Researchers from ESET have shed light on a new macOS backdoor, discovered in April 2022, dubbed CloudMensis. At first glance this is just the latest example of spyware targeting the Apple operating system with the intent of exfiltrating documents, keystrokes, and screen captures. However, as the name suggests, one of the interesting features of this malware is a sophisticated two-stage kill chain that exploits legitimate cloud services in different phases of the attack.

Zero trust network access (ZTNA) has become a hot topic and a popular IT project. Here are some of the reasons why: First, organizations are beginning to pursue a zero trust strategy and ZTNA is the first logical step towards a zero trust security program. Second, remote or hybrid work is here to stay. And as a result, now is the time to replace your legacy remote access VPN with a modern anywhere secure access solution for the long term.

The number and severity of cyber-attacks are increasing with time. For that, the international industry standards and government authorities aim to regulate cybersecurity by enforcing more strict cybersecurity compliance criteria.

The typical life of a consultant working in the field of governance, risk and compliance is often not deeply technical, but we have to be aware of new technology and the risks it poses; this is very true when it comes to Cloud, and with the massive adoption of Cloud as the vast majority of organizations now use cloud services on some level.

The Arctic Wolf team is having a great time in Boston at AWS re:Inforce 2022. What a wonderful show! It has been thrilling to connect with industry leaders and AWS experts from across the world–and it was equally thrilling for us to announce that Arctic Wolf has achieved the newly introduced Level 1 MSSP specialization in Digital Forensics Incident Response (DFIR).

I am very pleased and proud to share the big news that Devo is now an AWS Security Competency Partner. This is a significant milestone for Devo and it’s important for our current and future customers and partners. This designation validates that Devo has successfully met AWS’s technical and quality requirements for providing customers with a deep level of expertise in threat detection and response.

Higher education institutions have long been subjected to ransomware and other cyber attacks, which has had a huge impact on their operations. In 2020 alone, ransomware attacks affected nearly 1,700 U.S. schools, colleges and universities – which is an increase of 100% over the previous year. The average cost of these attacks were $2.73 million in downtime, repairs and lost opportunities.

A possible method of attacking your code base is a bit of social engineering that involves using open source to report potential bugs in software that provides reproduction applications. These applications can include malicious code that can compromise your software and applications. In the blog post, we’ll briefly look at why and how they operate, and how to mitigate this practice.

In Tim Hinrich’s prior blog titled the Three-Body Problem for Policy, he dives into the interconnected relationship between policy, data and software. He identifies a key consideration when using OPA — that “policies can only be evaluated when provided with the correct data.” The full blog is well worth the read to better understand the role of data and its correctness in your policy implementation.

As described in Splunk Vulnerability Disclosure SVD-2022-0624, there is a list of SPL (Search Processing Language) commands that are classified as risky. This is because incorrect use of these risky commands may lead to a security breach or data loss. As a precautionary measure, the Splunk Search app pops up a dialog, alerting users before executing these commands whenever these commands are called.