130 Dropbox code repos plundered after successful phishing attack
Dropbox has suffered a data breach, but users needn’t worry because the attackers did not gain access to anyone’s Dropbox account, password, or payment information. …
Are your cybersecurity investments making you less resilient?
In the past decade, digital transformation has become a buzzword in nearly every industry. Organizations have scaled down workforces in favor of automation, moved their …
Cybercriminals are having it easy with phishing-as-a-service
In this interview for Help Net Security, Immanuel Chavoya, Threat Detection Expert at SonicWall, talks about phishing-as-a-service (PaaS), the risks it can pose to …
Uber says Lapsus$ gang is behind the recent breach
Uber has confirmed that the recent breach of its systems started with a compromised account belonging to a contractor. “It is likely that the attacker purchased the …
EvilProxy phishing-as-a-service with MFA bypass emerged on the dark web
Following the recent Twilio hack leading to the leakage of 2FA (OTP) codes, cybercriminals continue to upgrade their attack arsenal to orchestrate advanced phishing campaigns …
Phishing PyPI users: Attackers compromise legitimate projects to push malware
PyPI, the official third-party software repository for Python packages, is warning about a phishing campaign targeting its users. “We have additionally determined that …
How attackers use and abuse Microsoft MFA
Microsoft has been pushing for the use of multi-factor authentication (MFA) to thwart attackers for many years. But threat actors are keeping up with the increasing enterprise …
Cisco has been hacked by a ransomware gang
U.S. networking giant Cisco Systems has been hacked, the company confirmed on Wednesday, after Yanluowang ransomware operators claimed the attack on their leak site. …
Phishers use custom phishing kit to hijack MFA-protected enterprise Microsoft accounts
An ongoing, large-scale phishing campaign is targeting owners of business email accounts at companies in the FinTech, Lending, Insurance, Energy and Manufacturing sectors in …
84% of organizations experienced an identity-related breach in the past 18 months
60% of IT security decision makers believe their overall security strategy does not keep pace with the threat landscape, and that they are either lagging behind (20%), …
Companies around the globe still not implementing MFA
SMB owners across the globe are still relying only on usernames and passwords to secure critical employee, customer, and partner data, according to the Global Small Business …
Popular business web apps fail to implement critical password requirements
Specops Software released new research finding cybersecurity weaknesses in business web apps including Shopify, Zendesk, Trello, and Stack Overflow. Amid a wave of …
Featured news
Resources
Don't miss
- Clipping Scripted Sparrow’s wings: Tracking a global phishing ring
- Microsoft 365 users targeted in device code phishing attacks
- More than half of public vulnerabilities bypass leading WAFs
- The soft underbelly of space isn’t in orbit, it’s on the ground
- Privacy risks sit inside the ads that fill your social media feed