Developers and cybersecurity have an interesting relationship. Developers have no problem with security operations just as long as they’re not involved or adding security doesn’t slow down their development cycle. Thankfully, well-documented security operations — known as DevSecOps — assist with the software development lifecycle (SDLC) and perform mostly invisibly from the developer’s perspective.

As the threat landscape continues to develop, ransomware and data brokerage groups constantly emerge, develop, and disband. Cyjax observed a relatively high level of data-leak site (DLS) emergence in July 2024, with a total of nine new sites. For reference, the highest observed number of ransomware groups that have emerged in a single month is ten (September 2022).

Endpoints are a continuous target for threat actors. They serve as gateways to the overall network, meaning an attack that starts on a single endpoint can quickly spread across the attack surface. They offer a valuable entry point into an organization’s environment that can be used to launch sophisticated cyber attacks.

Windows Installers (.msi files) are a known vector of malware distribution. Although not quite common, they have been used by threat actors to distribute malware of all sorts. During July 2024, the Cyberint Research Team noticed somewhat of an uptick in the usage of malicious.msi files. Among the various samples we noticed a specific variant of malicious installer being actively used in the wild, disguised as legitimate applications or update installers and targeting Korean and Chinese speakers.

When it comes to managing your cloud infrastructure, picking the right platform can make a big difference in how smooth, scalable, and cost-effective your operations are. Two of the top contenders in this space are OpenStack and VMware. Both offer powerful tools for handling virtualized environments, but they suit different needs and preferences. Knowing the key differences between them is essential to help you make the best choice for your organization’s goals and technical needs.

In a security bulletin on February 19, ConnectWise announced critical vulnerabilities (CVE-2024-1708 & CVE-2024-1709) to its on-premises ScreenConnect product (identified and responsibly reported by one of Kroll’s SOC analysts), allowing attackers to takeover an organization’s ScreenConnect. The vulnerability, trivial to exploit, allows anonymous individuals to a create system admin account on publicly exposed instances of the product.

When it comes to the duration of a ransomware attack and the subsequent recovery process, the numbers are staggering and vary wildly. Partly because there’s no single source which compiles all the information in a consistent manner. On average, a cyber attack can last anywhere from a few days to several weeks, with the recovery time often extending to months or even years.

In the previous blog we covered how to use PGP keys for encrypting and decrypting emails on desktop clients like Thunderbird and Outlook. Now, let's take a look on securing your emails without too much hassle using OpenPGP on webmail services like Gmail using the Mailvelope extension for Google Chrome.

On July 19, 2024, a flawed update in CrowdStrike Falcon's channel file 291 led to a logic error that caused Windows systems to crash, resulting in widespread BSOD (Blue Screen of Death) incidents. The impact was severe, disrupting critical infrastructure globally, from grounded flights to halted public transit systems. In fact, you’d have to have been living under a rock to have missed this incident.

As Large Language Models (LLMs) continue to evolve and become integral to various applications, preserving data privacy remains a crucial concern. Below are fundamental principles and best practices for maintaining data privacy in LLMs.