2023 is a year of “digital forest fires.” The MOVEit and the Barracuda Networks’ email supply chain attacks underscore the massive butterfly effect a single software flaw can have on the threat landscape. Supply chain attacks spread like a forest fire. Once cybercriminals compromise widely used software, attackers gain access to potentially all organizations that use that software.
As the digital landscape expands, organizations are facing a complex challenge: managing access to an ever-growing number of resources, applications, and services. The traditional approach of using identity groups to handle access control is becoming increasingly untenable. So, let's explore the causes behind role explosion and discuss the need for a paradigm shift towards a more scalable and efficient access management strategy.
Assisting with the creation of spear phishing emails, cracking tools and verifying stolen credit cards, the existence of FraudGPT will only accelerate the frequency and efficiency of attacks. When ChatGPT became available to the public, I warned about its misuse by cybercriminals. Because of the existence of “ethical guardrails” built into tools like ChatGPT, there’s only so far a cybercriminal can use the platform.
In the pursuit of advancing security and transparency in the digital asset industry, Fireblocks has published our MPC-CMP code as open source under a limited license, along with the rest of our MPC library. As the demand for digital asset custody, tokenization, and Web3 among retail and financial institutions continues to rise, Fireblocks MPC-CMP has proven to be the most secure and reliable key management protocol.
The Cybersecurity and Infrastructure Security Agency (CISA) just released a report highlighting the most commonly exploited vulnerabilities of 2022. With our role as a reverse proxy to a large portion of the Internet, Cloudflare is in a unique position to observe how the Common Vulnerabilities and Exposures (CVEs) mentioned by CISA are being exploited on the Internet. We wanted to share a bit of what we’ve learned.
The CrowdStrike Falcon® platform recently earned the SE Labs AAA award by delivering 100% attack detection with zero false positives in the Q2 2023 SE Labs Enterprise Advanced Security (EAS) test. The platform achieved perfect scores across every evaluation category. This year’s evaluation presented a unique challenge to testing participants. SE Labs tested solutions to a full kill chain attack, from initial contact through reconnaissance, data exfiltration and lateral action.
There is no such thing as a vacation for cybercriminals. We recently released our top summer cybersecurity travel tips to help keep you safe. Earlier this year, we posted about travel-themed phishing attacks, and Forbes just posted a great reminder about the dangers of sharing your boarding pass on social media. Read below for their advice.
Newly-released research reveals the eye-watering costs that the manufacturing sector has suffered in recent years at the hands of ransomware. The analysis, by Comparitech, looked at 478 confirmed ransomware attacks on manufacturing companies between 2018 and July 2023, in an attempt to determine their true cost.
State-sponsored threat actors continue to exploit legitimate cloud services, and especially one group, the Russian APT29 (also known as Cozy Bear, Cloaked Ursa, BlueBravo, Midnight Blizzard, and formerly Nobelium), seems to be particularly active. Between March and May 2023, security researchers at Recorded Future’s Insikt Group have unearthed a cyber espionage campaign by the same threat actor allegedly targeting government-sector entities in Europe with interest in Ukraine.
