Brand Protection | Breaking Cybersecurity News | The Hacker News

You check that the windows are shut before leaving home. Return to the kitchen to verify that the oven and stove were definitely turned off. Maybe even circle back again to confirm the front door was properly closed. These automatic safety checks give you peace of mind because you know the unlikely but potentially dangerous consequences of forgetting – a break-in, fire, or worse. Your external-facing IT infrastructure deserves the same methodical attention. External Attack Surface Management (EASM) and Digital Risk Protection (DRP) tools provide that same peace of mind for your digital "home," automating the everyday safety checks that prevent costly incidents. Why does the external-facing IT infrastructure need the same care? Just as you secure your physical home prior to leaving, your assets that are exposed to the internet require consistent safety protocols. Think about it this way:  Locking doors = locking down exposed assets, ensuring only authorized access points...

Social engineering attacks have entered a new era—and they're coming fast, smart, and deeply personalized. It's no longer just suspicious emails in your spam folder. Today's attackers use generative AI, stolen branding assets, and deepfake tools to mimic your executives, hijack your social channels, and create convincing fakes of your website, emails, and even voice. They don't just spoof— they impersonate. Modern attackers aren't relying on chance. They're running long-term, multi-channel campaigns across email, LinkedIn, SMS, and even support portals—targeting your employees, customers, and partners. Whether it's a fake recruiter reaching out on LinkedIn, a lookalike login page sent via text, or a cloned CFO demanding a wire transfer, the tactics are faster, more adaptive, and increasingly automated using AI. The result? Even trained users are falling for sophisticated fakes—because they're not just phishing links anymore. They're operations. This Webinar Shows You How to Fight...

Multiple threat actors have been found taking advantage of an attack technique called Sitting Ducks to hijack legitimate domains for using them in phishing attacks and investment fraud schemes for years. The findings come from Infoblox, which said it identified nearly 800,000 vulnerable registered domains over the past three months, of which approximately 9% (70,000) have been subsequently hijacked. "Cybercriminals have used this vector since 2018 to hijack tens of thousands of domain names," the cybersecurity company said in a deep-dive report shared with The Hacker News. "Victim domains include well-known brands, non-profits, and government entities." The little-known attack vector, although originally documented by security researcher Matthew Bryant way back in 2016, didn't attract a lot of attention until the scale of the hijacks was disclosed earlier this August. "I believe there is more awareness [since then]," Dr. Renee Burton, vice pre...

Cato CTRL (Cyber Threats Research Lab) has released its Q2 2024 Cato CTRL SASE Threat Report . The report highlights critical findings based on the analysis of a staggering 1.38 trillion network flows from more than 2,500 of Cato's global customers, between April and June 2024. Key Insights from the Q2 2024 Cato CTRL SASE Threat Report The report is packed with unique insights that are based on thorough data analysis of network flows. The top three insights for enterprises are as follows. 1) IntelBroker: A Persistent Threat Actor in the Cyber Underground During an in-depth investigation into hacking communities and the dark web, Cato CTRL identified a notorious threat actor known as IntelBroker. IntelBroker is a prominent figure and moderator within the BreachForums hacking community and has been actively involved in the sale of data and source code from major organizations. These include AMD, Apple, Facebook, KrypC, Microsoft, Space-Eyes, T-Mobile and the US Army Aviation and Mi...