August 8, 2024 at 02:12PM Ann Johnson and Sherrod DeGrippo presented at Black Hat on “Security in the Age of AI.” They tackled the recent CrowdStrike outage and highlighted the community’s response. Microsoft’s focus on collaborating with customers and peers, particularly in combating threat actors like Scattered Spider, was emphasized. The discussion emphasized the importance … Read more
July 11, 2024 at 05:44PM Akira ransomware attackers have shown a significant decrease in the time it takes to steal data, managing to siphon off information from a Latin American airline in just over two hours. Using SSH protocol, the threat actor gained access via an unpatched Veeam backup server and swiftly began exfiltrating data … Read more
May 22, 2024 at 10:04AM Chinese threat actors have advanced anti-analysis techniques using operational relay box networks (ORBs) comprised of virtual private servers and compromised devices. Mandiant reports an increase in their use, prompting defenders to reevaluate traditional threat monitoring methods. ORBs are maintained by private companies or the Chinese government and consist of five … Read more
April 3, 2024 at 10:12AM The Common Vulnerabilities and Exposures (CVE) List managed by MITRE and the National Vulnerability Database (NVD) overseen by NIST are no longer considered a single reliable source of vulnerability information. Challenges include missing vulnerabilities, false positives, and resource limitations. NIST, acknowledging the backlog, is seeking a consortium to improve vulnerability … Read more
January 3, 2024 at 06:08AM Prisma uncovered a critical exploit within an undocumented Google OAuth endpoint, enabling attackers to hijack user sessions and maintain continuous unauthorized access to Google services. The exploit has been integrated into various malware and has continued to evolve, posing a significant threat. CloudSEK has emphasized the need for enhanced cybersecurity … Read more
November 15, 2023 at 08:43AM The cloud security landscape has evolved, with complex multicloud environments becoming more common and attack surfaces expanding. As a result, there is a push for contextualized security that provides visibility, prioritization, and automated alerts. The combination of agentless and agent-based protections is considered the most effective approach. Contextual cloud security … Read more