The specter of cybercrime continues to grow, with losses soaring to $12.5 billion in 2023, according to the recently released Internet Crime Report by the FBI's Internet Crime Complaint Center (IC3). The revelations underline an alarming surge in cybercrime, affecting both business and personal interests alike, with the main attack vectors being investment fraud, business email compromises and an increased surge of ransomware attacks on nearly every critical infrastructure sector.

The construction of a more cyber resilient European Union (EU) took a remarkable step forward this past week as negotiators from the European Parliament and the European Council reached a provisional agreement on the proposed Cyber Solidarity Act. Proposed last year, the Cyber Solidarity Act is composed of three key pillars that seek to crack the daunting challenge of detecting, preparing for, and responding to cybersecurity threats and incidents that shake up the security sphere.

Using security tools to monitor activities on IP based endpoints and the resulting changes that occur pose one of the most formidable challenges to security and regulatory compliance efforts, thanks to its potential to disrupt established security measures and protocols. Compliance frameworks, such as PCI DSS and NIST 800-53/SI-7, require organizations in every sector to maintain a consistent and secure environment to meet regulatory standards. Integrity is a foundational piece of this puzzle.

Historically, cyber-attacks were labor-intensive, meticulously planned, and needed extensive manual research. However, with the advent of AI, threat actors have harnessed their capabilities to orchestrate attacks with exceptional efficiency and potency. This technological shift enables them to execute more sophisticated, harder-to-detect attacks at scale.

The Sysdig Threat Research Team (TRT) discovered a malicious campaign using the blockchain-based Meson service to reap rewards ahead of the crypto token unlock happening around March 15th. Within minutes, the attacker attempted to create 6,000 Meson Network nodes using a compromised cloud account. The Meson Network is a decentralized content delivery network (CDN) that operates in Web3 by establishing a streamlined bandwidth marketplace through a blockchain protocol.

Developers are frequently tasked with working with multiple tools in the cloud-native era. Each of these tools plays a crucial role in the application life cycle, from development to deployment and operations. However, the sheer variety and diversity of these tools can increase the likelihood of errors or the accidental inclusion of critical vulnerabilities and misconfigurations.

In today’s hybrid working environment, the software as a service (SaaS) apps employees use, and security service edge (SSE) solutions organizations use to secure it are dynamic and distributed. You sometimes need to deal with complex user experience issues without clear visibility into where they originate. Let’s take a look at some increasingly common situations and explore some proven ways IT leaders are regaining control.

Phishing remains an ever persistent and grave threat to organizations, serving as the primary conduit for infiltrating network infrastructures and pilfering valuable credentials. According to an FBI report phishing is ranked number 1 in the top five Internet crime types. Recently, the Cato Networks Threat Research team analyzed and mitigated through our IPS engine multiple advanced Phishing Kits, some of which include clever evasion techniques to avoid detection.

Australia’s Data Privacy Landscape is EVOLVING QUICKLY In February 2023, the Australian government released the results of a two-year review of the 1988 Data Privacy Act. This was followed by a response in September, authored by Attorney General Mark Dreyfus, that agreed to 38 of the 116 recommendations and a further 68 ‘in principle’.

The importance of security awareness It’s well worth taking the time to craft a meaningful and engaging security awareness program. By presenting the right mix of information to your users in a compelling way, you can empower them to help you improve your organization’s security posture as well as create a more robust security culture overall. The cybersecurity topics that you include in your program should be relevant to your business and industry, of course.