Dune Security

This Women's History Month, Dune Security is proud to celebrate the BRILLIANT women on our team who are making a real impact in cybersecurity for enterprise CISOs and security teams. ?? At Dune Security, we are proud to be the leader in our space, and it all starts with the team we build. Our leadership team has been committed, since day 1, to having substantial female representation on our team across functions and leadership. The culture we are building is sustainable for the massive growth we are experiencing. Every day, the women on our team empower resilient enterprise security teams through User Adaptive Testing, Training, and Security. Their work empowers employees to be proactive defenders against advanced and persistent social engineering attacks, keeping both users and companies secure. Join us in celebrating the incredible women at Dune Security who are working relentlessly to advance enterprise security! ???https://lnkd.in/ejVNiyta #WomensMonth #WomenInCyber #Cybersecurity #DuneSecurity #DiversityInTech #WeAreHiring

?? BEC scams have caused $55B+ in reported global losses. These attacks don’t rely on malware... they rely on manipulation. Attackers impersonate executives, vendors, or partners, using trust, urgency, and AI-driven deception to trick employees into wiring money or sharing sensitive data. ?? How they work: - Attackers spoof emails or compromise accounts to pose as trusted figures. - They create urgent, high-stakes requests to override skepticism. - AI enables scalable, hyper-personalized scams that evade detection. ??Real-world attacks: - $4M stolen from a city housing fund - $46M lost by a Boeing supplier in an executive impersonation attack - $46.7M wired to fake vendors in a highly targeted scam ?? Learn more in our blog: https://lnkd.in/eUka6TxB #Cybersecurity #BEC #SocialEngineering #ThreatIntelligence #AI #DuneSecurity

"There's a life cycle, and it can be a long life cycle—one you may not see in a corporate environment." — Marc Scarborough, CISO at Rice University Unlike corporate environments where employees enter and exit in a defined way, higher ed identities evolve over time: ? A student may return years later as staff ? Alumni, emeritus faculty, and retirees often retain access to resources ? Without proper identity management, institutions risk maintaining duplicate or outdated identities In our latest webinar, Marc explains why higher ed security teams need a long-term approach to identity management to prevent overextended access. Watch the full clip here: https://lnkd.in/eQQX83jP #HigherEdSecurity #CyberSecurity #IdentityManagement #DuneSecurity #AccessControl

Millions of Users Affected as Cyberattack Took X Offline ?? Last week, X (formerly Twitter) suffered a large-scale cyberattack, causing widespread outages across the platform. The Dark Storm Team claimed responsibility, though the true source of the attack remains uncertain as Elon Musk suggested a state actor may have been involved. What happened? - Three major outages, peaking at 40,000 user reports - Suspected DDoS attack flooded X’s servers, disrupting access - Tesla stock dropped 14% amid security concerns surrounding Musk’s companies Read more in our blog: https://lnkd.in/e6aN_4Sa #Cybersecurity #DDoS #XOutage #DarkStorm #ThreatIntelligence #DuneSecurity

North Korean hackers stole $1.5B from Bybit without exploiting a smart contract vulnerability by manipulating UI and human trust. A benign-looking transaction was sent for approval, masking a hidden ownership transfer of Bybit’s multisig cold wallet. Once signed, the attackers gained full control and moved the funds. As security expert Bruce Schneier put it: "This hack sets a new precedent in crypto security by bypassing a multisig cold wallet without exploiting any smart contract vulnerability. Instead, it exploited human trust and UI deception: - Multisigs are no longer a security guarantee if signers can be compromised. - Cold wallets aren’t automatically safe if an attacker can manipulate what a signer sees. - Supply chain and UI manipulation attacks are becoming more sophisticated." Clearly, UI manipulation and social engineering can bypass security controls. The industry needs to move to end-to-end validation for every transaction to detect and stop manipulation before it happens. ?? Full article here: https://lnkd.in/e6N9ZGfR #CryptoSecurity #Cybersecurity #BybitHack #Web3Security #Blockchain #SocialEngineering #DuneSecurity

"The idea of having adaptive ways to adjust to risk in real time is very exciting," says Lorna Koppel, CISO at Tufts University. With so many moving parts in higher education—transient faculty, open networks, and personal devices—static security controls aren’t enough. Universities need real-time risk data to dynamically adjust access, detect threats, and minimize disruptions. ?? https://lnkd.in/eX_j8M8R #CyberSecurity #HigherEducation #AdaptiveSecurity #DuneSecurity #RiskManagement

We had a great time at Car Club Manhattan last night for our Cybersecurity Leader Happy Hour! ?? It was a fantastic evening with industry-leading CISOs, security leaders, an open bar, and an incredible lineup of cars. Huge thanks to CNI Sales, Inc. for co-hosting with us and to all attendees for making it such a success! #CyberSecurity #CISO #Networking #DuneSecurity #NYCTech #CyberCommunity #ClassicCars

"Identity is critical to security, but in higher ed, managing it is especially challenging" - Stephen Safranek, CISO at West Chester University of Pennsylvania Unlike corporations with structured access models, universities must manage users with multiple roles—a professor may also be a student, a researcher, or an administrator. On top of this, adjunct faculty come and go unpredictably, sometimes teaching for half a semester and returning years later. Steve shares how these challenges make it difficult to determine who should have access to what, and for how long. Without the right approach, outdated permissions and overextended access create security risks. ?? https://lnkd.in/expqG8M9 #CyberSecurity #HigherEducation #IdentityManagement #DuneSecurity #AccessControl

Our NYC Cybersecurity Leader Happy Hour is TOMORROW! ?? ?? Last chance to RSVP: https://lu.ma/slz1xet3

AI is making social engineering attacks faster, smarter, and harder to detect. Phishing emails now mirror real conversations, deepfake voices sound exactly like trusted executives, and video impersonations are highly accurate. On top of this, attackers are stacking multiple attacks at once to make their deception more convincing. ?? Read more in our blog: https://lnkd.in/eGjSM3rc #CyberSecurity #AIThreats #SocialEngineering #Phishing #Deepfakes #RiskManagement #BEC #Vishing