Fake ChatGPT Chrome Extension Hijacking Facebook Accounts for Malicious Advertising

THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps

Don't be a victim of 3rd-Party SaaS App breaches - Learn how to protect your business!

The Prolificacy of LockBit Ransomware

Today, the LockBit ransomware is the most active and successful cybercrime organization in the world. Attributed to a Russian Threat Actor, LockBit has stepped out from the shadows of the Conti ransomware group, who were disbanded in early 2022. LockBit ransomware was first discovered in September 2019 and was previously known as ABCD ransomware because of the ".abcd virus" extension ...

Microsoft Warns of Large-Scale Use of Phishing Kits to Send Millions of Emails Daily

An open source adversary-in-the-middle (AiTM) phishing kit has found a number of takers in the cybercrime world for its ability to orchestrate attacks at scale. Microsoft Threat Intelligence is tracking the threat actor behind the development of the kit under its emerging moniker DEV-1101. An AiTM phishing attack typically involves a threat actor attempting to steal and intercept a ...

Automate compliance and get up to 400 hours of time back

To close and grow major customers, you have to earn trust. But demonstrating security and compliance can be time-consuming and expensive. Unless you use Vanta. See if Vanta is right for your business with a free trial of our SOC 2 compliance framework and Access Reviews ...

Fortinet FortiOS Flaw Exploited in Targeted Cyberattacks on Government Entities

Government entities and large organizations have been targeted by an unknown threat actor by exploiting a security flaw in Fortinet FortiOS software to result in data loss and OS and file corruption. "The complexity of the exploit suggests an advanced actor and that it is highly targeted at governmental or government-related targets," Fortinet researchers Guillaume Lovet and Alex Kong said in ...

Large-scale Cyber Attack Hijacks East Asian Websites for Adult Content Redirects

A widespread malicious cyber operation has hijacked thousands of websites aimed at East Asian audiences to redirect visitors to adult-themed content since early September 2022. The ongoing campaign entails injecting malicious JavaScript code to the hacked websites, often connecting to the target web server using legitimate FTP credentials the threat actor previously obtained via an ...

Fake ChatGPT Chrome Extension Hijacking Facebook Accounts for Malicious Advertising

A fake ChatGPT-branded Chrome browser extension has been found to come with capabilities to hijack Facebook accounts and create rogue admin accounts, highlighting one of the different methods cyber criminals are using to distribute malware. "By hijacking high-profile Facebook business accounts, the threat actor creates an elite army of Facebook bots and a malicious paid media apparatus," ...

How to Apply NIST Principles to SaaS in 2023

The National Institute of Standards and Technology (NIST) is one of the standard-bearers in global cybersecurity. The U.S.-based institute’s cybersecurity framework helps organizations of all sizes understand, manage, and reduce their cyber-risk levels and better protect their data. Its importance in the fight against cyberattacks can’t be overstated. While NIST hasn’t directly ...

Warning: AI-generated YouTube Video Tutorials Spreading Infostealer Malware

Threat actors have been increasingly observed using AI-generated YouTube Videos to spread a variety of stealer malware such as Raccoon, RedLine, and Vidar. "The videos lure users by pretending to be tutorials on how to download cracked versions of software such as Photoshop, Premiere Pro, Autodesk 3ds Max, AutoCAD, and other products that are licensed products available only to paid ...

THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps

Don't be a victim of 3rd-Party SaaS App breaches - Learn how to protect your business!