Security News

The Moscow-based cybersecurity company Kaspersky says iOS devices are being targeted by a previously unknown malware. The attack begins when the targeted iOS device receives a message via the iMessage service.

CISOs and ITDMs continue to be most occupied with business, IT and security program strategy, but they are spending less time on threat research, awareness and hunting compared to 2022, according to Nuspire. The ever-evolving cybersecurity landscape and end-user error and education remain the biggest challenges for CISOs/ITDMs, with end-users accounting for much of their worries, specifically malware/ ransomware, phishing and cloud security breaches.

Google Workspace has a weak spot that can prevent the discovery of data exfiltration from Google Drive by a malicious outsider or insider, Mitiga researchers say. "Google Workspace provides visibility into a company's Google Drive resources using 'Drive log events,' for actions such as copying, deleting, downloading, and viewing files. Events that involve external domains also get recorded, like sharing an object with an external user," Mitiga's Ariel Szarf and Or Aspir explained.

Improperly deactivated and abandoned Salesforce Sites and Communities could pose severe risks to organizations, leading to unauthorized access to sensitive data. "Because these unused sites are not maintained, they aren't tested against vulnerabilities, and Admins fail to update the site's security measures according to newer guidelines."

How to do that efficiently and effectively is no small task - but with a small investment of time, you can master threat hunting and save your organization millions of dollars. This article offers a detailed explanation of threat hunting - what it is, how to do it thoroughly and effectively, and how cyber threat intelligence can bolster your threat-hunting efforts.

The research shows that cybercriminals continue to barrage organizations with targeted email attacks, and many companies are struggling to keep up. While spear-phishing attacks are low-volume, they are widespread and highly successful compared to other types of email attacks.

In this article, we'll look at another trending acronym - CTEM, which stands for Continuous Threat Exposure Management - and the often-surprising challenges that come along with seeing a CTEM program through to maturity. Continuous Threat Exposure Management is not a technology and you can't go to a vendor in hopes of finding a CTEM solution.

Perception Point's team has identified a 356% increase in the number of advanced phishing attacks attempted by threat actors in 2022. Overall, the total number of attacks increased by 87%, highlighting the growing threat that cyber attacks now pose to organizations.

Government and diplomatic entities in the Middle East and South Asia are the target of a new advanced persistent threat actor named GoldenJackal. The targeting scope of the campaign is focused on Afghanistan, Azerbaijan, Iran, Iraq, Pakistan, and Turkey, infecting victims with tailored malware that steals data, propagates across systems via removable drives, and conducts surveillance.

Regrettably, maintaining secrets has become increasingly challenging, as highlighted by the 2023 State of Secrets Sprawl report, the largest analysis of public GitHub activity. This alarming surge in secrets sprawl highlights the need for action and underscores the importance of secure software development.