Staying ahead of cyberattacks and strengthening your organization’s defenses doesn’t happen overnight and can be hard to accomplish without the right tools and cyber strategies. SecurityScorecard’s Threat Intelligence team hosted a webinar that highlights the importance of threat exposure management, its latest trends, and how to implement this framework into an organization’s cybersecurity plan.

It is notoriously difficult to detect a man-in-the-middle attack. However, these attacks do have some subtle signs, including landing on obviously fake websites and your internet connection mysteriously becoming unreliable. Additionally, man-in-the-middle attacks often happen on open, unencrypted public networks, so it’s very important to be aware of your online environment at all times.

Shadow PC is a Paris-based gaming host with thousands of clients in Europe and the US. Shadow’s service allows video games with high resource consumption to run on old software; this is made possible by Shadow’s ability to open a virtual computer. The virtual computer takes the onus of running games, allowing even incompatible computers to run game software. Shadow PC’s services are cloud-based, which should allow up to 100,000 users to play on their servers simultaneously.

Gaming companies collect data concerning user behavior for a variety of reasons: to inform investment and content decisions, enable game and advertisement personalization, and improve gameplay, to name a few. However, the data available provides a daunting task for those attempting to make use of it, as well as a ripe target for attackers. Effectively utilizing and protecting this data can be a challenge, especially as the volume of gaming data increases over time.

Database security often, and to an organization's detriment, falls between the cracks as security and IT teams scramble to stay on top of daily cyber hygiene tasks and deal with the never-ending problems of running their network. The danger of overlooking their database, or to put it in, say, banking terms – the vault – is this is likely a threat actor's primary target. An organization's database is where IP, credentials, and financial information are stored.

A recent vulnerability tracked as Rapid Reset (CVE-2023-44487) in the HTTP/2 protocol was recently disclosed by researchers and vendors. It was exploited in the wild from August 2023 to October 2023. The issue arises from the HTTP/2 protocol's ability to cancel streams using an RST_STREAM frame, which can be misused to overload servers by initiating and quickly canceling numerous streams, circumventing the server's concurrent stream limit.

As increasing percentages of businesses experience cyberattacks, new data provides details on where the most organizational risk lies. According to U.K. cyber insurer Hiscox’s Cyber Readiness Report 2023, attacks are on the rise: With these increases, how prepared are organizations? According to Hiscox, organizations are spending money on the problem; the median cybersecurity spend is a little over $1.39 million (with enterprises spending $4.9 million).

Even though there are new attack types for cybercriminals, they are still leveraging old-school attack vectors. Why? Because they still work. I cover new attack methods all the time, with recent examples including a sophisticated phishing campaign impersonating Microsoft and an attack last month targeting the Ukrainian military.