On May 20th, 2024, Live Nation, the parent company of Ticketmaster, uncovered "unauthorized activity" within one of its cloud databases. This breach was swiftly followed by the hacker named called ShinyHunters claiming responsibility. The repercussions of this incident are vast, impacting millions of users and revealing significant vulnerabilities in the security infrastructure of one of the world's largest entertainment companies.

IONIX’s Cloud Cross-View (CCV) uses cloud integrations to broaden the scope of attack surface mapping and coverage beyond traditional methods of monitoring. CCV extends asset analysis to consider aspects that are specific to cloud environments. This complements CSPM and CNAPP solutions by enriching them with broader attack surface data obtained through IONIX’s EASM capabilities.

In our global study of the CISA KEV Catalog, we uncovered widespread vulnerabilities and the swift pace at which threats evolve. As we dissect the layers of data from the report, it becomes evident that each country's unique approach to cybersecurity regulation, vulnerability management, and remediation presents distinct challenges and opportunities.

On May 31st, 2024, a Proof of Concept (PoC) exploit and technical analysis were published for a pre-authentication Remote Code Execution (RCE) exploit chain impacting Telerik Report Server, a product by Progress designed for streamlined report management within organizations.

On May 2, 2024, Arctic Wolf Labs began monitoring deployment of a new ransomware variant referred to as Fog. The ransomware activity was observed in several Arctic Wolf Incident Response cases, each exhibiting similar elements. All victim organizations were located in the United States, 80% of which were in the education sector and 20% in the recreation sector. We are sharing details of this emerging variant to help organizations defend against this threat.

Earlier this year we stated that bot attacks can be run by anyone, from skilled individuals to organised gangs. Bots can hit websites for a number of reasons. Common attacks include credential cracking to account takeover, to scalping. These bots have the power and capability to conduct multiple attacks repeatedly. Those actions have long seen standard for bots though, so what is new in the world of bot attacks? What is making these attacks more sophisticated?

Maybe you’re considering AICPA SOC 2 certification? Aikido was recently examined to check that our system and the design of our security controls meet the AICPA’s SOC 2 requirements. Because we learned a lot about SOC 2 standards during our audit, we wanted to share some of the insights that we think might be helpful to someone starting the same process. Read our top tips on becoming ISO 27001:2022 compliant.

In the rapidly evolving landscape of technology, the fusion of Artificial Intelligence (AI) and cybersecurity is creating both exciting opportunities and formidable challenges. The recent breakfast briefing on the historic HMS Belfast served as a critical forum for industry leaders to explore these issues in depth.

While both locker and crypto ransomware are types of ransomware, there is one key difference between the two. The main difference between locker and crypto ransomware is that locker ransomware locks an entire device whereas crypto ransomware only encrypts files and data stored on the infected device. Keep reading to learn more about locker and crypto ransomware and how your organization can prevent these and other ransomware attacks.

SAP recently announced the end-of-life for SAP Identity Manager (IDM). This announcement required SAP to establish guidelines for existing customers to transition away from the platform with other products. One Identity is a leading vendor of choice for this migration due to its well-established market presence and robust SAP solutions support. In this two-part blog series, we will shed some light on how One Identity can seamlessly integrate with SAP products, starting with its certified ABAP connector.