2023 was a lucrative year for ransomware actors, with victim organizations paying $449.1 million in the first six months alone. Maintaining this cash stream requires frequent technique shifts, which may be why more attackers are exploiting legitimate software to propagate their malware. Abusing organizations’ existing enterprise tools can help attackers blend in while they’re doing reconnaissance, and also aids them with privilege escalation and persistence.

Excessive access rights increase the risk of cybersecurity incidents. Implementing the principle of least privilege (POPL) can help you significantly limit the attack surface and protect your organization from the financial and reputational losses that may follow a cybersecurity breach. This article aims to reveal the importance of POLP and equip you with the best practices for its effective implementation.

In this digital era, as data is produced and gathered more than ever before, the importance of data security has surged. Given the widespread use of social media, e-commerce, and other online services, individuals are sharing their personal details with numerous entities.

‍We are thrilled to welcome Bob Lyle to Riscosity as our Chief Revenue Officer. Bob is an accomplished executive with extensive GTM experience in scaling software and security companies. He will be responsible for the planning, development, and global execution of our revenue strategy as we continue to evolve our business.

On December 5th, the Cybersecurity and Infrastructure Security Agency (CISA) released an advisory that confirmed the exploitation of CVE-2023-26360 at a Federal Civilian Executive Branch (FCEB) agency by unknown threat actors. Exploiting this vulnerability allowed threat actors to gain access to the FCEB agency network on two separate occasions in June 2023.

During a cyber attack, malicious actors often breach an organization’s perimeter security with tactics like vulnerability exploitation and phishing. Once inside, they attempt to navigate the organization’s network to escalate their privileges and steal or encrypt data—but here they often face sophisticated endpoint detection and response (EDR) systems designed to identify and prevent this type of activity.

‍ The US Securities and Exchange Commission's complaint against SolarWinds and its Chief Information Security Officer (CISO) Tim Brown has sent shockwaves through the cybersecurity community. Solarwinds and Brown have been accused of fraud, the details of which can be found in an extensive 68-page document. ‍ This complaint, in itself a bold move, has been particularly jolting to cyber professionals given the SEC’s July 2023 regulations.

North Korean hackers pose as job seekers and recruiters, the Telekopye Telegram bot enables large-scale phishing scams, and DPRK-aligned threat actors target macOS in two campaigns.

During a recent penetration test on a customer application, I noticed weird interactions between the web front-end and back-end. This would eventually turn out to be a vulnerability called HTTP request smuggling, enabled by the fact that the front-end was configured to downgrade HTTP/2 requests to HTTP/1.1. With the help from my colleague Thomas Stacey, we were able to construct an exploit chain with response queue desynchronization along with traditional HTTP/1.1 request smuggling techniques.

As software becomes increasingly integral to our professional and personal lives, the need to protect information and systems from malicious attacks grows proportionately. One of the critical threats that Python developers must grapple with is the risk of code injection, a sophisticated and often devastating form of cyberattack.