February 21, 2024 at 03:23AM Identity-related threats, such as stolen credentials, pose a growing risk to network security. IBM X-Force and CrowdStrike report a significant increase in cyber attacks using legitimate credentials, with compromise of cloud account credentials being predominant. Meanwhile, phishing attacks remained a leading initial access vector. Adversaries target identities as the easiest … Read more
February 21, 2024 at 12:21AM The IBM X-Force report indicates a decrease in ransomware with a rise in infostealing, cloud service attacks, and critical infrastructure targeting. It details evolving criminal tactics, geopolitical effects, and the looming AI threat. The report also emphasizes the need for cybersecurity preparedness, particularly in securing AI/ML open source software. The … Read more
February 16, 2024 at 05:04PM The increase in data breaches and cyberattacks has made these incidents more visible than ever. Security professionals are reconsidering their security strategies and investments due to heightened focus. Despite deploying various security tools, many organizations lack confidence in their ability to withstand attacks. The threat landscape is evolving, and the … Read more
February 16, 2024 at 06:45AM A Python script called SNS Sender is being utilized to send fraudulent SMS messages through AWS SNS, posing as messages from USPS to trick users into disclosing personal and payment information. The tool leverages AWS SNS to conduct SMS spamming attacks and is linked to a threat actor named ARDUINO_DAS. … Read more
February 15, 2024 at 09:13AM Threat actors are conducting an innovative “smishing” campaign using AWS SNS and a custom script to impersonate the US Postal Service. This abuse of cloud-based messaging platforms reflects a growing trend. The SNS Sender attack lures users with fake USPS notifications to steal personally identifiable information and payment-card details. Businesses … Read more
February 15, 2024 at 03:35AM Cyber criminals are increasingly using ad networks to optimize malware campaigns, making their social engineering attacks more effective. They exploit legitimate ad tech tools to deploy malware, evade detection, and collect analytics on click rates. The HP Wolf Security report also highlights a rise in PDF-based malware delivery and a … Read more
February 14, 2024 at 12:27PM The article “Cyber Risk Management: Bring Security to the Boardroom” emphasizes the critical importance of strategically presenting security controls to the board for better cyber risk management. It delves into navigating the complex landscape of cyber risk, understanding cloud security challenges, and crafting proactive cloud security strategies that communicate effectively … Read more
February 14, 2024 at 07:15AM Summary: The financial services sector faces escalating cybersecurity challenges as cybercriminals employ advanced tactics, AI, and deep fake technology. Recent trends reveal a surge in cyberattacks, data breaches, and state-sponsored threats. Community banks are particularly vulnerable and must address cloud security, ransomware, vendor risk, regulatory compliance, and talent shortages. Proactive … Read more
February 13, 2024 at 09:39AM The PikaBot malware has evolved with significant changes, simplifying its code and network communications, making it more accessible for threat actors. With ongoing development, it remains a significant cyber threat. Additionally, a cloud account takeover campaign targeting Microsoft Azure environments has compromised hundreds of user accounts. Source: Newsroom Cyber Threat/Malware. … Read more
February 13, 2024 at 09:25AM A phishing campaign targeting senior business executives and other high-level roles has seen a spike in compromised accounts, including hundreds of cloud account takeovers and numerous Azure environments affected. The attackers aim to gain access to privileged accounts, steal sensitive data, and manipulate multi-factor authentication methods. Researchers advise vigilance and … Read more