For several months, the Intelligence & Analytics team at Elastic Security has tracked an ongoing adversary campaign appearing to target Ukranian government officials. Based on our monitoring, we believe Gamaredon Group, a suspected Russia-based threat group, is behind this campaign. Our observations suggest a significant overlap between tactics, techniques, and procedures (TTPs) included within this campaign and public reporting.
It was a successful night for Redscan at the TEISS Awards 2020, with the company receiving honours for two of its key services.
A change is coming for privacy protection. Are you ready? For the past twenty years, most financial services businesses fell under the requirements of the Gramm-Leach-Bliley Act (GLB Act or GLBA). This law federally governed the collection and disclosure of customers’ personal financial information. However, on January 1st, 2020, a new privacy rule—the California Consumer Privacy Act (CCPA)—wentis going into effect.
Having worked with many individuals responding to incidents where their digital private images were shared without consent, social media or email accounts had unauthorised access, and even physical safety was a concern, it is all too familiar how terrifying the unknown can be. As someone who has been on both the victim’s and later the responder’s side, I am qualified to express both the terror and knowledge of things you can do to take back control.
2019 was a big year for Kubernetes adoption, and 2020 is sure to exceed that pace. Already, we have seen a large number of organizations migrating their workloads to Kubernetes (k8s) both in public and private clouds as they embrace a hybrid cloud strategy. With so much at stake, what are you currently using for network security inside your k8s cluster?
Up until now, some of PayPal users’ greatest fears in terms of cybersecurity were phishing scams aimed at obtaining their login credentials. In January of this year, PayPal confirmed a high-severity bug affecting the login form, with PayPal security investigator, Alex Birsan, finding a javascript file with what looked like a CSRF token and a session ID – which makes login information vulnerable to attackers.
Ransomware has been a growing threat in recent years, and experts now estimate the cost of these attacks at $7.5 billion in the USA alone in 2019. The affected institutions include 966 government agencies, educational establishments, and healthcare providers. Since most ransomware attacks stem from a small mistake made by one end user, either through phishing emails or stolen credentials, the threat is only expected to increase in the years to come.
