Supply chain attacks are a growing concern, particularly within the financial sector, with attackers increasingly using key technology suppliers as a ‘jumpbox’ to pivot into their intended target organisation. Last year’s MOVEit breach for instance saw a single ICT supplier ultimately cause ~2,356 organisations to be compromised, with primary victims predominantly in the financial sector.

On September 24, 2024, Rackspace, a managed cloud computing company providing cloud hosting, dedicated servers, and multi-cloud solutions, reported an issue with their Rackspace Monitoring product in the ScienceLogic EM7 (ScienceLogic SL1) Portal. Rackspace utilizes the ScienceLogic application as a third-party tool for monitoring certain internal services.

Cybercriminals are targeting educational institutions, attracted by the vast amount of sensitive data they handle: student and employee personal information, research, and intellectual property. With tight technology budgets and often weak defenses, many of these organizations are easy prey for increasingly complex cyberattacks, putting their reputation and operations at risk.

Industry analysis of the domains used behind phishing and brand impersonation attacks show financial institutions are being leveraged at an alarming rate. It’s one thing to see your industry at the top of some “state of” cybersecurity report, but it’s entirely different to learn that 68% of all phishing web pages identified in a single quarter are from your industry. That’s exactly what we find in Akamai’s latest analysis of websites across the Internet.

Large Language Models (LLMs) transform how organizations process and analyze vast amounts of data. However, with their increasing capabilities comes heightened concern about LLM security. The OWASP Top 10 for LLMs offers a guideline to address these risks. Originally designed to identify common vulnerabilities in web applications, OWASP has now extended its focus to AI-driven technologies. This is essential as LLMs are prone to unique LLM vulnerabilities that traditional security measures may overlook.

There are lots of hurdles to jump when trying to set up and maintain a SIEM. Preparing infrastructure and installing the software components, getting logs ingested into the system, parsing and normalizing those log messages properly, configuring alerts for detection, etc. These are all large tasks that require thoughtful planning and a lot of work to get right. But let’s say you’ve managed to clear all those hurdles…in that case, great job!!

Since its debut in 2022, ChatGPT has radically reshaped the way we interact with technology. Generative AI (genAI) platforms like ChatGPT, Google Gemini, and Meta AI have rapidly gained in popularity, offering capabilities that range from rewriting text to generating creative content. While these tools have created new opportunities for enhanced productivity, they’ve also introduced new security risks — particularly when users unknowingly share sensitive information.

Researchers have uncovered a new vulnerability, tracked as CVE-2024-6769, which enables attackers to bypass Windows User Access Control (UAC) and elevate their privileges to gain full system control without triggering any alerts. This exploit, affecting Microsoft’s Windows platform, has sparked debate about whether UAC truly acts as a security boundary. While Microsoft does not classify this as a vulnerability, security experts warn organizations to be vigilant about the risks involved.

Recently, AWS expanded the scope of their AWSCompromisedKeyQuarantine policies (v2 and v3) to include new actions. This policy is used by AWS to lock down access keys that they suspect have been compromised. A common example of this process in action is when AWS automatically applies the quarantine policy to any keys found by scanning public GitHub repositories. This proactive protection mechanism can stop compromises before they happen.