Are you looking to try a new service to transfer large files of up to 50GB? Then there’s a new player in the file-sharing market that may interest you — Rakuten Drive. In February 2024, Rakuten announced the commercial launch of Rakuten Drive, a file storage cloud service based in Japan. Rakuten Drive allows individuals and enterprises to send large files with customized access controls, store, and edit Microsoft documents.

From late 2023 and into 2024, the ransomware ecosystem has become more diverse than ever, with an ever-expanding cast of extortion groups. Established players continue to compromise large companies globally, while smaller, newer groups are breaking into the scene with increasing frequency. From January to mid-May 2024 alone, 22 new ransomware groups emerged. In comparison, only 22 groups emerged during the entire two-and-a-half-year period between January 2018 and August 2020.

As we near the halfway point of 2024, it is apparent that the epidemic of extortionary cyber attacks will continue unabated into the foreseeable future. Now more than ever, I believe that until organizations adopt cultural approaches to cybersecurity, breaches will continue to wreak havoc on companies and industries.

The software supply chain is increasingly complex, giving threat actors more opportunities to find ways into your system, either via custom code or third-party code. In this blog we’ll briefly go over five supply chain threats and where to find them. For a deeper look to finding these threats, with more specifics and tool suggestions, check out our threat hunting guide.

Many of us in the information security sphere have sat in front of a console and furiously executed various queries while either mumbling internally or externally, with varying levels of stress and frustration: what is going on? When investigating a particular system, an odd event, or a declared incident, we are all attempting to answer this question in one way or another. Detections, documented threat hunts and security operations procedures do not manifest out of thin air.

On May 27, 2024, Check Point released hot fixes for an information disclosure vulnerability being leveraged by threat actors to target Check Point VPNs. This vulnerability was labeled as CVE-2024-24919 and is rated as high severity, as a remote threat actor can exploit the vulnerability to access information on Gateways connected to the Internet, with IPSec VPN, Remote Access VPN or Mobile Access enabled.

Real-world malware 100% protection with zero false positives Elastic Security has achieved remarkable results in the recent AV-Comparatives Malware Protection Test, with a protection rate of 100% and no false positives against real-world malware samples. This independent assessment underscores our commitment to providing world-class malware protection, with zero false positives and zero user impact.

On May 28, 2024, Okta disclosed that the cross-origin authentication feature in Customer Identity Cloud (CIC) is being targeted by credential-stuffing attacks. These attacks involve threat actors using large lists of stolen usernames and passwords to gain unauthorized access to online services. Suspicious activity has been observed starting from April 15, prompting Okta to notify affected customers and provide guidance to mitigate the issue.

Eleven years ago, the White House issued Executive Order 13636, which tasked the National Institute of Standards and Technology (NIST) with the creation of a cybersecurity framework (CSF) that would help better protect the nation’s critical infrastructure.

Filling in some blanks on large scale policy testing with Gusto‘s Nicholaos Mouzourakis.