The business world is changing fast. The shift to hybrid or remote models and the rapid adoption of cloud services are allowing employees to work from anywhere, while giving the companies they work for the chance to increase innovation and stay ahead of their competition. The cybersecurity industry has changed as well, with those same innovations creating new challenges for IT and security teams.

On Wednesday, August 3, 2022, Cisco disclosed two critical-severity vulnerabilities (CVE-2022-20842 and CVE-2022-20827) impacting RV160, RV260, RV340, and RV345 series small business routers. Both vulnerabilities are due to insufficient validation but differ in how they are exploited.

We’re thrilled to announce that 1Password has been included in the Forbes 2022 Cloud 100, the definitive ranking of the top 100 private cloud companies in the world!

Everything that makes employees’ lives easier, makes yours harder. Detecting insider threats — both employees and cybercriminals pretending to be employees — has never been more difficult or more important. The cloud technologies that make everyone else more efficient make security less efficient. They’re noisy. They send a lot of alerts. You’re tired. You’re overworked. You’re overloaded.

My name is Whitney Champion and I'm the lead architect and one of the co-founders of Recon InfoSec. Basically I'm responsible for building and maintaining our security stack, our applications, and also our training platform: The Network Defense Range, or NDR. We're a managed security services provider, and we're based out of Austin, Texas. There are roughly 15 of us and we provide managed detection and response services and training.

With over 200% YoY Growth and used by 100,000+ Organizations globally, Slack has become an indispensable internal communication tool for teams to coordinate their activities. But when it comes to exchanging information and external sources, certain risks are at play that requires more insight and attention. Slack links to various vital systems within many organizations, making it an easy, central access point hackers can use to reach multiple systems.

In Spring 2022, Lincoln College announced that it would permanently close on May 13 and noted that a December 2021 ransomware attack had contributed to its closure.

Is cryptojacking draining your resources and exposing your organization to financial and reputation damage risk? The rise in cryptojacking, which is an illegal form of mining cryptocurrency by the unauthorized use of someone’s computing resources, has reached alarming levels. According to the Google Threat Horizon report, 86% of compromised cloud instances in 2021 were used for cryptomining. That paints the picture quite clearly.

Cryptominers are one of the main cloud threats today. Miner attacks are low risk, low effort, and high reward for a financially motivated attacker. Moreover, this kind of malware can pass unnoticed because, with proper evasive techniques, they may not disrupt a company’s business operations. Given all the possible elusive strategies, detecting cryptominers is a complex task, but machine learning could help to develop a robust detection algorithm.

Creating and running an application in your favorite language is usually pretty simple. After you create your application, deploying it and showing it to the world is also quite straightforward. The last thing you need is someone to take over your system and fully control your brand new application. In this article, I’ll explain how this can happen with a reverse shell attack. Note that the code examples in this article are for educational purposes only.