Cybersecurity


Microsoft Tweaks ‘Recall’ After Facing Extreme Backlash!

Microsoft Tweaks ‘Recall’ After Facing Extreme Backlash!

album-art
00:00

 

Off lately, Microsoft has been bearing the brunt for its highly controversial AI-powered ‘Recall’ feature. Amid all the uproar and opposition, the tech giant has finally decided to revamp the criticized ‘Recall’ feature.

(more…)

The 2024 Multi-Nation Elections Need to Steer Clear of Highly Potent Cyber Menaces

The 2024 Multi-Nation Elections Need to Steer Clear of Highly Potent Cyber Menaces

 

In 2024, elections have been scheduled in 55 countries, giving more than 2 billion voters the opportunity to choose their leaders and enjoy their democratic rights. While parties leave no stone unturned to propagate their agendas and win the hearts (and votes) of citizens, some bad creatures of the cyber world are planning ahead of upcoming elections to plague them with social engineering, phishing, and spoofing attempts.

(more…)

Unveiling the Nexus: Analyzing How AI Impacts Phishing Schemes!

Unveiling the Nexus: Analyzing How AI Impacts Phishing Schemes!

 

Cybercriminals have always managed to give a hard time to the cybersecurity system by leveraging the latest technology. This time, they are using AI or Artificial Intelligence as their trump card. AI is posing a severe threat to cybersecurity setup as it is being exploited by phishing actors in their malicious activities. In fact, it won’t be wrong to say that artificial intelligence has opened up new avenues for these threat actors to obtain sensitive details in the most innovative ways ever. 

(more…)

Sensitive Information at Risk as a Security Breach Hits US Marshals Service

Sensitive Information at Risk as a Security Breach Hits US Marshals Service

A major security breach has recently hit the US Marshals Service, putting sensitive information at risk, according to senior law enforcement officials. Learn more about the details of the breach, how it happened, the data at risk, and the steps being taken to address it.

The US Marshals Service was hit by a major security breach this month, with hackers breaking into and stealing data from a computer system that contained personal information about investigative targets and agency employees, as confirmed by a spokesman for the service on Monday.

(more…)

TELUS Launches Investigation After Potential Data Breach Leaks Source Code and Employee Info

TELUS Launches Investigation After Potential Data Breach Leaks Source Code and Employee Info

TELUS, the Canadian telecom giant, is investigating a potential data breach after a threat actor leaked what appears to be employee data and source code. TELUS has initiated an investigation in response to the breach to assess the scope of the incident and safeguard its customers and staff from any potential risks. Stay updated with the latest developments on this incident with this article as we share what happened, how it happened, and what TELUS is doing.

(more…)

How Organizations Can Use Advanced Threat Protection Solutions for Email Security, Such as Anti-phishing, Anti-spoofing, and Anti-malware Tools

How Organizations Can Use Advanced Threat Protection Solutions for Email Security, Such as Anti-phishing, Anti-spoofing, and Anti-malware Tools

Advanced threat protection solutions, such as anti-phishing, anti-spoofing, and anti-malware tools, are vital for safeguarding organizations against email-based cyberattacks. This text will explore the benefits and considerations of implementing these solutions and provide practical guidance on leveraging them best to enhance email security.

In recent years, the proliferation of digital communication channels has transformed how organizations operate, making email an essential tool for everyday communication. While email has undoubtedly streamlined communication and improved efficiency, it has become a prime target for cybercriminals seeking to exploit vulnerabilities and gain unauthorized access to sensitive information.

(more…)

Threat Actors use NameCheap’s Email to Execute Metamask and DHL Phishing Attacks.

Threat Actors use NameCheap’s Email to Execute Metamask and DHL Phishing Attacks.

The recent security breach and phishing campaign that occurred at Namecheap, a domain registrar, serves as a stark reminder of the persistent and evolving threats posed by cybercriminals. In this post, we will delve into the details of the breach and the phishing campaign and offer some essential tips to help protect against phishing scams.

The web hosting company and domain registrar Namecheap recently suffered a security breach when its email account was hacked. This breach resulted in a phishing campaign that targeted the cryptocurrency wallet MetaMask and the logistics company DHL, intending to obtain personal and cryptocurrency wallet information from susceptible users.

(more…)

Threat Actors Breach Reddit and Access Internal Documents, Code, and Business Systems

Threat Actors Breach Reddit and Access Internal Documents, Code, and Business Systems

Threat actors managed to infiltrate the popular social media platform Reddit and access internal documents, code, and some internal business systems, highlighting the need for individuals and organizations to take robust measures to safeguard their information. This text shares the details of the attack, what information was accessed, what Reddit is doing, and how to stay protected.

