CrowdStrike continues to support coverage of MITRE, first through the MITRE ATT&CK® framework and now with the latest findings from the MITRE Center for Threat-Informed Defense (CTID). Today MITRE CTID released a report examining threat trends and patterns frequently used by malicious insiders to exfiltrate data, access confidential information and commit fraud.

As per the Varonis Global Data Risk Report for 2021, 13% of all the files and folders; and 15% of sensitive files in an organization are open to everyone. Further, when it comes to the SMEs, only 16% of them have done thorough cybersecurity posture reviews, and that too after encountering an attack. While organizations across the globe have very little or no preparedness when it comes to cybersecurity, cyberattacks are becoming more and more sophisticated.

Photo by ThisIsEngineering from Pexels Considered one of the largest exploitable vulnerabilities in history, Log4Shell affects many as Log4J is one of the most extensively used logging libraries. An issue that has existed for almost a decade but just recently was discovered, Log4Shell leaves companies vulnerable to the full extent of these attacks. AT&T Alien Labs blogged about the vulnerability back in December 2021, with more technical detail.

Read also: Google and Adobe address zero-day flaws, the US issues an alert over Russian hackers, and more.

Today, I am excited to announce Snyk’s acquisition of Fugue and welcome their team to the Snyk family. The addition of Fugue to Snyk’s platform will allow us to continue our mission to help developers find and fix security issues in the applications they create, by providing visibility into the security of applications and the cloud services they use. But it’s about more than just visibility of the cloud posture.

Magento has been a much used and loved e-commerce platform since its initial release in 2008. One of the things I’ve always loved about Magento is its ability to grow as ecommerce businesses grow. Starting as a self-hosted version (which I’ve used extensively as a developer over the years), Magento now has clear support and management options available via Adobe or third party ecosystem partners.

AvosLocker is a relatively new ransomware written in C++ that was first seen in June 2021. Their business model is ‘Ransomware-as-a-Service’ (RaaS), and even though they have been operating for less than a year now, they’ve been successful overall when it comes to victims. The group openly and publicly tries to recruit new members to its team and operates a TOR leak site, showcasing the latest victims, as all other ransomware groups do.

CloudCasa was built to provide data protection services for Kubernetes and cloud native workloads. As a SaaS backup solution for Kubernetes, CloudCasa was designed from the ground up to be a secure, well-architected, SaaS platform that improves a customer’s security posture against sophisticated cyber-attacks.

The Federal Bureau of Investigation (FBI), Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA), and National Security Agency (NSA) have joined forces to publish a joint warning that Russian hackers have targeted defence contractors to steal sensitive data.