Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Cyberattacks

Featured Post

How Telecommunications Providers Can Best Tackle DDoS Attacks

The UK's 2023 National Risk Register, published by the government in the summer, highlights the increasing cyberthreat posed to telecommunications providers who are a vital part of the communications critical national infrastructure (CNI) sector. The report lays out the volatile landscape these providers operate in and the government's acknowledgement of the seriousness of cyber threats to telecommunications infrastructure. It also details the difficulty in implementing the Telecommunications (Security) Act 2021, which establishes guidelines for telcos to follow.

Only 7% of Organizations Can Restore Data Processes within 1-3 Days After a Ransomware Attack

New data on how organizations are able to respond to ransomware attacks also shows that paying a ransom is highly likely, despite having a policy of “Do Not Pay.” New research from security vendor Cohesity says organizations are overconfident in their ability to recover from a ransomware attack. According to the data: And even if you do have an outstanding recovery plan, when’s the last time you tested it?
Featured Post

Leveraging Threat Intelligence for Regulatory Compliance

The US Government recently announced that state-sponsored Chinese cyber group Volt Typhoon has compromised multiple critical infrastructure organisations' IT networks in the US and is preparing "disruptive or destructive cyber attacks" against communications, energy, transport, water and waste water systems. The announcement, which was supported by national cybersecurity agencies in Australia, Canada, UK, and New Zealand, is a sobering reminder that modern life relies on digital networks. From healthcare, banking, and socialising, to energy, water, local and national government - everything has a digital aspect.

Strengthening small utilities: The power of public-private partnership

In the wake of recent cyber attacks against US water utilities, the vulnerability of local entities dependent on operational technology (OT) has been starkly highlighted. This danger was further emphasized last week when Congress held a hearing titled Securing Operational Technology: A Deep Dive into the Water Sector. Witnesses at the hearing painted a stark picture of the significant cybersecurity risks facing small utility companies today.

Department of Justice disrupts Moobot botnet commandeered by Russian APT28: analysis of attacks against routers and malware samples

On February 15, the US Department of Justice announced “Operation Dying Ember”: the takedown of a botnet controlled by APT28, the Russian military cyber threat actor also known as Fancy Bear. APT28 was previously known for developing the VPNFilter botnet, which targeted routers and network attached storage devices and was also disrupted by the DoJ in 2018.

Top tips: Four ways to protect your organization from increasingly advanced social engineering attacks

Top tips is a weekly column where we highlight what’s trending in the tech world and list ways to explore these trends. This week we’re looking at four ways you can protect yourself from increasingly advanced social engineering attacks.

National Vascular Care Provider Confirms Cyber Attack; 348k Exposures

Azura Vascular Care operates a national network of health and wellness centers. They specialize in minimally invasive procedures and strive to treat vascular conditions in comfortable, out-patient settings. They offer healthcare in 25 states with multiple facilities and specialized teams. At the end of last year (2023), Azura discovered a threat actor within their network environment; officials removed the threat, but not before the criminals obtained 348k patient records.

Lessons to be Learned: Attacks on Higher Education Proliferate

Trustwave SpiderLabs is wrapping up a multi-month investigation into the threats facing the education sector, across higher education, primary and secondary schools. Trustwave will post the 2024 Education Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies report on February 22, but here are a couple of early findings along with a round-up of some of the higher-profile attacks on education targets that have taken place in the last year.

Defending Against OAuth App-Based Attacks on Enterprise SaaS

The phenomenal growth in the adoption of software as a service (SaaS) has prompted enterprises of all sizes to move their critical data to SaaS-based applications. And as attackers tend to follow data to induce a breach, their new area of focus is enterprise SaaS. The recent Midnight Blizzard attack by nation-state actors clearly reinforces the fact that this trend has only just begun.