A browser extension is a small software application designed to enhance the functionality of a web browser. Monitoring the installed browser extensions is crucial for ensuring their secure use within your organization. Browsers typically allow users to install a variety of extensions, including user interface modifications, cookie management, ad blocking, and the custom scripting and...Read More

Receiving an unprompted one-time passcode (OTP) sent as an email or text should be a cause for concern as it likely means your credentials have been compromised. One of the initial components of a cyberattack is the theft of legitimate credentials to corporate networks for data theft, which can be stolen in phishing attacks, credential...Read More

In a recent surge of BazarCall attacks, cybercriminals have adopted a novel approach by utilizing Google Forms to generate and dispatch payment receipts to their unsuspecting victims. This innovative tactic is designed to enhance the perceived legitimacy of the phishing attempt, thereby increasing the likelihood of success. First identified in 2021, BazarCall is a phishing...Read More

A new solution has been introduced to address the essential third-party risk management for Software as a Service (SaaS). This solution aims to help organizations mitigate the risks associated with using SaaS providers, which often must be managed through compensating controls in the customer’s organization. Organizations using SaaS services often have less detailed risk information...Read More

The digital landscape is constantly changing, and it is important to regularly reassess how we protect web environments. While traditional antivirus solutions have their benefits, they are reactive in nature. This means that they are designed to respond to threats after they have already infiltrated a system. As a result, they may not be effective...Read More

Phishing attacks are evolving to become more sophisticated, as cybercriminals invest in new methods to deceive individuals into divulging sensitive information or installing malicious software. One of the recent trends in phishing involves the utilization of QR codes, CAPTCHAs, and steganography. These techniques are employed to carry out attacks and it is important to understand...Read More

When an employee at your organization forgets their password, it typically initiates a frustrating and time-consuming process. The employee usually needs to contact the IT department and wait for a response, leading to decreased work productivity, heightened anxiety, and potential jeopardy to deadlines. However, there are better ways to handle the password reset process, such...Read More

Scopus is an abstract and citation database used by researchers, academics, and institutions to track and analyze scientific literature. The database covers a wide range of disciplines, including science, technology, medicine, social sciences, and arts and humanities. Using Scopus, users can quickly assess the relevance and impact of a particular scientific article through the abstracts...Read More

A new cybercrime operation called ‘SecuriDropper’ has emerged, which uses a method to bypass the ‘Restricted Settings’ feature in Android to install malware on devices and obtain access to Accessibility Services. Restricted Settings is a security feature introduced with Android 13 that prevents side-loaded applications (APK files) installed from outside Google Play to access powerful...Read More

Threat actors are exploiting the ‘Citrix Bleed’ vulnerability, identified as CVE-2023-4966, to focus on governmental, technological, and legal institutions across regions such as the Americas, Europe, Africa, and the Asia-Pacific area. According to findings from Mandiant researchers, there are four continuous campaigns aimed at susceptible Citrix NetScaler ADC and Gateway devices, with these attacks having...Read More