(more…)

Find Out About the Latest Case of Threat Actors Utilizing Phishing-as-a-Service to Steal $120,000

Find Out About the Latest Case of Threat Actors Utilizing Phishing-as-a-Service to Steal $120,000

Threat actors made away $120,000 from an innocent victim by duping them with a sophisticated scam. This text shares the details of the cyberattack and shows how you can protect yourself.

As technology advances at a dizzying pace, so does the cunning of those seeking to exploit it for their nefarious purposes. One such example of this unfortunate reality can be seen in the recent surge of ‘Phishing-as-a-service‘ kits, which provide a turnkey solution for would-be thieves to engage in digital fraud and easily steal sensitive information. This malign development is fueling an alarming uptick in incidents of theft, with victims ranging from individuals to large corporations.

(more…)

Microsoft Disables Verified Microsoft Partner Network Accounts Used In Malicious Third-Party OAuth App Campaign

Microsoft Disables Verified Microsoft Partner Network Accounts Used In Malicious Third-Party OAuth App Campaign

The latest online status symbol is getting verified on popular platforms like Instagram, Apple AppStore, or Twitter. Users trust verified accounts more; similarly, third-party OAuth app publishers get verified by Microsoft. However, researchers recently discovered the latest malicious third-party OAuth app campaign abusing Microsoft’s “verified publisher” status. Read on to learn more about the story.

Microsoft recently disabled many fraudulent, verified MPN (Microsoft Partner Network) accounts for designing malicious OAuth apps that breached business cloud environments to steal emails.

(more…)

7 Commonly Overlooked But Crucial Security Threats That You Might be Ignoring

7 Commonly Overlooked But Crucial Security Threats That You Might be Ignoring

Page metadata

Page Title

7 Commonly Overlooked But Crucial Security Threats That You Might be Ignoring as Well

Meta Description

Most businesses will have the cyber security basics down, but there’s many overlooked cybersecurity threats that business leaders mightn’t even be aware of.

 

Cyber-crime is a lucrative business and is becoming more prevalent year-on-year, with estimates suggesting that cybersecurity breaches could cost the global economy over $10.5 trillion by 2025.

It’s safe to say that protecting your organization against cyber-crime should be a top priority. However, many businesses struggle to treat cyber security like the business-ending threat it can all too easily become.

Most businesses will enforce the use of some form of malware protection and the use of two-factor authentication, but there are several commonly overlooked – but crucial – cyber security threats that many business leaders aren’t using, or might not even be aware of.

 

1. Not acknowledging that you’re a potential target

If there’s one thing you take away from this article, it should be that any business – regardless of its size, industry or turnover – is a potential security target.

Startups and SMEs are often most susceptible to this line of thinking; they may feel like they’re less attractive to cyber criminals due to their small size or lower earnings, or they might lack the in-house resources and knowledge to be fully aware of their vulnerabilities.

However, it’s important to realize that cyber threats face organizations of all sizes and that immediate financial gain isn’t necessarily always the objective – information and sensitive data is just as valuable and both will be held by virtually all companies.

Acknowledging that your business is a potential target for a breach is the first and most important step to developing a robust cybersecurity plan and defense. Although cyber insurance is a great asset, prevention is always better than the cure!

 

Image sourced from Pixabay

 

2. Treating cybersecurity as an IT-only issue

Unfortunately there’s still a tendency from many business leaders to view cybersecurity as an issue that’s entirely the responsibility of their IT departments instead of seeing it as something which can, and does, affect every member of their organization.

Many cybersecurity breaches are caused by human error. With the average cost of a data breach estimated to be in the region of $4 million dollars, it’s something everyone should be taking seriously.

That, plus the fact that many people are now working either fully remotely or as part of a hybrid model, means that it’s more important than ever that each individual in a business is properly trained in basic cyber security best practices.

In essence, solid cyber security training is a risk mitigation exercise for your business, and the single most effective way to reliably protect your company or organization from breaches.

 

3. Not considering physical threats as well as digital ones

This one really is overlooked! It can be easy to think of cybersecurity as a digital issue only, but the greatest antivirus software or most robust cyber security threat modeling processes in the world won’t stop someone from breaking into your offices and making off with hard drives full of data.

Ensuring your data, devices and systems are all physically protected is just as important as what you do with them online. Where possible, entry to your offices should be controlled by a key or card entry system and windows and doors should remain locked outside of business hours.

More and more businesses are turning to cloud-based solutions for data storage, partly due to their ease of use, but keeping your data in the cloud is also a great way to mitigate against the risk of offline threats – no-one can physically steal your data if there’s no physical storage.

