decided to test whether a custom-trained language model could be useful, so they came up with DarkBERT, which is pretrained on dark web data.

Okta’s Security Center opens window to customer insights, including threats and friction
2023-05-18 19:25

The 14-year-old company and single sign-on market share leader announced this month that it is adding a key element of visibility, the Security Center, to its Auth0-powered Okta Customer Identity Cloud. The Security Center dashboard is designed to give near real-time asset visibility to teams focused on customer identity, user experience and security.

Organizations’ cyber resilience efforts fail to keep up with evolving threats
2023-05-18 03:30

A steady increase in cyberattacks and evolving threat landscape are resulting in more organizations turning their attention to building long-term cyber resilience; however, many of these programs are falling short and fail to prove teams' real-world cyber capabilities, according Immersive Labs. The report found that while 86% of organizations have a cyber resilience program, 52% of respondents say their organization lacks a comprehensive approach to assessing cyber resilience.