Cyberthreats continue to evolve, causing trillions of dollars in losses. There will be a 76% increase in cybersecurity breaches by 2024, according to StealthLabs. A report by IBM states that it took an average of 287 days to identify and contain a data breach in 2021. According to Verizon’s 2020 Data Breach Investigations Report, 86% of cybersecurity breaches were financially motivated, and 10% were motivated by espionage.

ManageEngine kicks off the year on a high note as it bags the 2022 Cybersecurity Excellence Awards under various categories. To name a few, ManageEngine has been declared a winner for AD360’s IAM and identity governance (IGA) offerings, Log360’s SIEM and SOAR solutions, and data-centric security.

VPN tunnels are like shipping containers in that they are widely used (especially as the pandemic has moved more of the workforce to remote work), and they can be used to carry traffic for legitimate as well as malicious purposes. Establishing a tunnel between corporate offices, remote workers, or partners to transfer data is a legitimate and common use for VPNs.

With budgets tightening across the board and competition for a limited pool of IT and security talent growing fiercer, cyber as a service providers have become an optimal solution for many companies. Knowing they can count on their partners to focus on specific vectors, internal security teams can concentrate on their core missions. This could be high priority or critical items within security or something totally outside of security.

Appending a malicious file to an unsuspecting file format is one of the tricks our adversaries use to evade detection. Recently, we came across an interesting email campaign employing this technique to deliver the info stealer Vidar malware. First, let’s examine the email delivery mechanism, then go on to take a closer look at the Vidar malware itself. Figure 1: The malicious spam message The messages in this campaign have two things in common.

Read also: Italy’s state railway operator halts ticket sales due to a suspected cyberattack, malicious npm packages target Azure developers, and more.

When it comes time for an employee to leave your organization, you want it to be on friendly terms. But there are definitely limits to how friendly you want folks to be after they leave. Especially when it comes to accessing materials from their old position for their new endeavors. In a recent bizarre case, it was reported that a former acting Department of Homeland Security Inspector General has pleaded guilty to stealing government software and data for use in his own product.

On March 21st, President Biden released a warning about the possibility of Russian cyber warfare attacks against targets in the West as a response to sanctions. This is apparently backed by “evolving intelligence” and specifically mentions American companies and critical infrastructure.

By 2023, over 500 million digital apps and services will be developed and deployed using cloud native approaches. To put that in perspective, more applications will be developed on the cloud in a four-year period (2019-2023) than the total number of apps produced in the past 40 years. Clearly, organizations are buying into the cloud. But the question is: Do they fully understand it? And do they know how to secure the applications they built within it?