August 28, 2024 at 02:04PM Iranian government-sponsored cybercriminals continue to attack US and foreign networks, using VPN and firewall vulnerabilities. The FBI, CISA, and the Department of Defense warn that Pioneer Kitten targets schools, banks, hospitals, and government agencies. Another group, Peach Sandstorm, linked to the Iranian Islamic Revolutionary Guard Corps, employs a new custom … Read more
August 28, 2024 at 05:13AM The threat group Bling Libra, known for the Ticketmaster breach, has evolved its tactics from data theft to extortion-based attacks targeting cloud environments. Using stolen credentials, they infiltrate AWS, exfiltrate data, and demand ransom. Weak authentication practices leave organizations vulnerable, emphasizing the need for multifactor authentication and secure IAM solutions … Read more
August 28, 2024 at 03:03AM Cybersecurity researchers have identified a new QR code phishing campaign using Microsoft Sway to host fake pages, exploiting legitimate cloud services. These attacks have targeted users in Asia and North America, particularly in technology, manufacturing, and finance sectors. The phishing tactic involves tricking users into scanning QR codes to steal … Read more
August 27, 2024 at 11:25AM Jon Clay reviews seven key initial attack vectors and provides proactive security tips to reduce cyber risk across the attack surface amid the rapid expansion of the digital attack surface due to digital transformation and remote work. The vectors include email, web and web applications, vulnerabilities, devices, island hopping, insider … Read more
August 27, 2024 at 10:06AM Data leaks often occur during data processing, threatening industries like finance, healthcare, and government. The implementation of confidential computing can provide secure data processing, supporting regulatory compliance and safeguarding cloud-based infrastructure. It also ensures secure adoption of AI/ML technologies, enhancing data security in response to evolving technological advances. Based on … Read more
August 27, 2024 at 10:05AM A massive QR code phishing campaign exploited Microsoft Sway to host landing pages, targeting Microsoft 365 users primarily in Asia and North America. The attacks dramatically surged in July 2024, contrasting minimal activity in the first half of the year. Tactics included using QR codes to direct users to malicious … Read more
August 25, 2024 at 11:36PM Cyberattacks on critical infrastructure sectors are on the rise in India, with a significant increase in incidents against finance and government systems. The banking and financial sectors consider cybersecurity a top challenge, with concerns about financial stability, data breaches, and the speed of information flow. India is urged to strengthen … Read more
August 22, 2024 at 04:32PM The NSA and international partners released a document outlining best practices for event logging and threat detection against threat actors using living-off-the-land techniques. It emphasizes improving security in cloud services, enterprise networks, and critical infrastructure, and highlights centralized log access, secure storage, and detection strategies for relevant threats. Directed at … Read more
August 22, 2024 at 11:18AM Israeli cybersecurity company Miggo has discovered a vulnerability named “ALBeast” impacting up to 15,000 Amazon Web Services’ (AWS) Application Load Balancer (ALB) users. The issue allows attackers to bypass authentication controls, potentially compromising exposed cloud applications. Amazon has updated its authentication documentation and recommends implementing additional security measures to mitigate … Read more
August 22, 2024 at 06:42AM Continuous Attack Surface Penetration Testing (CASPT) is an advanced security practice involving ongoing, automated penetration testing to identify and mitigate vulnerabilities in an organization’s digital assets. It integrates with the software development lifecycle (SDLC) to ensure real-time vulnerability discovery and validation of security controls. CASPT is proactive, not limited to … Read more