Cyberattacks

What You Can Do to Stop Software Supply Chain Attacks

Aug 24, 2023 By Jeff Martin In Mend

In my previous blog post, I looked at how software supply chain attacks work and what you can do to assess and analyze your security posture. Now, let’s figure out how to use the resultant information to harden your software supply chain against threats.

Read Post

Mend

Read more about What You Can Do to Stop Software Supply Chain Attacks

Akira Ransomware, 8Base Ransomware, and more: Hacker's Playbook Threat Coverage Round-up: August 22, 2023

Aug 22, 2023 By Kaustubh Jagtap In SafeBreach

In this version of the Hacker’s Playbook Threat Coverage round-up, we are highlighting newly added coverage for several recently discovered or analyzed ransomware and malware variants, including Akira ransomware, 8base ransomware, and Rorschach (BabLock) ransomware, amongst others. SafeBreach customers can select and run these attacks and more from the SafeBreach Hacker’s Playbook™ to ensure coverage against these advanced threats.

Read Post

SafeBreach

Read more about Akira Ransomware, 8Base Ransomware, and more: Hacker's Playbook Threat Coverage Round-up: August 22, 2023

9 Steps to Protect Against the Next MOVEit/MFT Attack

Aug 17, 2023 By Trustwave In Trustwave

By now, the facts of the recent MOVEit breach are well known (although the victim total keeps climbing), but it never hurts to be reminded that these attacks do not take place in a vacuum and threat actors are more than happy to repeatedly use the same tactics if their targets remain vulnerable. Trustwave SpiderLabs, has tracked and documented these events explaining how threat actors were found to be exploiting three vulnerabilities, including a zero-day, (CVE-2023-34362, CVE-2023-35036.

Read Post

Trustwave

Read more about 9 Steps to Protect Against the Next MOVEit/MFT Attack

How Software Supply Chain Attacks Work, and How to Assess Your Software Supply Chain Security

Aug 17, 2023 By Jeff Martin In Mend

When it comes to applications and software, the key word is ‘more.’ Driven by the needs of a digital economy, businesses depend more and more on applications for everything from simplifying business operations to creating innovative new revenue opportunities. Cloud-native application development adds even more fuel to the fire. However, that word works both ways: Those applications are often more complex and use open-source code that contains more vulnerabilities than ever before.

Read Post

Mend

Read more about How Software Supply Chain Attacks Work, and How to Assess Your Software Supply Chain Security

Argo Edge from CISO Global Successfully Sustains More than 125,000 Cyberattacks at DEF CON

Aug 16, 2023 By CISO Global In CISO Global

Newly Launched AI-Powered Security Solution Tested by Thousands of Hackers Under Real-World Conditions; Platform Learned from Each Cyberthreat to Continuously Improve.

Read Post

CISO Global

Read more about Argo Edge from CISO Global Successfully Sustains More than 125,000 Cyberattacks at DEF CON

The Role of HR in Managing Employees' Crypto Challenges

Aug 16, 2023 By Makedonka Micajkova In SecuritySenses

Remember when cryptocurrencies were this unconventional trend? Fast forward to today, and we're looking at a much more mainstream form of finance. No stone has been left unturned by the impact of cryptocurrency. They're even offered as part of the benefits packages for employees. And since they're up for it, who better than HR to guide them through the potential challenges?

Read Post

SecuritySenses

Read more about The Role of HR in Managing Employees' Crypto Challenges

Building Resilience Against Living Off the Land Attacks

Aug 16, 2023 By Jessica Amado In Seemplicity

Living Off the Land (LOTL) cyber attacks represent a growing and increasingly sophisticated threat within the cybersecurity landscape. The significance of LOTL attacks extends beyond mere technicalities; they pose substantial risks to global security, influencing everything from corporate stability to national defense mechanisms.

Read Post

Seemplicity

Read more about Building Resilience Against Living Off the Land Attacks

Combatting Cloud Threats: The Accelerated Attack Speed of 2023 (LIVE)

Aug 16, 2023 By Sysdig In Sysdig

Cloud threats are evolving and attackers are moving faster than ever! Join Sysdig’s Michael Clark (Director, Threat Research) and Anna Belak (Director, Office of Cybersecurity Strategy) LIVE on Linkedin, Twitter, and Youtube, as they discuss key findings from Sysdig’s �� . From cloud automation as a weapon to software supply chain vulnerabilities — the annual report authored by Sysdig’s Threat Research Team exposes shocking statistics on the evolving tactics of attackers lurking within the clouds.

View Video

Sysdig

Read more about Combatting Cloud Threats: The Accelerated Attack Speed of 2023 (LIVE)

Protecting Our Communities: Navigating Cyberattacks Against Municipalities and Bolstering Cybersecurity

Aug 14, 2023 By Trustwave In Trustwave

Municipalities are no strangers to cyberattacks, but the introduction and ready availability of malware through ransomware-as-a-service providers has led to an increasing number of attacks against cities and counties. One small sample taken from the past six months revealed that Lowell, Mass., Spartanburg County, S.C. and Suffolk Country, N.Y. were victimized, knocking services offline and causing millions of dollars in recovery costs.

Read Post

Trustwave

Read more about Protecting Our Communities: Navigating Cyberattacks Against Municipalities and Bolstering Cybersecurity

Google's Vertex AI Platform Gets Freejacked

Aug 14, 2023 By Michael Clark In Sysdig

The Sysdig Threat Research Team (Sysdig TRT) recently discovered a new Freejacking campaign abusing Google’s Vertex AI platform for cryptomining. Vertex AI is a SaaS, which makes it vulnerable to a number of attacks, such as Freejacking and account takeovers. Freejacking is the act of abusing free services, such as free trials, for financial gain. This freejacking campaign leverages free Coursera courses that provide the attacker with no-cost access to GCP and Vertex AI.

Read Post