“A man walks into a bank…” That may sound like the start of a joke but as hacker and security consultant Jayson E. Street tells it, it’s really nothing to laugh at. He’s walked into banks, hotels, government facilities, and biochemical companies all over the world and successfully compromised them.

Good news for organisations who have fallen victim to the notorious Rhysida ransomware. A group of South Korean security researchers have uncovered a vulnerability in the infamous ransomware. This vulnerability provides a way for encrypted files to be unscrambled. Researchers from Kookmin University describe how they exploited an implementation flaw in Rhysida’s code to regenerate its encryption key in a technical paper about their findings.

Andy Thompson, CyberArk Labs Offensive Security Research Evangelist returns to Trust Issues for a deep dive into the recent APT29 breach of Microsoft. In conversation with host David Puner, Thompson explores the intricate details of the January 2024 attack, dissecting the tactics employed by the APT29 threat actor, also known as Cozy Bear, Cozy Car, The Dukes – or, as Microsoft refers to the group: Midnight Blizzard.

More than just introducing XDR today, Cato announced the first XDR solution to be built on a SASE platform. Tapping the power of the platform dramatically improves XDR’s quality of insight and the ease of incident response, leading to faster incident remediation. “The Cato platform gives us peace of mind,” says Shayne Green, an early adopter of Cato XDR and Head of security operations at CloudFactory.

Application Programming Interfaces (APIs) are the backbone of modern software development, enabling seamless communication between various systems and services. As organizations increasingly rely on APIs to power their applications and services, the need for robust API management and monitoring solutions becomes paramount. Capturing API calls and gaining insights into their behavior can significantly enhance the development, troubleshooting, and security of APIs.

Safeguarding data in today’s cyber landscape is no small feat. And with data growing at an explosive rate, more than 65 percent of IT and security leaders surveyed believe their organization’s current data growth is outpacing their ability to secure this data and manage risk, as found in the latest Rubrik Zero Labs State of Data Security report.

Multi-Factor Authentication (MFA) has become a cybersecurity necessity for protecting online accounts. It ensures that only authorized users can access an account. However, when picking an MFA method, some options are more secure than others. An authenticator app is safer than SMS authentication because it generates 2FA codes locally, which prevents cybercriminals from intercepting the codes as they can with SMS.

On January 19, Microsoft issued an advisory disclosing a cybersecurity incident targeting their M365 tenants and attributing the attack to Midnight Blizzard, a state-sponsored actor also known as Nobelium and APT29. Following this, on January 24, the Microsoft team expanded on the initial announcement with a comprehensive blog post providing more insights about the attack and outlining specific tactics, techniques and procedures leveraged by the threat actor.

Azura Vascular Care operates a national network of health and wellness centers. They specialize in minimally invasive procedures and strive to treat vascular conditions in comfortable, out-patient settings. They offer healthcare in 25 states with multiple facilities and specialized teams. At the end of last year (2023), Azura discovered a threat actor within their network environment; officials removed the threat, but not before the criminals obtained 348k patient records.

Trustwave SpiderLabs is wrapping up a multi-month investigation into the threats facing the education sector, across higher education, primary and secondary schools. Trustwave will post the 2024 Education Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies report on February 22, but here are a couple of early findings along with a round-up of some of the higher-profile attacks on education targets that have taken place in the last year.