What if your cybersecurity team could jumpstart their threat modeling and red teaming processes with minimal effort? GenAI is making this a reality, offering innovative solutions that augment your team’s capabilities and simplify the most challenging tasks » READ MORE

Deepfake is still in the news, a great report from SecurityHero.io about the State of Deepfake has been released. The conclusion are not too surprising even though quite problematic from a society perspective: pornographic deepfake make for 98% of all deepfake on the internet and 99% of the deepfake targets women! Google has just enhanced their process to remove such pictures/videos from their search results. There is a serious need for some regulations on this, it can have a devastating effect on people especially kids or teenager. As you know, I also strongly believe that social engineering will have a massive boost thanks to deepfake so something must be done.
» READ MORE

On the back of BlackHat and DEFCON a couple of interesting vulnerabilities have been disclosed this week: one related to NTLM disclosure and one that enable a “downgrade” attack on Windows operating system. Microsoft has also disclosed 4 vulnerabilities related to OpenVPN, all mediums but they can be chained together to achieve remote code execution. I still need at some point to write something on this, there is so much FUD on this topic. Maybe I should look at writing a 5-day type of email training on this. Let me know if you think this would be of interest?

Microsoft shared intelligence on activities that indicate that Iran is trying to influence the 2024 US Election. You can find more details here and here. Interestingly enough 2 days later the Trump campaign has shared they have hacked and makes a link to the Microsoft reporting. In Europe, the British Government disclosed that they lost data and their emails were accessed via the Microsoft Midnight Blizzard incident earlier this year. Finally a lot of activities in Russia due to the Ukraine offensive. Gotta keep a close eye on those geopolitics development, you can get in the middle of it without you knowing or doing anything specific.

Believe it or not but there is good news in the world of cyber! Interpol has helped the Singapore authorities to recover up to USD 40 million on behalf of Singapore company that fall for a Business Email Compromise. As a reminder, BEC attacks generated over 2.9 billion loss last year. To put this in perspective it is nearly 3 time the amount of money lost to ransomware!

Identity-based detections are crucial for identifying suspicious activity on unmanaged hosts.

Cloud environment intrusions increased by 75% in 2023.

Adversaries use legitimate remote monitoring and management (RMM) tools to evade detection.

Interactive intrusions increased by 55% year-over-year.

86% of interactive intrusions were attributed to eCrime activity.

eCrime-related intrusions against healthcare increased by 75%.

Technology sector remains the most frequently targeted industry for seven consecutive years.

Cloud environment intrusions increased by 75% in 2023.

Consulting and professional services sector saw a 141% increase in targeted intrusion activity

eCrime-related interactive intrusions against the healthcare sector increased 75%

Deepfake videos online in 2023 total 95,820, a 550% increase since 2019.

Deepfake pornography constitutes 98% of all deepfake videos online.

99% of individuals targeted in deepfake pornography are women.

User-friendly tools have made creating deepfakes accessible to non-experts.

The normalization of deepfake pornography reflects changing societal attitudes toward digital content.

Generative Adversarial Networks (GANs) are central to the advancement and realism of deepfake technology.

The rise in deepfake pornography highlights the need for stronger regulatory measures.

Deepfakes blur the line between creativity and deception, impacting digital trust.