It’s 7:30 AM when I check my inbox, and right at the top is an urgent email from Alex, our Chairman of the Board: “I need an update on how we’re stacking up against our competitors on security.” Not just a quick overview—he’s asking for specifics on how our cybersecurity posture compares to our peers, the improvements we’ve made, and a detailed look at our progress since our last board meeting.

The second UpGuard Summit of 2024 kicked off at the end of May, welcoming security professionals from APAC, EMEA, India, and the U.S. to discuss key developments and strategies across the cybersecurity industry. This quarter’s event focused on third-party risk management (TPRM), specifically how security teams can use automation to eliminate manual work and streamline critical TPRM workflows and processes.

Cyjax recently identified a new financially-motivated extortion group going by the name Kairos, which shares data stolen from its victims on a data-leak site (DLS). An alleged spokesperson for the group, named ‘KairosSup’ made a bid on an initial access broker (IAB) listing on a prominent Russian-language cybercriminal forum. It is of note that the spokesperson’s name is likely styled after the representative of prolific ransomware group LockBit, who is called ‘LockBitSupp’.

Crypto staking platforms empower investors to earn passive income through participating in blockchain networks. In recent years, these platforms have evolved from simple validator nodes to sophisticated financial infrastructure, processing billions in staked assets. This shift represents a fundamental change in the cryptocurrency landscape as it moves from pure speculation to productive asset utilization.

Organizations lose $16.2 million annually (up from $15.4 million) due to insider threats. Many businesses still can’t prevent these threats effectively. Malicious or negligent employees continue to risk sensitive data and systems despite strong external security measures. Security professionals must solve a big challenge – protecting against insider threats while keeping operations running smoothly.

The Okta 52-character username vulnerability has brought to light a significant security issue within the popular identity and access management (IAM) platform used by many enterprises worldwide. This vulnerability allows attackers to exploit a username constraint to bypass certain authentication checks, which could have severe implications for businesses relying on Okta’s services for secure user verification and access control.

The GNOME Display Manager (GDM) is a program that facilitates graphical user login for Linux systems using GNOME, running and managing the X.Org display servers for both local and remote logins. The GNOME Display Manager (GDM) is the login graphical user interface (GUI) and manager for the GNOME desktop environment within Linux. GDM runs in the background and is a replacement for X Display Manager (XDM), handling user authentication, and initiating desktop sessions.

A threat actor sends an email to a user at an organization claiming to be from the IT department. They need a password to a critical application, and the email is convincing – it mentions aspects of the application that would only be known to the user, it brings up a recent update email that was sent out company wide, and it even closes with a friendly, “Hope to see at next week’s happy hour!” in the sign-off.

IDATLOADER (aka HIJACKLOADER, GHOSTPULSE) has become prevalent in 2024, using advanced and new techniques such as BPL Sideloading, which Kroll reported on in June. Kroll observes IDATLOADER distributing malware such as ASYNCRAT, PURESTEALER, REMCOS, STEALC and what some might describe as a recent epidemic in LUMMASTEALER infections.

Ask Our Experts In the rapidly evolving world of Kubernetes, managing storage efficiently can be a challenging task. As more organizations adopt Kubernetes for their cloud-native applications, the need for scalable, resilient, and automated storage solutions becomes critical. This is where Rook and Ceph come into play, offering powerful storage capabilities tailored for Kubernetes environments.