What Is a Purple Team?In cybersecurity, a purple team is a group that combines offensive red team capabilities with defensive blue team insights to provide a truly collaborative, well-balanced security posture. “Purple teaming” is more than a work group; it should be a philosophy.If you’re familiar with offensive security, red and blue team structures are well known. To review:Red Teams: Perform...

MedusaLocker, the ransomware-as-a-service (RaaS) group that has been active since 2019 is openly recruiting for penetration testers to help it compromise more businesses. As Security Affairs reports, MedusaLocker has posted a job advert on its dark web leak site, which pointedly invites pentesters who already have direct access to corporate networks to make contact."If you don't have access,...

Integrated Risk Management (IRM) unifies siloed risk practices into a cohesive, structured framework, enabling strategic and effective risk oversight.

Learn about MFA fatigue attacks, their signs, risks, and how to protect users from falling victim to this growing cybersecurity threat.

Automated threat hunting refers to the process of using AI, ML, and tools to identify potential cybersecurity threats proactively.

Hackers took advantage of a 0-day to steal ISP customers' credentials, a former Verizon employee pleaded guilty to feeding info to a Chinese spy agency, and more. Get up to speed in this week's Friday Five!

A rise in cyberattacks’ volume and sophistication, lawmakers cracking down on privacy, the rising threats to critical infrastructure, and more. Catch up on these stories and more in this week’s Friday Five!

A recent report said that almost half of data breaches involve an insider element. In this blog we define what constitutes an insider threat and give you nearly 50 examples to help illustrate the threat further.

It seems as if the goal of the breach was to set up copycat merchant pages to divert sales from the originals.

A new lawsuit alleges four attorneys plotted their exit months before they left for a competing firm, then copied and destroyed corporate data.

Forrester, citing the persistence of remote work, predicts that internal incidents will be responsible for 33% of breaches in 2021.

Before resigning, the employee stole company data and created a "superuser" account that let him access the network after he left.

A breach at the popular e-commerce site was linked back to two "rogue" support team employees.

This company protected its sensitive data with biometric thumbprint scanner but still managed to suffer trade secret theft after a former director of research allegedly stole gigabytes of data on its recipes.

Learn about role-based access control (RBAC) in Data Protection 101, our series on the fundamentals of information security.

Federal agents apprehended a former Apple employee last week suspected of stealing intellectual property, including engineering schematics on the company's secret self-driving car technology.

Tesla filed a lawsuit against a former employee this week after it learned he made changes to company source code and exported gigabytes of proprietary data to unknown third parties.

Learn about what an insider threat analyst does, along with how they affect existing procedures, policies, and protection layers in organizations in Data Protection 101, our series on the fundamentals of information security.

Whether malicious or negligent, insider threats pose serious security problems for organizations. Forrester Senior Security Analyst Joseph Blankenship offers some insight into common early indicators of an insider threat.