Security News
A threat actor that was previously observed using an open-source network mapping tool has greatly expanded their operations to infect over 1,500 victims. Sysdig, which is tracking the cluster under the name CRYSTALRAY, said the activities have witnessed a 10x surge, adding it includes "Mass scanning, exploiting multiple vulnerabilities, and placing backdoors using multiple security tools."
In the ever-evolving landscape of cybersecurity, cloud security has emerged as a critical concern for organizations worldwide for a few years now. Cloud security is sometimes misunderstood or underestimated.
Retail banking institutions in Singapore have three months to phase out the use of one-time passwords for authentication purposes when signing into online accounts to mitigate the risk of phishing attacks. The decision was announced by the Monetary Authority of Singapore and The Association of Banks in Singapore on July 9, 2024.
Cybersecurity researchers have shed light on a new version of a ransomware strain called HardBit that comes packaged with new obfuscation techniques to deter analysis efforts. "Unlike previous versions, HardBit Ransomware group enhanced the version 4.0 with passphrase protection," Cybereason researchers Kotaro Ogino and Koshi Oyama said in an analysis.
A steady stream of NHI-related breaches is causing some of the chatter surrounding NHI risk to veer into FUD. Given the rate at which NHis are outnumbering human identities - by some reports by as much as 45-to-1 - the hype seems warranted. Because NHIs are commonly used to access sensitive data and services across applications, allowing exposed, unmanaged NHIs to proliferate is akin to leaving all your doors and windows unlocked when you leave your house.
Google appears to be attempting a play for the crown, as it is reportedly poised to acquire infosec upstart Wiz. According to the New York Times and Wall Street Journal, Google is deep in talks to buy Wiz for $23 billion - the largest-ever sum its parent company Alphabet has paid for prey.
Realm is an open-source adversary emulation framework emphasizing scalability, reliability, and automation. It's designed to handle engagements of any size.
The first step to managing data security risks is to identify and understand what data you have. Without this level of data visibility, managing data security risks is impossible, because data has no rules.
Organizations are ramping up their use of encrypted traffic to lock down data. Could they be making it easier to hide threats in the process? On one hand, encryption means enhanced privacy, but it can also make the job of security analysts much harder.
87% of C-Suite executives feel under pressure to implement GenAI solutions at speed and scale, according to RWS. Despite these pressures, 76% expressed an overwhelming excitement across their organization for the potential benefits of GenAI. However, this excitement is tempered by 36% of executives who raised concerns that there is an extreme danger of enterprise resources - which could be better deployed elsewhere - being diverted toward GenAI. 65% of executives see a real risk of an AI backlash in the coming years due to the current hype. Fears aren't limited to employees with our executive survey respondents making it clear that they're genuinely concerned about being left behind in the race to implement GenAI. "Recent advances in GenAI have triggered an innovation race," said Mark Lawyer, GM of Linguistic AI at RWS. "In a bid to be first past the post, there's a real risk of failing to see any value from AI investments. It's critical that business leaders are not reactive or piecemeal, but rigorous and purposeful in their approach."