Likewise, ensure that only authorized personnel are able to access your data and devices, and that any third-parties or visitors are accompanied by someone from your business at all times.

One frightening but not uncommon example of malicious parties gaining physical access to an organization’s systems or data is known as ‘tailgating’, where a person will wear a uniform or fake ID to make it look like they should be there and simply walk in through the office behind a group of employees.

Once there, they can take various actions, including the installation of keyloggers – malicious software which records the input of your computer’s keyboard as you type to steal logins, passwords and other sensitive information. Being aware of the physical threats, as well as the digital, will ensure you don’t put yourself at risk.

 

Image sourced from Pixabay

 

4. The rise in Bring Your Own Device working habits

Bring-your-own-device (BYOD) policies are growing increasingly common, whether it’s an official part of company policy or a more informal arrangement. With the rise of technology like hosted PBX phone systems and cloud storage, it’s easier than ever to access work on private devices. Unfortunately this is one of the riskiest potential sources of cybersecurity breaches.

It’s easy to see why: most company-owned computers and devices will have antiviruses, firewalls and other protective software installed, but a personal laptop or tablet brought from home may not. Malicious software unwittingly downloaded onto an employee’s USB pen drive and then entered into a networked PC could very quickly spread throughout an entire organization without care.

Therefore it’s vital to have robust and clear policies in place along with regular training for employees on the risks of BYOD to work. A few simple steps to better protect your business such as the use of two-factor authentication and strong passwords can go a long way towards preventing issues.

 

5. Failing to keep your software regularly updated

Perhaps the single most overlooked threat to your organization’s security is the failure to ensure that your systems and software platforms are kept up to date with the latest version.

Exploiting weaknesses in outdated software and programs is one of the most common methods that cyber criminals use to gain access to systems, and addressing security risks is one of the primary reasons that software companies are constantly upgrading and improving their products.

By not keeping your software updated, you’re unnecessarily exposing yourself and your business to risk. Luckily it’s a fairly easy fix, as most security patches can be set to install automatically. However, it’s always worthwhile reviewing this regularly as a matter of data security best practice to make sure everything is as up-to-date as it can be.

 

Image sourced from Pixabay

 

6. Lack of training for your employees

Even if you have the most watertight cybersecurity plan possible, up-to-date software and all the cybersecurity tools your budget can afford, the weak link in your business’ digital armor will always be human error.

Phishing attacks, which account for up to 90% of all the cybersecurity breaches, can be an easy trap to fall into if you don’t know what to look out for. Other pitfalls like reusing old passwords or sharing the same password across multiple accounts are likewise all too common.

Fortunately regular, structured employee training on the risks of cybersecurity breaches and what they can do to prevent them is the single most efficient and cost-effective way to protect your business.

 

7. Not keeping a backup of your data

Always have a backup! Regardless of the industry, all businesses will make use of large amounts of important data and information, from customer data to payroll, call log records, stock inventory and more.

It’s important to view regular data backups as a critical part of any cybersecurity plan, so if anything goes wrong or your data becomes corrupted or inaccessible you have a recent failsafe that you can revert to. Many companies now store much of their information in cloud-based services, which do somewhat help with these risks but aren’t infallible.

Not only will a backup provide a safety net in the event your business is targeted, but they can also help to mitigate against ransomware attacks where a malicious party will attempt to hold your data and information hostage. With a solid, recent backup it removes their leverage and allows you to resume your business relatively uninterrupted.

 

Image sourced from Pixabay

 

Key Takeaways

In 2023, a solid cybersecurity plan is a necessity for all businesses regardless of their size or industry. Without one, you leave your organization vulnerable to malicious attacks that can result in substantial losses whether that be financial loss, the theft of sensitive information or the disruption of your trading.

But while most companies will have the basics down there are many overlooked threats that organizations typically fail to address, and cyber-criminals will always seek to exploit any possible blind spots or gaps in a business’ armor.

The good news is that greater awareness, a little preparation and a little action will go a long way towards securing your business, your assets and your employees against cyber-attacks and further help protect your enterprise against potential cybersecurity threats.

 

Bio:

Jenna Bunnell – Senior Manager, Content Marketing, Dialpad

Jenna Bunnell is the Senior Manager for Content Marketing at Dialpad, an AI-incorporated cloud-hosted unified communications system that provides valuable call details for business owners and sales representatives with features like Dialpad call forwarding. She is driven and passionate about communicating a brand’s design sensibility and visualizing how content can be presented in creative and comprehensive ways. Check out her LinkedIn profile.