Security News

How to do that efficiently and effectively is no small task - but with a small investment of time, you can master threat hunting and save your organization millions of dollars. This article offers a detailed explanation of threat hunting - what it is, how to do it thoroughly and effectively, and how cyber threat intelligence can bolster your threat-hunting efforts.

The research shows that cybercriminals continue to barrage organizations with targeted email attacks, and many companies are struggling to keep up. While spear-phishing attacks are low-volume, they are widespread and highly successful compared to other types of email attacks.

In this article, we'll look at another trending acronym - CTEM, which stands for Continuous Threat Exposure Management - and the often-surprising challenges that come along with seeing a CTEM program through to maturity. Continuous Threat Exposure Management is not a technology and you can't go to a vendor in hopes of finding a CTEM solution.

Perception Point's team has identified a 356% increase in the number of advanced phishing attacks attempted by threat actors in 2022. Overall, the total number of attacks increased by 87%, highlighting the growing threat that cyber attacks now pose to organizations.

Government and diplomatic entities in the Middle East and South Asia are the target of a new advanced persistent threat actor named GoldenJackal. The targeting scope of the campaign is focused on Afghanistan, Azerbaijan, Iran, Iraq, Pakistan, and Turkey, infecting victims with tailored malware that steals data, propagates across systems via removable drives, and conducts surveillance.

Regrettably, maintaining secrets has become increasingly challenging, as highlighted by the 2023 State of Secrets Sprawl report, the largest analysis of public GitHub activity. This alarming surge in secrets sprawl highlights the need for action and underscores the importance of secure software development.

Researchers have developed DarkBERT, a language model pretrained on dark web data, to help cybersecurity pros extract cyber threat intelligence from the Internet's virtual underbelly. A team of researchers from Korea Advanced Institute of Science and Technology and data intelligence company S2W has decided to test whether a custom-trained language model could be useful, so they came up with DarkBERT, which is pretrained on dark web data.

The 14-year-old company and single sign-on market share leader announced this month that it is adding a key element of visibility, the Security Center, to its Auth0-powered Okta Customer Identity Cloud. The Security Center dashboard is designed to give near real-time asset visibility to teams focused on customer identity, user experience and security.

A steady increase in cyberattacks and evolving threat landscape are resulting in more organizations turning their attention to building long-term cyber resilience; however, many of these programs are falling short and fail to prove teams' real-world cyber capabilities, according Immersive Labs. The report found that while 86% of organizations have a cyber resilience program, 52% of respondents say their organization lacks a comprehensive approach to assessing cyber resilience.

Several ransomware groups and state-sponsored cyberespionage threat actors are exploiting a vulnerability affecting printing software tools PaperCut MF and PaperCut NG to compromise their targets. The new PaperCut vulnerability, CVE-2023-27350, affects different PaperCut MF and PaperCut NG software, allowing an attacker to bypass authentication and execute arbitrary code with SYSTEM privileges.