As energy and utilities companies strive to use the edge to innovate new solutions for delivering more efficient and resilient services, cybersecurity risks to carrying out those business missions loom large. Ransomware attackers and other cybercriminals have increasingly found energy and utilities organizations a profitable target, lobbying high-profile attacks in the last few years that have threatened safety and uptime in the process.

Telework has become a mainstay, and with it, so has employee reliance on personal mobile devices. These devices are difficult to monitor and keep up to date, presenting a unique security challenge for U.S. local, state, and federal government organizations.

Supply chain attacks have been on the rise in the last few years, rapidly becoming one of the most dangerous security threats. This article highlights some of the most noteworthy supply chain incidents observed in 2022.

Welcome to the second post in our series on Malicious Software Packages. This post focuses on the infection methods attackers use to spread malicious packages, and how the JFrog Security research team unveiled them.

Have you ever heard the cybersecurity term “dictionary attack”, and wondered what it means? You’re not alone. Here, we’ll break down what a dictionary attack is, and explain what steps you should take to protect yourself from this threat.

As both consumer and commercial banking clients shift to primarily utilize online banking, they still have high expectations that their financial assets will be secure. In 2021, the banking industry reported 703 cyberattack attempts per week — a 53% increase from 2020. And the cost of cyberattacks in the industry has reached $18.3 million annually per breach.

The Guacamaya group is a fairly new hacktivist group based in Latin America. The group was first seen around March 2022 as they released sensitive data of several companies based in Chile, Ecuador, Brazil and Colombia. As mentioned, the group is mainly focusing on LATAM but dabbles every now and then with campaigns in Russia. The group is defined as a data leakage threat group, which means they do not encrypt but only leak the stolen data, often they do it for free.

Read also: Apple fixes yet another iOS zero-day, Iranian atomic energy agency hit by hackers, and more.

On October 5, a cyber incident disrupted the availability of three state government websites. The Russian-speaking KillNet group claimed responsibility. As discussed in previous SecurityScorecard research, KillNet began as a financially-motivated operation offering a botnet for hire. It has since remodeled to a hacktivist collective, conducting a series of relatively low-sophistication DDoS attacks against targets linked to entities perceived to oppose the Russian invasion of Ukraine.