Security News

This can’t be a real bomb threat: you've called a modem, not a phone
2023-01-13 07:29

So Don was rather surprised one day to hear a phone ringing as he stalked the racks, because the kit there was dedicated to modems. "The caller only said 'BOMB. BOMB. BOMB.' with a strong Irish accent," don recalled.

New Analysis Reveals Raspberry Robin Can be Repurposed by Other Threat Actors
2023-01-11 17:35

A new analysis of Raspberry Robin's attack infrastructure has revealed that it's possible for other threat actors to repurpose the infections for their own malicious activities, making it an even more potent threat. Raspberry Robin, attributed to a threat actor dubbed DEV-0856, is malware that has increasingly come under the radar for being used in attacks aimed at finance, government, insurance, and telecom entities.

Top SaaS Cybersecurity Threats in 2023: Are You Ready?
2023-01-09 07:56

SaaS applications are often multi-tenanted, so your applications need to be secure against attacks where one customer could access the data of another customer, such as logic flaws, injection flaws, or access control weaknesses. Security testing with an automated vulnerability scanner in combination with regular pentesting can help you design and build secure web applications by integrating with your existing environment, catching vulnerabilities as they're introduced throughout the development cycle.

How to prioritize effectively with threat modeling
2023-01-06 17:02

Review and manage your consent Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the "Your Consent Options" link on the site's footer.

The DevSecOps approach to cloud native threat detection and response
2023-01-05 04:30

Every SOC on the planet is grappling with the challenges of integrating detection techniques and response processes for public cloud computing. This presentation by Rich Mogull, SVP Cloud Security at FireMon, delves into the details with a framework for modernizing response operations, combined with technical details and examples.

FIN7 threat actor updated its ransomware activity
2022-12-27 17:53

FIN7 is a threat actor that mostly focuses on stealing financial information, but it also sells sensitive information stolen from companies. FIN7 started using ransomware in 2020, being affiliates of a few of the most active ransomware groups: Sodinokibi, REvil, LockBit and DarkSide.

2022 Top Five Immediate Threats in Geopolitical Context
2022-12-26 12:20

As we are nearing the end of 2022, looking at the most concerning threats of this turbulent year in terms of testing numbers offers a threat-based perspective on what triggers cybersecurity teams to check how vulnerable they are to specific threats. These are the threats that were most tested to validate resilience with the Cymulate security posture management platform between January 1st and December 1st, 2022.

Threat predictions for 2023: From hacktivism to cyberwar
2022-12-23 04:00

When it comes to 2023 threat predictions, Trellix anticipates spikes in geopolitically motivated attacks across Asia and Europe, hacktivism fueled by tensions from opposing political parties, and vulnerabilities in core software supply chains. "Analyzing current trends is necessary but being predictive in cybersecurity is vital. While organizations focus on near-term threats, we advise all to look beyond the horizon to ensure a proactive posture," said John Fokker, Head of Threat Intelligence, Trellix.

Cisco Talos report: Threat actors use known Excel vulnerability
2022-12-22 18:25

Microsoft Office files, particularly Excel and Word files, have been targeted by some cybercriminals for a long time. As exposed in new research from Cisco Talos, threat actors might leverage event handling functions in Excel files in order to automatically launch.

The Era of Cyber Threat Intelligence Sharing
2022-12-22 12:39

As the internet continues to expand and connect more people and devices than ever before, the need for effective cyber threat intelligence sharing has never been greater. In today's interconnected world, a threat to one organization can quickly become a threat to many others, making it essential for businesses and other organizations to share information and work together to stay safe online.